Create Interactive Tour

Windows Analysis Report
usbcg2dkfw1113_2_versionsfx.exe

Overview

General Information

Sample Name:usbcg2dkfw1113_2_versionsfx.exe
Analysis ID:561713
MD5:56eef90c94ae310977c87990ae122903
SHA1:b2e1d085d3b95cb734d2975793b9e23cfeda969e
SHA256:553a3365bd7aeb1f4dbe16b501c8c58586ac9dfbb23b98ffef71ab6d07e21cf8
Infos:

Detection

Score:28
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Drops certificate files (DER)
PE file contains strange resources
Drops PE files
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates driver files
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Contains long sleeps (>= 3 min)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may be VM or Sandbox-aware, try analysis on a native machine
Sample searches for specific file, try point organization specific fake files to the analysis machine
  • System is w10x64
  • usbcg2dkfw1113_2_versionsfx.exe (PID: 5616 cmdline: "C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe" MD5: 56EEF90C94AE310977C87990AE122903)
    • conhost.exe (PID: 5640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • FWUpdateTool.exe (PID: 752 cmdline: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exe MD5: 883996E63DCBE30B206A0B2C463EC676)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched

Click to jump to signature section

Show All Signature Results
Source: usbcg2dkfw1113_2_versionsfx.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\DP_A2\VmmUpdateTool_readme.txtJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\Readme_SilentMode.docJump to behavior
Source: usbcg2dkfw1113_2_versionsfx.exeStatic PE information: certificate valid
Source: Binary string: e:\views\kys_training\software\products\usb_serial\host\windows\cyusbserial_dll\cyusbserial\bin\Release\cyusbserial.pdb source: cyusbserial.dll0.0.dr
Source: Binary string: D:\Program\VC++\memory\x64\Release\Memory.pdb source: Memory_x64.exe.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\tools\gs_support\kmodecld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\tools\gs_support\kmode\i386 -Id:\w7rtm\minkernel\tools\gs_support\kmode -Id:\w7rtm.public.x86fre\ddk\inc -Io:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090713-1255 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W3 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TC -Xsrc.\gs_support.cpdbd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb" source: cyusb3.pdb8.0.dr
Source: Binary string: c:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: cwdC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\srcexeC:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\link.exepdbC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x64\cyusb3.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\tools\gs_support\kmodecld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\tools\gs_support\kmode\i386 -Id:\w7rtm\minkernel\tools\gs_support\kmode -Id:\w7rtm.public.x86fre\ddk\inc -Io:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090713-1255 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W3 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TC -Xsrc.\gs_report.cpdbd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb" source: cyusb3.pdb8.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyio.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb: source: cyusb3.pdb8.0.dr
Source: Binary string: WdfCoInstaller01011.pdb source: WdfCoinstaller01011.dll5.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyioctl.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdbJ source: cyusb3.pdb8.0.dr
Source: Binary string: d:\wbrtm\minkernel\tools\gs_support\kmodefastfail\vc110.pdb source: cyusb3.pdb4.0.dr, cyusb3.pdb5.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cydevice.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb> source: cyusb3.pdb8.0.dr
Source: Binary string: -Fdd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\tools\gs_support\kmode\i386 -Id:\w7rtm\minkernel\tools\gs_support\kmode -Id:\w7rtm.public.x86fre\ddk\inc -Io:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090713-1255 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W3 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TC -X source: cyusb3.pdb8.0.dr
Source: Binary string: WdfCoInstaller01011.pdbL source: WdfCoinstaller01011.dll5.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x86\cyusb3.pdb source: cyusb3.pdb2.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyfileio.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb2 source: cyusb3.pdb8.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyinterruptep.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stubcld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\i386 -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\public -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\km -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\km -Id:\w7rtm\minkernel\wdf\framework\kmdf\inc\private -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc\kmdf\private -Io:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090710-1945 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DFX_CORE_KERNEL_MODE=1 -DFX_CORE_USER_MODE=2 -DEVENT_TRACING -DFX_CORE_MODE=1 -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -DRUN_WPP -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W4 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -D_WIN2K_COMPAT_SLIST_USAGE -D__WDF_MAJOR_VERSION=0x01 -D__WDF_MINOR_VERSION=0x009 -D__WDF_BUILD_NUMBER=7600 -D__WDF_MAJOR_VERSION_STRING=01 -D__WDF_MINOR_VERSION_STRING=009 -DWIN9X_COMPAT_SPINLOCK -DNTSTRSAFE_LIB -DIMPORT_NATIVE_DBG_BREAK -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TP -Xsrc.\inittypes.cpppdbd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb& source: cyusb3.pdb8.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8.1Release\x86\cyusb3.pdb source: cyusb3.pdb4.0.dr
Source: Binary string: C:\Test\TeAccess_x86\Win8Release\Access32.pdb source: Access32.sys.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcexeC:\WINDDK\7600.16385.0\bin\x86\x86\link.exepdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\cyusb3.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8Release\x64\vc120.pdb source: cyusb3.pdb5.0.dr
Source: Binary string: cwdd:\5359\minkernel\crts\crtw32\misc\ntcld:\5359\tools\x86\amd64\cl.EXEcmd-Fod:\5359.obj.amd64fre\minkernel\crts\crtw32\misc\nt\objfre\amd64\ -FC -MT -Id:\5359\minkernel\crts\crtw32\misc\nt\amd64\ -Id:\5359\minkernel\crts\crtw32\misc\nt -Id:\5359\minkernel\crts\crtw32\misc\h -Id:\5359\minkernel\crts\crtw32\h -Id:\5359\minkernel\crts\crtw32\misc\amd64 -Id:\5359.public.amd64fre\internal\minwin\priv_sdk\inc -Id:\5359.obj.amd64fre\minkernel\crts\crtw32\misc\nt\objfre\amd64 -Id:\5359\minkernel\inc -Id:\5359.obj.amd64fre\minkernel\inc\objfre\amd64 -Id:\5359.public.amd64fre\internal\minkernel\inc -Id:\5359.public.amd64fre\oak\inc -Id:\5359.public.amd64fre\sdk\inc -Id:\5359.public.amd64fre\internal\minwin\sdk\inc -Id:\5359.public.amd64fre\internal\minwin\inc -Id:\5359.public.amd64fre\internal\minwin\priv_sdk\inc -Id:\5359.public.amd64fre\sdk\inc\crt -D_WIN64 -D_AMD64_ -DAMD64 -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090430-2045 -D__BUILDMACHINE__=win7_wdk -DNDEBUG -D_NTSUBSET_ -DNT_BUILD -D_CRTBLD -DWINHEAP -D_SYSCRT -D_MBCS -D_MB_MAP_DIRECT -D_KANJI -D_QSORT_DO_VALIDATE=1 -D_NTSYSTEM_ -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -c -Zc:wchar_t- -Zl -Zp8 -Gy -W3 -WX -d1import_no_registry -EHs -EHc -GR- -GF -GS -Ox -Os -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -typedil- -wd4603 -wd4627 -FId:\5359.public.amd64fre\sdk\inc\warning.h -FId:\5359.public.amd64fre\internal\Base\inc\warning_x.h -TC -Xsrc..\amd64\gshandler.cpdbd:\5359\minkernel\crts\crtw32\misc\nt\vc90.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: d:\wbrtm\minkernel\tools\gs_support\kmode\vc110.pdb source: cyusb3.pdb2.0.dr, cyusb3.pdb1.0.dr
Source: Binary string: d:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: c:\users\nickliao\desktop\lenovo\addfilter_20190725\addfilter_src\objfre_win7_x86\i386\addfilter.pdb source: remfilter86.exe.0.dr
Source: Binary string: DpInst.pdbG source: DPInst.exe2.0.dr, DPInst.exe0.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x64\cyusb3.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: DpInst.pdbH source: dpinst.exe3.0.dr, dpinst.exe5.0.dr
Source: Binary string: ..\amd64\amdsecgs.asm..\amd64\memset.asm..\amd64\gshandler.cd:\5359\minkernel\crts\crtw32\misc\nt\vc90.pdbC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x64\cyusb3.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: d:\5359\minkernel\crts\crtw32\misc\nt\vc90.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x64\vc120.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8Release\x64\cyusb3.pdb source: cyusb3.sys7.0.dr, cyusb3.pdb5.0.dr
Source: Binary string: d:\w8rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc100.pdb source: cyusb3.pdb2.0.dr, cyusb3.pdb4.0.dr, cyusb3.pdb1.0.dr, cyusb3.pdb5.0.dr
Source: Binary string: \inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyscript.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb6 source: cyusb3.pdb8.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\tools\gs_support\kmodecld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\tools\gs_support\kmode\i386 -Id:\w7rtm\minkernel\tools\gs_support\kmode -Id:\w7rtm.public.x86fre\ddk\inc -Io:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090713-1255 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W3 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TC -Xsrc..\i386\secchk.cpdbd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb> source: cyusb3.pdb8.0.dr
Source: Binary string: \shihw\Desktop\Gen2\FWUpdateTool - 2021_12_16\FWUpdateTool\obj\Release\FWUpdateTool.pdb source: FWUpdateTool.exe
Source: Binary string: c:\Users\NickLiao\Desktop\Lenovo\SilentMode_Interface_20180529\Release\HubInterface.pdb source: HubUpgradeDriverFW.exe.0.dr
Source: Binary string: e:\views\kys_training\software\products\usb_serial\host\windows\cyusbserial_dll\cyusbserial\bin\Release\cyusbserial.pdb$ source: cyusbserial.dll0.0.dr
Source: Binary string: c:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\cyusb3.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: E:\WORK\Hub\!other\ConsoleMode_Interface_20180529\Release\HubInterface.pdb source: HubAddFilterDriver.exe.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stubcld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\i386 -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\public -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\km -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\km -Id:\w7rtm\minkernel\wdf\framework\kmdf\inc\private -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc\kmdf\private -Io:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090710-1945 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DFX_CORE_KERNEL_MODE=1 -DFX_CORE_USER_MODE=2 -DEVENT_TRACING -DFX_CORE_MODE=1 -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -DRUN_WPP -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W4 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -D_WIN2K_COMPAT_SLIST_USAGE -D__WDF_MAJOR_VERSION=0x01 -D__WDF_MINOR_VERSION=0x009 -D__WDF_BUILD_NUMBER=7600 -D__WDF_MAJOR_VERSION_STRING=01 -D__WDF_MINOR_VERSION_STRING=009 -DWIN9X_COMPAT_SPINLOCK -DNTSTRSAFE_LIB -DIMPORT_NATIVE_DBG_BREAK -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TP -Xsrc.\stub.cpppdbd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyiso.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb: source: cyusb3.pdb8.0.dr
Source: Binary string: DpInst.pdb source: DPInst.exe2.0.dr, DPInst.exe0.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.dr
Source: Binary string: cwdC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\srcexeC:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\link.exepdbC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x86\cyusb3.pdb source: cyusb3.pdb2.0.dr
Source: Binary string: devcon.pdb source: devcon.exe0.0.dr
Source: Binary string: -Fdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\i386 -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\public -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\km -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\km -Id:\w7rtm\minkernel\wdf\framework\kmdf\inc\private -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc\kmdf\private -Io:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090710-1945 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DFX_CORE_KERNEL_MODE=1 -DFX_CORE_USER_MODE=2 -DEVENT_TRACING -DFX_CORE_MODE=1 -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -DRUN_WPP -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W4 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -D_WIN2K_COMPAT_SLIST_USAGE -D__WDF_MAJOR_VERSION=0x01 -D__WDF_MINOR_VERSION=0x009 -D__WDF_BUILD_NUMBER=7600 -D__WDF_MAJOR_VERSION_STRING=01 -D__WDF_MINOR_VERSION_STRING=009 -DWIN9X_COMPAT_SPINLOCK -DNTSTRSAFE_LIB -DIMPORT_NATIVE_DBG_BREAK -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TP -X source: cyusb3.pdb8.0.dr
Source: Binary string: d:\wm\minkernel\crts\crtw32\misc\nt\vc110.pdb source: cyusb3.pdb2.0.dr, cyusb3.pdb4.0.dr, cyusb3.pdb1.0.dr, cyusb3.pdb5.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stubcld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\i386 -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\public -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\km -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\km -Id:\w7rtm\minkernel\wdf\framework\kmdf\inc\private -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc\kmdf\private -Io:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090710-1945 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DFX_CORE_KERNEL_MODE=1 -DFX_CORE_USER_MODE=2 -DEVENT_TRACING -DFX_CORE_MODE=1 -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -DRUN_WPP -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W4 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -D_WIN2K_COMPAT_SLIST_USAGE -D__WDF_MAJOR_VERSION=0x01 -D__WDF_MINOR_VERSION=0x009 -D__WDF_BUILD_NUMBER=7600 -D__WDF_MAJOR_VERSION_STRING=01 -D__WDF_MINOR_VERSION_STRING=009 -DWIN9X_COMPAT_SPINLOCK -DNTSTRSAFE_LIB -DIMPORT_NATIVE_DBG_BREAK -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TP -Xsrc.\classbind.cpppdbd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb* source: cyusb3.pdb8.0.dr
Source: Binary string: ..\amd64\amdsecgs.asm..\amd64\memset.asmC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8Release\x64\cyusb3.pdb source: cyusb3.pdb5.0.dr
Source: Binary string: c:\Users\NickLiao\Desktop\Lenovo\SilentMode_Interface_20180529\Release\HubInterface.pdb! source: HubUpgradeDriverFW.exe.0.dr
Source: Binary string: d:\w8rtm\minkernel\crts\crtw32\misc\nt\vc100.pdb source: cyusb3.pdb5.0.dr
Source: Binary string: .\cyscript.cc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb.\cyfileio.c.\cyiso.c.\cyinterruptep.c.\cyioctl.c.\cypnppower.c.\cyio.c.\cydevice.c.\cyentry.c..\i386\secchk.cd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb.\gs_support.c.\gs_report.c.\stub.cppd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb.\classbind.cpp.\inittypes.cppc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\cyusb3.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: E:\WORK\Hub\!other\ConsoleMode_Interface_20180529\Release\HubInterface.pdb! source: HubAddFilterDriver.exe.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x86\vc120.pdb source: cyusb3.pdb2.0.dr
Source: Binary string: cwdC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\srcexeC:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\link.exepdbC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8.1Release\x86\cyusb3.pdb source: cyusb3.pdb4.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyentry.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb6 source: cyusb3.pdb8.0.dr
Source: Binary string: C:\Project\Application\PriusTool\UpdateTool_Standalone\UpdateTool.pdb source: VmmUpdateTool.exe0.0.dr
Source: Binary string: C:\Users\shihw\Desktop\Gen2\FWUpdateTool - 2021_12_16\FWUpdateTool\obj\Release\FWUpdateTool.pdb source: FWUpdateTool.exe, 00000007.00000000.399232570.0000000000892000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cypnppower.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: cwdC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\srcexeC:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\link.exepdbC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8Release\x64\cyusb3.pdb source: cyusb3.pdb5.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8.1Release\x86\vc120.pdb source: cyusb3.pdb4.0.dr
Source: Binary string: Aic:\users\nickliao\desktop\lenovo\addfilter_20190725\addfilter_src\objfre_win7_x86\i386\addfilter.pdb source: remfilter86.exe.0.dr
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_00401988 FindFirstFileW,FindClose,0_2_00401988
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_004019B4 wcslen,wcscpy,wcscpy,FindFirstFileW,GetLastError,wcscmp,wcscmp,wcscpy,wcscat,SetFileAttributesW,GetLongPathNameW,GetLastError,FindNextFileW,GetLastError,FindClose,RemoveDirectoryW,GetLastError,0_2_004019B4
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Audio\Jump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Audio\FWU.batJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Jump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: cyusb3.sys7.0.dr, Access32.sys.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: cyusb3.sys7.0.dr, Access32.sys.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: Access32.sys.0.drString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: Access32.sys.0.drString found in binary or memory: http://s.symcd.com0_
Source: cyusb3.sys7.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: cyusb3.sys7.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: http://sf.symcb.com/sf.crt0
Source: cyusb3.sys7.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: http://sf.symcd.com0&
Source: Access32.sys.0.drString found in binary or memory: http://sw.symcb.com/sw.crl0f
Source: Access32.sys.0.drString found in binary or memory: http://sw.symcd.com0
Source: Access32.sys.0.drString found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: cyusb3.sys7.0.dr, Access32.sys.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: cyusb3.sys7.0.dr, Access32.sys.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: cyusb3.sys7.0.dr, Access32.sys.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: http://www.cypress.com0
Source: cyusb3.sys7.0.dr, Access32.sys.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: cyusb3.sys7.0.dr, Access32.sys.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: Access32.sys.0.drString found in binary or memory: https://d.symcb.com/rpa0)
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x86\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x86\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x86\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x64\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x86\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x64\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x86\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\vl810filter.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x64\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x86\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\vl810filterx86.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x64\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x64\cyusb3.catJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x64\cyusb3.catJump to dropped file
Source: usbcg2dkfw1113_2_versionsfx.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: usbcg2dkfw1113_2_versionsfx.exe, 00000000.00000000.289001583.000000000040C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename7zS2.sfx.exe, vs usbcg2dkfw1113_2_versionsfx.exe
Source: usbcg2dkfw1113_2_versionsfx.exe, 00000000.00000002.423729671.0000000000196000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilename7zS2.sfx.exe, vs usbcg2dkfw1113_2_versionsfx.exe
Source: usbcg2dkfw1113_2_versionsfx.exeBinary or memory string: OriginalFilename7zS2.sfx.exe, vs usbcg2dkfw1113_2_versionsfx.exe
Source: usbcg2dkfw1113_2_versionsfx.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: VmmUpdateTool.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: VmmUpdateTool.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: VmmUpdateTool.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: VmmUpdateTool.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: VmmUpdateTool.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe0.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe1.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe1.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe1.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe1.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe1.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe2.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe2.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe2.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe2.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe2.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe3.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe3.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe3.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe3.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe3.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe4.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe4.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe4.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe4.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe4.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe5.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe5.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe5.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe5.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe5.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe6.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe6.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe6.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe6.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dpinst.exe6.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe1.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe1.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe1.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe1.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe1.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe2.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe2.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe2.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe2.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DPInst.exe2.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: rundll64.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: rundll64.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: rundll64.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\amd64\vl810filter.sysJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_004010000_2_00401000
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_00405DC90_2_00405DC9
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_004050D90_2_004050D9
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_004073E30_2_004073E3
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_00403CF40_2_00403CF4
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_004030820_2_00403082
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_00403DA80_2_00403DA8
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeCode function: 7_2_029CF1E07_2_029CF1E0
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeCode function: 7_2_029CFAB07_2_029CFAB0
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeCode function: 7_2_029CEA987_2_029CEA98
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeCode function: 7_2_05AF11D87_2_05AF11D8
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeCode function: 7_2_05AF63287_2_05AF6328
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeCode function: 7_2_05AF63387_2_05AF6338
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeCode function: 7_2_008920507_2_00892050
Source: FWUpdate_Lenovo_Gen2_UAC20_Patch_49-0E-41_CX21985.exe.0.drStatic PE information: Resource name: FILES type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: FWUpdate_Lenovo_Gen2_UAC20_Patch_49-0E-41_CX21985.exe.0.drStatic PE information: Resource name: FILES type: PE32+ executable (GUI) x86-64, for MS Windows
Source: WdfCoInstaller01009.dll.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 1639755 bytes, 2 files
Source: WdfCoInstaller01009.dll0.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 1384567 bytes, 2 files
Source: WdfCoinstaller01011.dll.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 897290 bytes, 4 files
Source: WdfCoinstaller01011.dll.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 794777 bytes, 4 files
Source: WdfCoinstaller01011.dll0.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 819780 bytes, 4 files
Source: WdfCoinstaller01011.dll0.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 712999 bytes, 4 files
Source: WdfCoinstaller01011.dll1.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 897290 bytes, 4 files
Source: WdfCoinstaller01011.dll1.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 794777 bytes, 4 files
Source: WdfCoinstaller01011.dll2.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 819780 bytes, 4 files
Source: WdfCoinstaller01011.dll2.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 712999 bytes, 4 files
Source: WdfCoinstaller01011.dll3.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 897290 bytes, 4 files
Source: WdfCoinstaller01011.dll3.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 794777 bytes, 4 files
Source: WdfCoinstaller01011.dll4.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 819780 bytes, 4 files
Source: WdfCoinstaller01011.dll4.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 712999 bytes, 4 files
Source: WdfCoinstaller01011.dll5.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 897290 bytes, 4 files
Source: WdfCoinstaller01011.dll5.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 794777 bytes, 4 files
Source: WdfCoinstaller01011.dll6.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 819780 bytes, 4 files
Source: WdfCoinstaller01011.dll6.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 712999 bytes, 4 files
Source: WdfCoInstaller01009.dll1.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 1639755 bytes, 2 files
Source: WdfCoInstaller01009.dll2.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 1384567 bytes, 2 files
Source: WdfCoInstaller01009.dll.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.998562932274
Source: WdfCoInstaller01009.dll0.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.998117270826
Source: WdfCoinstaller01011.dll.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.992212435978
Source: WdfCoinstaller01011.dll0.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.991465540154
Source: WdfCoinstaller01011.dll1.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.992212435978
Source: WdfCoinstaller01011.dll2.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.991465540154
Source: WdfCoinstaller01011.dll3.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.992212435978
Source: WdfCoinstaller01011.dll4.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.991465540154
Source: WdfCoinstaller01011.dll5.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.992212435978
Source: WdfCoinstaller01011.dll6.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.991465540154
Source: WdfCoInstaller01009.dll1.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.998562932274
Source: WdfCoInstaller01009.dll2.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.998117270826
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile read: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeJump to behavior
Source: usbcg2dkfw1113_2_versionsfx.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe "C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe"
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeProcess created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exe C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exe
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeProcess created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exe C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{a60173e8-7f8f-4736-b15f-80c0b78beea8}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5640:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FWUpdateTool.exe.logJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0Jump to behavior
Source: Access32.sys.0.drBinary string: &\DosDevices\TEACCESS\Device\TEACCESSbf
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile written: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\Setting.iniJump to behavior
Source: classification engineClassification label: sus28.evad.winEXE@4/167@0/0
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: usbcg2dkfw1113_2_versionsfx.exeStatic file information: File size 19544304 > 1048576
Source: usbcg2dkfw1113_2_versionsfx.exeStatic PE information: certificate valid
Source: Binary string: e:\views\kys_training\software\products\usb_serial\host\windows\cyusbserial_dll\cyusbserial\bin\Release\cyusbserial.pdb source: cyusbserial.dll0.0.dr
Source: Binary string: D:\Program\VC++\memory\x64\Release\Memory.pdb source: Memory_x64.exe.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\tools\gs_support\kmodecld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\tools\gs_support\kmode\i386 -Id:\w7rtm\minkernel\tools\gs_support\kmode -Id:\w7rtm.public.x86fre\ddk\inc -Io:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090713-1255 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W3 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TC -Xsrc.\gs_support.cpdbd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb" source: cyusb3.pdb8.0.dr
Source: Binary string: c:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: cwdC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\srcexeC:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\link.exepdbC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x64\cyusb3.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\tools\gs_support\kmodecld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\tools\gs_support\kmode\i386 -Id:\w7rtm\minkernel\tools\gs_support\kmode -Id:\w7rtm.public.x86fre\ddk\inc -Io:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090713-1255 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W3 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TC -Xsrc.\gs_report.cpdbd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb" source: cyusb3.pdb8.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyio.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb: source: cyusb3.pdb8.0.dr
Source: Binary string: WdfCoInstaller01011.pdb source: WdfCoinstaller01011.dll5.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyioctl.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdbJ source: cyusb3.pdb8.0.dr
Source: Binary string: d:\wbrtm\minkernel\tools\gs_support\kmodefastfail\vc110.pdb source: cyusb3.pdb4.0.dr, cyusb3.pdb5.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cydevice.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb> source: cyusb3.pdb8.0.dr
Source: Binary string: -Fdd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\tools\gs_support\kmode\i386 -Id:\w7rtm\minkernel\tools\gs_support\kmode -Id:\w7rtm.public.x86fre\ddk\inc -Io:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090713-1255 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W3 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TC -X source: cyusb3.pdb8.0.dr
Source: Binary string: WdfCoInstaller01011.pdbL source: WdfCoinstaller01011.dll5.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x86\cyusb3.pdb source: cyusb3.pdb2.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyfileio.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb2 source: cyusb3.pdb8.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyinterruptep.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stubcld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\i386 -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\public -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\km -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\km -Id:\w7rtm\minkernel\wdf\framework\kmdf\inc\private -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc\kmdf\private -Io:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090710-1945 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DFX_CORE_KERNEL_MODE=1 -DFX_CORE_USER_MODE=2 -DEVENT_TRACING -DFX_CORE_MODE=1 -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -DRUN_WPP -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W4 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -D_WIN2K_COMPAT_SLIST_USAGE -D__WDF_MAJOR_VERSION=0x01 -D__WDF_MINOR_VERSION=0x009 -D__WDF_BUILD_NUMBER=7600 -D__WDF_MAJOR_VERSION_STRING=01 -D__WDF_MINOR_VERSION_STRING=009 -DWIN9X_COMPAT_SPINLOCK -DNTSTRSAFE_LIB -DIMPORT_NATIVE_DBG_BREAK -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TP -Xsrc.\inittypes.cpppdbd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb& source: cyusb3.pdb8.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8.1Release\x86\cyusb3.pdb source: cyusb3.pdb4.0.dr
Source: Binary string: C:\Test\TeAccess_x86\Win8Release\Access32.pdb source: Access32.sys.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcexeC:\WINDDK\7600.16385.0\bin\x86\x86\link.exepdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\cyusb3.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8Release\x64\vc120.pdb source: cyusb3.pdb5.0.dr
Source: Binary string: cwdd:\5359\minkernel\crts\crtw32\misc\ntcld:\5359\tools\x86\amd64\cl.EXEcmd-Fod:\5359.obj.amd64fre\minkernel\crts\crtw32\misc\nt\objfre\amd64\ -FC -MT -Id:\5359\minkernel\crts\crtw32\misc\nt\amd64\ -Id:\5359\minkernel\crts\crtw32\misc\nt -Id:\5359\minkernel\crts\crtw32\misc\h -Id:\5359\minkernel\crts\crtw32\h -Id:\5359\minkernel\crts\crtw32\misc\amd64 -Id:\5359.public.amd64fre\internal\minwin\priv_sdk\inc -Id:\5359.obj.amd64fre\minkernel\crts\crtw32\misc\nt\objfre\amd64 -Id:\5359\minkernel\inc -Id:\5359.obj.amd64fre\minkernel\inc\objfre\amd64 -Id:\5359.public.amd64fre\internal\minkernel\inc -Id:\5359.public.amd64fre\oak\inc -Id:\5359.public.amd64fre\sdk\inc -Id:\5359.public.amd64fre\internal\minwin\sdk\inc -Id:\5359.public.amd64fre\internal\minwin\inc -Id:\5359.public.amd64fre\internal\minwin\priv_sdk\inc -Id:\5359.public.amd64fre\sdk\inc\crt -D_WIN64 -D_AMD64_ -DAMD64 -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090430-2045 -D__BUILDMACHINE__=win7_wdk -DNDEBUG -D_NTSUBSET_ -DNT_BUILD -D_CRTBLD -DWINHEAP -D_SYSCRT -D_MBCS -D_MB_MAP_DIRECT -D_KANJI -D_QSORT_DO_VALIDATE=1 -D_NTSYSTEM_ -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -c -Zc:wchar_t- -Zl -Zp8 -Gy -W3 -WX -d1import_no_registry -EHs -EHc -GR- -GF -GS -Ox -Os -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -typedil- -wd4603 -wd4627 -FId:\5359.public.amd64fre\sdk\inc\warning.h -FId:\5359.public.amd64fre\internal\Base\inc\warning_x.h -TC -Xsrc..\amd64\gshandler.cpdbd:\5359\minkernel\crts\crtw32\misc\nt\vc90.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: d:\wbrtm\minkernel\tools\gs_support\kmode\vc110.pdb source: cyusb3.pdb2.0.dr, cyusb3.pdb1.0.dr
Source: Binary string: d:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: c:\users\nickliao\desktop\lenovo\addfilter_20190725\addfilter_src\objfre_win7_x86\i386\addfilter.pdb source: remfilter86.exe.0.dr
Source: Binary string: DpInst.pdbG source: DPInst.exe2.0.dr, DPInst.exe0.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x64\cyusb3.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: DpInst.pdbH source: dpinst.exe3.0.dr, dpinst.exe5.0.dr
Source: Binary string: ..\amd64\amdsecgs.asm..\amd64\memset.asm..\amd64\gshandler.cd:\5359\minkernel\crts\crtw32\misc\nt\vc90.pdbC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x64\cyusb3.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: d:\5359\minkernel\crts\crtw32\misc\nt\vc90.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x64\vc120.pdb source: cyusb3.pdb1.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8Release\x64\cyusb3.pdb source: cyusb3.sys7.0.dr, cyusb3.pdb5.0.dr
Source: Binary string: d:\w8rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc100.pdb source: cyusb3.pdb2.0.dr, cyusb3.pdb4.0.dr, cyusb3.pdb1.0.dr, cyusb3.pdb5.0.dr
Source: Binary string: \inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyscript.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb6 source: cyusb3.pdb8.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\tools\gs_support\kmodecld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\tools\gs_support\kmode\i386 -Id:\w7rtm\minkernel\tools\gs_support\kmode -Id:\w7rtm.public.x86fre\ddk\inc -Io:\w7rtm.obj.x86fre\minkernel\tools\gs_support\kmode\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090713-1255 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W3 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TC -Xsrc..\i386\secchk.cpdbd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb> source: cyusb3.pdb8.0.dr
Source: Binary string: \shihw\Desktop\Gen2\FWUpdateTool - 2021_12_16\FWUpdateTool\obj\Release\FWUpdateTool.pdb source: FWUpdateTool.exe
Source: Binary string: c:\Users\NickLiao\Desktop\Lenovo\SilentMode_Interface_20180529\Release\HubInterface.pdb source: HubUpgradeDriverFW.exe.0.dr
Source: Binary string: e:\views\kys_training\software\products\usb_serial\host\windows\cyusbserial_dll\cyusbserial\bin\Release\cyusbserial.pdb$ source: cyusbserial.dll0.0.dr
Source: Binary string: c:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\cyusb3.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: E:\WORK\Hub\!other\ConsoleMode_Interface_20180529\Release\HubInterface.pdb source: HubAddFilterDriver.exe.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stubcld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\i386 -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\public -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\km -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\km -Id:\w7rtm\minkernel\wdf\framework\kmdf\inc\private -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc\kmdf\private -Io:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090710-1945 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DFX_CORE_KERNEL_MODE=1 -DFX_CORE_USER_MODE=2 -DEVENT_TRACING -DFX_CORE_MODE=1 -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -DRUN_WPP -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W4 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -D_WIN2K_COMPAT_SLIST_USAGE -D__WDF_MAJOR_VERSION=0x01 -D__WDF_MINOR_VERSION=0x009 -D__WDF_BUILD_NUMBER=7600 -D__WDF_MAJOR_VERSION_STRING=01 -D__WDF_MINOR_VERSION_STRING=009 -DWIN9X_COMPAT_SPINLOCK -DNTSTRSAFE_LIB -DIMPORT_NATIVE_DBG_BREAK -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TP -Xsrc.\stub.cpppdbd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyiso.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb: source: cyusb3.pdb8.0.dr
Source: Binary string: DpInst.pdb source: DPInst.exe2.0.dr, DPInst.exe0.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.dr
Source: Binary string: cwdC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\srcexeC:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\link.exepdbC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x86\cyusb3.pdb source: cyusb3.pdb2.0.dr
Source: Binary string: devcon.pdb source: devcon.exe0.0.dr
Source: Binary string: -Fdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\i386 -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\public -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\km -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\km -Id:\w7rtm\minkernel\wdf\framework\kmdf\inc\private -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc\kmdf\private -Io:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090710-1945 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DFX_CORE_KERNEL_MODE=1 -DFX_CORE_USER_MODE=2 -DEVENT_TRACING -DFX_CORE_MODE=1 -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -DRUN_WPP -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W4 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -D_WIN2K_COMPAT_SLIST_USAGE -D__WDF_MAJOR_VERSION=0x01 -D__WDF_MINOR_VERSION=0x009 -D__WDF_BUILD_NUMBER=7600 -D__WDF_MAJOR_VERSION_STRING=01 -D__WDF_MINOR_VERSION_STRING=009 -DWIN9X_COMPAT_SPINLOCK -DNTSTRSAFE_LIB -DIMPORT_NATIVE_DBG_BREAK -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TP -X source: cyusb3.pdb8.0.dr
Source: Binary string: d:\wm\minkernel\crts\crtw32\misc\nt\vc110.pdb source: cyusb3.pdb2.0.dr, cyusb3.pdb4.0.dr, cyusb3.pdb1.0.dr, cyusb3.pdb5.0.dr
Source: Binary string: cwdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stubcld:\w7rtm\tools\x86\x86\cl.EXEcmd-Fdd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb -Foo:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386\ -FC -MT -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\i386 -Id:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\common -Id:\w7rtm\minkernel\wdf\framework\shared\inc\public -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm\minkernel\wdf\framework\shared\inc\primitives\km -Id:\w7rtm\minkernel\wdf\framework\shared\inc\private\km -Id:\w7rtm\minkernel\wdf\framework\kmdf\inc\private -Id:\w7rtm.public.x86fre\ddk\inc\wdf\kmdf\1.9 -Id:\w7rtm.public.x86fre\ddk\inc -Id:\w7rtm.public.x86fre\internal\Base\inc -Id:\w7rtm.public.x86fre\ddk\inc\wdm -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc\kmdf\private -Io:\w7rtm.obj.x86fre\minkernel\wdf\framework\kmdf\src\dynamic\stub\objfre\i386 -Id:\w7rtm\minkernel\inc -Io:\w7rtm.obj.x86fre\minkernel\inc\objfre\i386 -Id:\w7rtm.public.x86fre\internal\minkernel\inc -Id:\w7rtm.public.x86fre\oak\inc -Id:\w7rtm.public.x86fre\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\sdk\inc -Id:\w7rtm.public.x86fre\internal\minwin\inc -Id:\w7rtm.public.x86fre\internal\minwin\priv_sdk\inc -Id:\w7rtm.public.x86fre\sdk\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0601 -DWINVER=0x0601 -D_WIN32_IE=0x0800 -DWIN32_LEAN_AND_MEAN=1 -DOFFICIAL_BUILD=1 -DDEVL=1 -D__BUILDDATE__=090710-1945 -D__BUILDMACHINE__=win7_rtm -DFPO=0 -DNDEBUG -DFX_CORE_KERNEL_MODE=1 -DFX_CORE_USER_MODE=2 -DEVENT_TRACING -DFX_CORE_MODE=1 -DNTDDI_VERSION=0x06010000 -DBUILD_MINWIN -DRUN_WPP -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -W4 -WX -Gz -hotpatch -d1import_no_registry -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Z7 -D_WIN2K_COMPAT_SLIST_USAGE -D__WDF_MAJOR_VERSION=0x01 -D__WDF_MINOR_VERSION=0x009 -D__WDF_BUILD_NUMBER=7600 -D__WDF_MAJOR_VERSION_STRING=01 -D__WDF_MINOR_VERSION_STRING=009 -DWIN9X_COMPAT_SPINLOCK -DNTSTRSAFE_LIB -DIMPORT_NATIVE_DBG_BREAK -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FId:\w7rtm.public.x86fre\sdk\inc\warning.h -FId:\w7rtm.public.x86fre\internal\Base\inc\warning_x.h -TP -Xsrc.\classbind.cpppdbd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb* source: cyusb3.pdb8.0.dr
Source: Binary string: ..\amd64\amdsecgs.asm..\amd64\memset.asmC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8Release\x64\cyusb3.pdb source: cyusb3.pdb5.0.dr
Source: Binary string: c:\Users\NickLiao\Desktop\Lenovo\SilentMode_Interface_20180529\Release\HubInterface.pdb! source: HubUpgradeDriverFW.exe.0.dr
Source: Binary string: d:\w8rtm\minkernel\crts\crtw32\misc\nt\vc100.pdb source: cyusb3.pdb5.0.dr
Source: Binary string: .\cyscript.cc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb.\cyfileio.c.\cyiso.c.\cyinterruptep.c.\cyioctl.c.\cypnppower.c.\cyio.c.\cydevice.c.\cyentry.c..\i386\secchk.cd:\w7rtm\minkernel\tools\gs_support\kmode\vc90.pdb.\gs_support.c.\gs_report.c.\stub.cppd:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\vc90.pdb.\classbind.cpp.\inittypes.cppc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\cyusb3.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: E:\WORK\Hub\!other\ConsoleMode_Interface_20180529\Release\HubInterface.pdb! source: HubAddFilterDriver.exe.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win7Release\x86\vc120.pdb source: cyusb3.pdb2.0.dr
Source: Binary string: cwdC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\srcexeC:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\link.exepdbC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8.1Release\x86\cyusb3.pdb source: cyusb3.pdb4.0.dr
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cyentry.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb6 source: cyusb3.pdb8.0.dr
Source: Binary string: C:\Project\Application\PriusTool\UpdateTool_Standalone\UpdateTool.pdb source: VmmUpdateTool.exe0.0.dr
Source: Binary string: C:\Users\shihw\Desktop\Gen2\FWUpdateTool - 2021_12_16\FWUpdateTool\obj\Release\FWUpdateTool.pdb source: FWUpdateTool.exe, 00000007.00000000.399232570.0000000000892000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: cwdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\srcclC:\WINDDK\7600.16385.0\bin\x86\x86\cl.execmd-Foc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -FC -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\i386 -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\inc -Ic:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386 -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\api -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\ddk -IC:\WINDDK\7600.16385.0\inc\wdf\kmdf\1.9 -IC:\WINDDK\7600.16385.0\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 -DWINVER=0x0501 -D_WIN32_IE=0x0603 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -D_DLL=1 -DNDEBUG -DWIN7_DDK -DNTDDI_VERSION=0x05010200 -c -Zc:wchar_t- -Zl -Zp8 -Gy -Gm- -cbstring -W3 -WX -Gz -hotpatch -EHs- -EHc- -GR- -GF -GS -Ox -Os -Oy- -Zi -Fdc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\ -DKMDF_MAJOR_VERSION=1 -DKMDF_MINOR_VERSION=9 -DKMDF_MAJOR_VERSION_STRING=01 -DKMDF_MINOR_VERSION_STRING=009 -wd4603 -wd4627 -typedil- -FIC:\WINDDK\7600.16385.0\inc\api\warning.h -MT -IC:\WINDDK\7600.16385.0\inc\api -TC -Xsrc.\cypnppower.cpdbc:\views\clearcaseworkspaces\fx3_main_view\software\products\usb30\fx3\host\driver\src\objfre_wxp_x86\i386\vc90.pdb source: cyusb3.pdb8.0.dr
Source: Binary string: cwdC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\srcexeC:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\link.exepdbC:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8Release\x64\cyusb3.pdb source: cyusb3.pdb5.0.dr
Source: Binary string: C:\Views\ClearcaseWorkspaces\FX3_Main_View\software\products\usb30\FX3\host\driver\src\Build-Objects\Win8.1Release\x86\vc120.pdb source: cyusb3.pdb4.0.dr
Source: Binary string: Aic:\users\nickliao\desktop\lenovo\addfilter_20190725\addfilter_src\objfre_win7_x86\i386\addfilter.pdb source: remfilter86.exe.0.dr
Source: ccg4_flash.exe0.0.drStatic PE information: real checksum: 0x0 should be: 0x3139f
Source: FWUpdate_Lenovo_Gen2_UAC20_Patch_49-0E-41_CX21985.exe.0.drStatic PE information: real checksum: 0x1e47a3 should be: 0x5b15a1
Source: VmmUpdateTool.exe0.0.drStatic PE information: real checksum: 0x0 should be: 0x34eff0
Source: VmmUpdateTool.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x60aa28
Source: FWUpdateTool.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x2eb21
Source: ccg4_dock_fw_update.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x992d1
Source: dp_gpio.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x30200
Source: ccg4_flash.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x3139f
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_00407AB0 push eax; ret 0_2_00407ADE
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeCode function: 7_2_00897A43 push 28040000h; iretd 7_2_00897A48
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeCode function: 7_2_00897A1F push 28040000h; iretd 7_2_00897A24
Source: ccg4_dock_fw_update.exe.0.drStatic PE information: section name: .00cfg
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\remfilter64.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\amd64\vl810filter.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x64\DPInst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\x86\vl810filter.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x86\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x64\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\rundll64.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\DeleteHubDriver.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x86\WdfCoInstaller01009.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\TBT_Force_Power_Control\Memory_x64.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\GetBinFileFW.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\VLIHubAPI.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\cyusbserial.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x64\DPInst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\HUBIspTool.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x86\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x64\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\HubReset.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\ccg4_prog\ccg4_flash.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\devcon.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\dp_gpio.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x86\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x64\WdfCoInstaller01009.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x86\DPInst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\TBT_Force_Power_Control\Access64.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x64\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\DriverUnInstall.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x64\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\HubRemoveFilterDriver.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\GetSPIFW.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x86\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\TBT_Force_Power_Control\Access32.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\ccg4_prog\cyusbserial.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x86\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\addfilter64.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x64\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\HubUpgradeDriverFW.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x86\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x86\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x64\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\HUBIspTool.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\TBT_Force_Power_Control\Memory_x86.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\remfilter86.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\addfilter86.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\devcon.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x64\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\DP_A2\VmmUpdateTool.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x64\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\DP\VmmUpdateTool.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x64\WdfCoInstaller01009.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\ccg4_flash.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x86\WdfCoInstaller01009.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\amd64\vl810filter.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x86\DPInst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\x86\vl810filter.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\DriverInstall.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\ccg4_dock_fw_update.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\VLIHubAPI.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Audio\FWUpdate_Lenovo_Gen2_UAC20_Patch_49-0E-41_CX21985.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x86\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\HubAddFilterDriver.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\InfDefaultInstall64.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\DP_A2\VmmUpdateTool_readme.txtJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile created: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\Readme_SilentMode.docJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_PnPEntity
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exe TID: 4420Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\remfilter64.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\amd64\vl810filter.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x64\DPInst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\x86\vl810filter.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x64\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x86\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\rundll64.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\DeleteHubDriver.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x86\WdfCoInstaller01009.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\TBT_Force_Power_Control\Memory_x64.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\GetBinFileFW.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\cyusbserial.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\VLIHubAPI.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x64\DPInst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\HUBIspTool.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x86\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x64\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\HubReset.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\ccg4_prog\ccg4_flash.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\devcon.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\dp_gpio.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x86\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x64\WdfCoInstaller01009.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\TBT_Force_Power_Control\Access64.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x86\DPInst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x64\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\DriverUnInstall.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x64\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\HubRemoveFilterDriver.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\GetSPIFW.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x86\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\TBT_Force_Power_Control\Access32.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\ccg4_prog\cyusbserial.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x86\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\addfilter64.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x64\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\HubUpgradeDriverFW.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x86\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x86\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x64\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\HUBIspTool.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\TBT_Force_Power_Control\Memory_x86.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\remfilter86.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\addfilter86.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\devcon.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x64\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x64\WdfCoinstaller01011.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\DP_A2\VmmUpdateTool.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\DP\VmmUpdateTool.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x64\WdfCoInstaller01009.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\ccg4_flash.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\wxp\x86\WdfCoInstaller01009.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\amd64\vl810filter.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\vista\x86\DPInst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win7\x64\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\x86\vl810filter.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\DriverInstall.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\ccg4_dock_fw_update.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\VLIHubAPI.dllJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Audio\FWUpdate_Lenovo_Gen2_UAC20_Patch_49-0E-41_CX21985.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win10\x86\cyusb3.sysJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\PDSolutionBillBoard\DriverInstallerCyUSB3\cyusb3\Drivers\Win8.1\x86\dpinst.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Switch5G10G\Driver\InfDefaultInstall64.exeJump to dropped file
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\HubAddFilterDriver.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_00401988 FindFirstFileW,FindClose,0_2_00401988
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_004019B4 wcslen,wcscpy,wcscpy,FindFirstFileW,GetLastError,wcscmp,wcscmp,wcscpy,wcscat,SetFileAttributesW,GetLongPathNameW,GetLastError,FindNextFileW,GetLastError,FindClose,RemoveDirectoryW,GetLastError,0_2_004019B4
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Audio\Jump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Audio\FWU.batJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Jump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: FWUpdateTool.exe, 00000007.00000002.420544562.0000000002B7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tk$VMware Virtual disk SCSI Disk Device
Source: FWUpdateTool.exe, 00000007.00000002.420544562.0000000002B7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tk$Microsoft Hyper-V Generation Counter
Source: FWUpdateTool.exe, 00000007.00000002.420544562.0000000002B7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00
Source: FWUpdateTool.exe, 00000007.00000002.420544562.0000000002B7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tk$VMware Virtual disk SCSI Disk Device0
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_00405315 cpuid 0_2_00405315
Source: C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exeCode function: 0_2_00405553 GetVersionExW,GetModuleHandleW,GetProcAddress,GetSystemDirectoryW,lstrlenW,lstrcatW,LoadLibraryExW,0_2_00405553
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
Windows Service
1
Windows Service
1
Masquerading
OS Credential Dumping11
Security Software Discovery
Remote Services1
Archive Collected Data
Exfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Process Injection
1
Disable or Modify Tools
LSASS Memory122
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)122
Virtualization/Sandbox Evasion
Security Account Manager3
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Software Packing
NTDS122
System Information Discovery
Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Process Injection
LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Obfuscated Files or Information
Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 561713 Sample: usbcg2dkfw1113_2_versionsfx.exe Startdate: 27/01/2022 Architecture: WINDOWS Score: 28 5 usbcg2dkfw1113_2_versionsfx.exe 244 2->5         started        file3 13 C:\Users\user\AppData\...\FWUpdateTool.exe, PE32 5->13 dropped 15 C:\Users\user\AppData\...\Memory_x86.exe, PE32 5->15 dropped 17 C:\Users\user\AppData\...\Memory_x64.exe, PE32+ 5->17 dropped 19 72 other files (none is malicious) 5->19 dropped 8 FWUpdateTool.exe 2 5->8         started        11 conhost.exe 5->11         started        process4 signatures5 21 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 8->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
usbcg2dkfw1113_2_versionsfx.exe3%VirustotalBrowse
usbcg2dkfw1113_2_versionsfx.exe2%ReversingLabs
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Audio\FWUpdate_Lenovo_Gen2_UAC20_Patch_49-0E-41_CX21985.exe3%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\7zFBAF05F0\Audio\FWUpdate_Lenovo_Gen2_UAC20_Patch_49-0E-41_CX21985.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\7zFBAF05F0\DP\VmmUpdateTool.exe0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://www.cypress.com00%Avira URL Cloudsafe
http://ocsp.thawte.com00%URL Reputationsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.cypress.com0dpinst.exe3.0.dr, dpinst.exe5.0.drfalse
  • Avira URL Cloud: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0cyusb3.sys7.0.dr, Access32.sys.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drfalse
    high
    http://ocsp.thawte.com0cyusb3.sys7.0.dr, Access32.sys.0.dr, dpinst.exe3.0.dr, dpinst.exe5.0.drfalse
    • URL Reputation: safe
    unknown
    No contacted IP infos
    Joe Sandbox Version:34.0.0 Boulder Opal
    Analysis ID:561713
    Start date:27.01.2022
    Start time:18:53:07
    Joe Sandbox Product:CloudBasic
    Overall analysis duration:0h 8m 59s
    Hypervisor based Inspection enabled:false
    Report type:full
    Sample file name:usbcg2dkfw1113_2_versionsfx.exe
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
    Number of analysed new started processes analysed:17
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • HDC enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:SUS
    Classification:sus28.evad.winEXE@4/167@0/0
    EGA Information:
    • Successful, ratio: 100%
    HDC Information:
    • Successful, ratio: 100% (good quality ratio 95.8%)
    • Quality average: 84.5%
    • Quality standard deviation: 25.6%
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 21
    • Number of non-executed functions: 8
    Cookbook Comments:
    • Adjust boot time
    • Enable AMSI
    • Found application associated with file extension: .exe
    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
    • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtOpenFile calls found.
    • Report size getting too big, too many NtProtectVirtualMemory calls found.
    • Report size getting too big, too many NtQueryAttributesFile calls found.
    No simulations
    No context
    No context
    No context
    No context
    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
    C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\DeleteHubDriver.exeversionsfx.exeGet hashmaliciousBrowse
      C:\Users\user\AppData\Local\Temp\7zFBAF05F0\DP_A2\VmmUpdateTool.exeversionsfx.exeGet hashmaliciousBrowse
        C:\Users\user\AppData\Local\Temp\7zFBAF05F0\HubPDConsol\DriverFilter\addfilter64.exeversionsfx.exeGet hashmaliciousBrowse
          Process:C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):502
          Entropy (8bit):5.318411039268758
          Encrypted:false
          SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21q1KDLI4M8zAbDLI4M6:MLUE4K5E4Ks2E1qE4FsXE4j
          MD5:A05795EF0CFE8E70B8342B9C7DE8B8FE
          SHA1:A0890CDC90219F7BDC9688374F163BD0D53BAF40
          SHA-256:0826C389261B00F9477DDA080415E064D44B36C91CA8CE4C9E27DC483511F3D6
          SHA-512:45592C4DF1E9A4460D0545DE33C8F0D4E975D8D6CE1953450967CFCFFC2DCAA0ADEF230168671C6B48C9707077A919EAB0024DEE29469B5218AEE8B530B9A193
          Malicious:false
          Reputation:low
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):874
          Entropy (8bit):5.317889748388958
          Encrypted:false
          SSDEEP:24:wq6NzAm3WOqlRWOqlEFe4n59btsPehAmErZP1uE9bc7P1CDU:8AnDTALZ95w99
          MD5:39E2C64E9B3642226CCC7E284267B29F
          SHA1:D90E21F2768A727CB30DDFD71D8187A7F4B32774
          SHA-256:90529EC6D3DDF57011C5B1BA84E12BFC026FBA20279C6DF2ED37C422E482B373
          SHA-512:CD5308302D4AA1C5949BFE3C70610337FEDC31505A68454E0E16F600E1EE31DF4CB87904A5C64A86DD298CF04329DD65911A0A4D179D573E465B5582F31B6503
          Malicious:false
          Reputation:low
          Preview:@echo off..setlocal enabledelayedexpansion..set RESULTCODE=0..set EXEFILE=FWUpdate_Lenovo_Gen2_UAC20_Patch_49-0E-41_CX21985.exe..set LOGFILE=FWUpdate_Lenovo_Gen2_UAC20_Patch_49-0E-41_CX21985.log....cd /d %~dp0....if exist !LOGFILE! (...del /F /S !LOGFILE!..)....if "%1"=="0" (...echo /**********Audio FW Update Start**********/...!EXEFILE! /s /force /R...echo ResultCode:!ErrorLevel!...if !ErrorLevel!==0 (... echo "Audio FW Update Success"...) else (... echo "Audio FW Update Failed"... set RESULTCODE=99...)...echo /**********Audio FW Update Finish**********/..)....if "%1"=="1" (...echo /**********Audio Get Version Start**********/...!EXEFILE! /check_version...echo ResultCode:!ErrorLevel!...echo "Get Version :"...for /f "tokens=1,2 delims=" %%a in (!LOGFILE!) do (.....echo %%a...)...echo /**********Audio Get Version Finish**********/..)....exit /B %RESULTCODE%
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):5918689
          Entropy (8bit):7.698436426903965
          Encrypted:false
          SSDEEP:98304:YbuJbwnOEnZTjUgi8eykjjYMjZrZ8lTb4FmY09t+3VpL2PVGEkiOlzL4NJaUjrF4:AuJbA5Oj9ZrGlTb4Ff732dWzL4+yFx6t
          MD5:DFBA93D97C6F25E32F8C0F9F5BA3B2CF
          SHA1:EC9C8841E709BD373EC79032E25668C6ABFC37A0
          SHA-256:816D26BC3CAE5AB8FF70B6B48EF9C20351F9A4F2A3DDC5DB03156444B4DEC495
          SHA-512:98B5589A924D4D2F3280123900E67131757B0E82373B099063CC745EC902BC9AD1849EEA730CAAACFDC9397D7A11E8F8BD3F8D397BD77C9250235330874C9B1F
          Malicious:false
          Antivirus:
          • Antivirus: Virustotal, Detection: 3%, Browse
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.A! ./r ./r ./r).r,./r).r../r ..r*./rO..r../rO..r../rO..r../rO..r8./rO..r!./rO..r!./rRich ./r................PE..L.....`.....................$......S........ ....@..................................G....@..................................W..T....p.......................@......@-..................................@............ ..\............................text............................... ..`.rdata...k... ...l..................@..@.data...@........`...|..............@....rsrc........p......................@..@.reloc......@......................@..B........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):212
          Entropy (8bit):3.9643229547298957
          Encrypted:false
          SSDEEP:3:jGGQLByHSYQBRXAu4Cj9L1ATokrcKGSX9+w3ZlLrFKTRpQ4gk:jGVyHSYQBxqgh1AT5r7GSJZlfFwAk
          MD5:05A437B0C87045541576F45D378E41BF
          SHA1:F3724F2E07B80A04086EB494B7F440C3579B29FE
          SHA-256:AB3C509C98CD5C2898CB9F8A35ECB1A15A1483E2A2AAE9DF6B4BF875D78CBF72
          SHA-512:C49626D4731D116F40A8A16530ED1ACF35EB4027871DE9CC1400F8EA4F0F093A5800D5601EB43F5EC25AA24D209C7C2ABB8CD8C80062E322577AD5C09C42FCE8
          Malicious:false
          Reputation:low
          Preview:Lenovo_Thunderbolt Audio Firmware Update Log File..========================================================================================..COMMAND = /check_version..CURRENT_VERSION = 49-0E-41..return value: 0..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1609
          Entropy (8bit):5.316407018349304
          Encrypted:false
          SSDEEP:48:8AA7Ked6LDojwinVq8GOAO7naZ9+GSU9v7UiN:8J7Z+etn8jjUw
          MD5:CF96228E024EA1C2C67B5499D9CAB0AE
          SHA1:1660B52C19B2E9313730DD0BE36EBDDD9A6AC679
          SHA-256:8CEED81D4AD785DAE004876C21D16004C7643F24C6F43C1C0916B269E677FA56
          SHA-512:861E17E3385030B142EF65557E7CFAB6454E5C5C3FC1FF155071B0DC0185C0CCDB059E160D1A1D2D1963ED5E5FF6791B16102B8CFE3E9A8F1AD0DF6955A47C2B
          Malicious:false
          Reputation:low
          Preview:@echo off..setlocal enabledelayedexpansion..set RESULTCODE=0..cd /d %~dp0..cd ..\PDSolutionBillBoard..cd .\DriverInstallerCyUSB3\cyusb3..call DriverInstallerScript.bat \q..cd ....cd ....dp_gpio.exe -vid 17ef -pid A38F -g 1..echo BeforePintoHigh:%time%..cd ..\DP..::ping 127.0.0.1 -n 15 -w 1000 > nul..::echo AfterPintoHigh:%time%....if exist update.log (...del /F /S update.log..)....if "%1"=="0" (.. ping 127.0.0.1 -n 15 -w 1000 > nul.. echo AfterPintoHigh:%time%...echo /**********DP FW Update Start**********/...VmmUpdateTool.exe -s2 -u -fd -fr Panamera_fw_duce2_B1_.bin...echo ResultCode:!ErrorLevel!......if !ErrorLevel!==0 set PASS=1...if !ErrorLevel!==16 set PASS=1...if !ErrorLevel!==17 set PASS=1......if defined PASS (....if !ErrorLevel!==0 (.....echo "DP FW Update Success"....) else (.....echo "DP Hub FW update is not required, the current version is equal or newer than the one in flash package"....). ...) else (... echo "DP FW Update Failed"... set RESULTCODE=99..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):524288
          Entropy (8bit):7.0852347632160475
          Encrypted:false
          SSDEEP:12288:oDuKrVfp9DuKrVfpRdyauyG6/eGjMDRg0efp5:e5J5N1GeeGYDtefp
          MD5:FCA4CF362071C51AA0F9E9F07251A842
          SHA1:45014BC0196B5DA314EF821C881E0A89C1C39349
          SHA-256:61F3C740B42DBCB8E2B57F0904A2B19E91FF7B644C3A05617D73E3D09A9D07CB
          SHA-512:7A37686E200D095B46C37AB5ADE63A24D71E0325B6B562ADFE4CA855B2B2EA0FDEA915B13E45FD8A5676CF65E97F0271E3C3E53D2D8790F5D771B8A9235A72A1
          Malicious:false
          Reputation:low
          Preview:........O..0Na..+......x*..Q0.%.PT.K.................d..@A.&0..6.."!........;G.m... .....Non-PnP. ...... ..................................................................................................................................0.......!......T....B..................................*?................ 8.....................!................................................................................................................................&?.&?&..-?..-.*ra_fw_duce2_B1.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):6320640
          Entropy (8bit):7.409390871996109
          Encrypted:false
          SSDEEP:196608:+UPF+YNZAAjnHAyvPGYjHoor7+Q4NLHh/AfB:IyAy3GoFwZSfB
          MD5:836BFE5EFB7A02E4A51931BCA8920622
          SHA1:4545F1D0DC4429B5AABDABB2F3355F33189178EA
          SHA-256:76895E482E6CBF6FAB258BEAB0347B13B59521B0EB929AC33B2E6F45D2F60F17
          SHA-512:D7E8C70599A25CDCA9CF2A1066EE85F259EAF9615D09B1EE7B95575728A71AE84E87D82B62C104BD579B231058B442598ACC095A25ECB84C34DC396722D48165
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:low
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........].H].H].H8..I|.H.xwH\.H8..I~.H8..I..H8..I^.H...IN.H...ID.H...I3.HQ..I^.HX..H\.H8..It.H].H{.H..Iq.H..I\.H.OH\.H].'H\.H..I\.HRich].H........PE..L...^._.................."....$.............."...@..........................`.%..........@......................... p)......p)........%X....................@.%.... m'.T....................n'.....xm'.@............."..............................text...m."......."................. ..`.rdata........".......".............@..@.data...4..$..).../...).............@....rsrc...X......%......X.............@..@.reloc.......@.%.....Z].............@..B................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF, CR line terminators
          Category:dropped
          Size (bytes):51
          Entropy (8bit):4.341556656070963
          Encrypted:false
          SSDEEP:3:0gJInAC91E9XTVmcn:0gJmrUmc
          MD5:6BFB6FAFB32EF13684EF429986D4D992
          SHA1:2F75419EE196A10C72BA35C85A765DA2E1585F51
          SHA-256:3C5214257F59262253AC0DD3DF764CC0296B074D4034EA0CEABC4BCB0463FE2E
          SHA-512:A833CE02FEB438D6C59606E89FABE3079E5932B8D808E47F39BC10A50C0731FA54474FBD286FD81012CE7DB009455989C7330425378F11B57EA530E85B2B5668
          Malicious:false
          Reputation:low
          Preview:Ver5.06.121.....Firmware name: *amera_fw_duce2.....
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1600
          Entropy (8bit):5.3490043486884735
          Encrypted:false
          SSDEEP:48:8AA7Ked6LDOjAgoqnVq8GOAO7naZ9u2SU9v7UiN:8J7Z+coYtn8TjUw
          MD5:2EED262D3D2837B15C36462FED703F78
          SHA1:05C28E5CB67893CF55C0AECA549A08E200A1F20F
          SHA-256:A7C0C9F47A3A0991F17EB3BAF8AA0944DB1F3F1C9AAD54BF123A2F5CFE2E2B11
          SHA-512:123C573443922B8AD8413C2592ED8F47A14E793FCDEC23055362B263D1D94EA5B3812C6760ED2CFEE5964C8424D7F91839689E9645AE10C73D49F916092DC2DC
          Malicious:false
          Reputation:low
          Preview:@echo off..setlocal enabledelayedexpansion..set RESULTCODE=0..cd /d %~dp0..cd ..\PDSolutionBillBoard..cd .\DriverInstallerCyUSB3\cyusb3..call DriverInstallerScript.bat \q..cd ....cd ....dp_gpio.exe -vid 17ef -pid A38F -g 1..echo BeforePintoHigh:%time%..cd ..\DP_A2..::ping 127.0.0.1 -n 15 -w 1000 > nul..::echo AfterPintoHigh:%time%....if exist update.log (...del /F /S update.log..)....if "%1"=="0" (.. ping 127.0.0.1 -n 15 -w 1000 > nul.. echo AfterPintoHigh:%time%...echo /**********DP FW Update Start**********/...VmmUpdateTool.exe -s -fd -fr Panamera_fw_duce2_Ver5_06_000.bin...echo ResultCode:!ErrorLevel!......if !ErrorLevel!==0 set PASS=1...if !ErrorLevel!==16 set PASS=1...if !ErrorLevel!==17 set PASS=1......if defined PASS (....if !ErrorLevel!==0 (.....echo "DP FW Update Success"....) else (.....echo "DP Hub FW update is not required, the current version is equal or newer than the one in flash package"....). ...) else (... echo "DP FW Update Failed"... set RESULTCODE=99...
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):524288
          Entropy (8bit):7.112366203063038
          Encrypted:false
          SSDEEP:12288:iuQ/9r8uQ/9r2dyauyG6/eGjMDRg0efp5:SV4Vo1GeeGYDtefp
          MD5:B119FD65F1F18A74C23C42D6FC8F9F60
          SHA1:80616C7BBF79BBE4773E11DAE3B09933FE338E4B
          SHA-256:0B418670B1F2BA596CF71D86E708F5A88473473D75D3D692A355DCF31AA40382
          SHA-512:0D4B6BA9A849EF8D367FD3B0074C6BBFAE843DB1D9A16590045718C4D0AB1691A30699987449DBC37C9E1DC47EFADF9C111AF7D3FEFDCF658CFC1AA737660D76
          Malicious:false
          Reputation:low
          Preview:........O..0Na..+......x*..Q0.%.PT.K.................d..@A.&0..6.."!........;G.m... .....Non-PnP. ...... .................................................................................................................................. .......!......T....B..................................*?................ 8.....................!................................................................................................................................&?.&?&..-?..-.*amera_fw_duce2.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):3459072
          Entropy (8bit):7.0085907965019905
          Encrypted:false
          SSDEEP:98304:fVyDf40KKy9Z21K9ryrTOzO4loLrNN+csjcC/A2dmorcNL/IDVE:fQhKKya6bVcycsjcC/AwmorcNLG
          MD5:45A1880C194F28922726DA4E53CAEBBE
          SHA1:B778E3196DD2A729E6D9160A65C94D8DA194BD86
          SHA-256:53E97FEB5A80C2F65B7B8A8CD1219A178D3AD1FB3D5CB69FF1219DFCD9B52294
          SHA-512:9E45C2B9E4C92694DFF8CD36B7B7764BD5BF3C0A8673DEA2F8BF3ACAE5D9DF473F3762CB2B4FFF160BC2A83B6E9857B7D20BD894C607F1DD6F9911030C77B978
          Malicious:false
          Joe Sandbox View:
          • Filename: versionsfx.exe, Detection: malicious, Browse
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-...CL..CL..CL...L..CL..L..CL..L..CL.l.L..CL.l.LS.CL.l.Lh.CL..L..CL..BL..CL..#L..CL.l.L..CL.l.L..CL.l.L..CLRich..CL................PE..L.....W[..........................................@.......................................@..................................@..|.......Lp...................`..<.......................................@............................................text...C........................... ..`.rdata...e.......f..................@..@.data...$\...........`..............@....rsrc...Lp.......r..................@..@.reloc..$b...`...d...d/.............@..B................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):3393
          Entropy (8bit):4.9762900535913355
          Encrypted:false
          SSDEEP:96:VG6p8ajJ4fkWtLoFSJ77PfOEdGlbqETvAVzPbNlu8k:VPualgRtLo4JfWWoP
          MD5:9E5CAC7EEC87065BF5F26653390CE236
          SHA1:2C5BA499E1F15C121219382B22A2E47D1B66D8BE
          SHA-256:8FA42ED0B5B24EB3EA156AB9747D2ABDB60A939AD192499CF3D4D60222C4EE4C
          SHA-512:46D7261D09F4473D459B65A2B8B818C6CB103E2CB3205C301429D8C55FCEA3BD59493E9EBB1395A30F402CFFD3BF738EDC174E98D760838B6059591AF0B0588D
          Malicious:false
          Preview:Usage:.VmmUpdateTool.exe [-s] [-v] [-q] [-txxxx.txt] [-gXn] [-ncxx] [-fr] [-fs] [-fd] [-fo] [-fa] [-ixxx.txt] firmware_file_path...-s:.silent action...-i:.xxx.txt is file includes all the system ID. Only update the firmware to the laptop which system ID is in the list...-v:.get the current firmware version, the result will be saved on newer created file update.log...-v0:.get the current firmware version and return the version number in bcd format...-t:.Change the txt information show to the user. xxxx.txt is the file name of the txt file...-px:.Change the default folder (current folder) used to save the update.log file....-p1: save to C:\ProgramData\....-p2: save to C:\....-P3: save to C:\Program files....-P4: save to C:\Windows....Please note except -p1, the other -p options need run the tool as administrator...-r:.Registry accessing control....-r0: disable registry access....-rp: save the result in HKLM\\SYSTEM\\CurrentControlSet\\Control\\MST\\Synaptics permanently...-fr:.force rese
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):82
          Entropy (8bit):4.3041642430943625
          Encrypted:false
          SSDEEP:3:e6LV2vwWAC9SlCMKwVQQvzJHBZbovn:egVIbrolCMKUpByvn
          MD5:243BEA20F4EC7C695A5BDC895C2B8687
          SHA1:E282F569CAAEBFCFD82B66573EA90E33A451DAD7
          SHA-256:DF1BCDBC743A853C2A336B615D22639381122CB5FD0841615531AD9CFD894874
          SHA-512:8FF97D8E0B926A831685EC7771B02FD45399AA540CF92353D4191A3A11EB74792BD20AE1EF5DC1CAF334849AA0AD364E4AFB4867F6F8F3CCBB3AC791213A7D5E
          Malicious:false
          Preview:5.05.006..Firmware name: ..Original version: 5.05.006..Payload version: 0.00.000..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):129536
          Entropy (8bit):5.630465157315762
          Encrypted:false
          SSDEEP:3072:28c9QWWQ8o/KTdddzddd+dddBebJXcT4hkkp0YUrHZcwXa9Y:Jdddzddd+dddBebQYUraX9
          MD5:883996E63DCBE30B206A0B2C463EC676
          SHA1:E9C4AE8C49FBA90463824CEC250A034F79A6D725
          SHA-256:246D599476A07745278092A552FE2AEB71F70AC9417E8AA24942E8F6E092219E
          SHA-512:34591162369859D9225D7CC239A14C63C4D544A38D579AEEDF1F8CA51899DB8458387B60BEC2B7EAE9DBD208BE8A38F762897128760321B9B921805DEF65CB21
          Malicious:true
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......a.........."...0.................. ... ....@.. .......................@............`.....................................O.... ....................... ......P................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc....... ......................@..B........................H.......,....z......x.......X............................................0...........(....o....}.....(....o....r...p(....}.....(....o....r...p(....}.....(....o....r...p(....}.....(....o....r1..p(....}.....(....o....r[..p(....}.....(....o....ri..p(....}.....(....o....r...p(....}.....s....}.....s....}.....r...p}.....r...p}.....r...p}.....r...p}.....r...p}......}......}......}......}......}.....r...p}......}......} .....}#.....}$....(.....( ....(*.....o.....{.....o....(....o....
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):61764
          Entropy (8bit):4.526481696743544
          Encrypted:false
          SSDEEP:384:II0aQg6X23mhNfuPpu9Se7PDkuwbYFw7y5oD5p4oUvMoV+Z/QhwxHRQC1c+HZAxL:II0x23CNfEuHHuZgoUvtV+Zohw1RpAxL
          MD5:3E919ABA369EFC9B1CEF0F61DEAF01DD
          SHA1:AF9BD448DD96231B0D8ED53471566DC1D2CAA392
          SHA-256:159082965CDC4A668DD7452807DD96F0A4808B4D9A0DC0D7402028BCE57CE519
          SHA-512:99029560550B25922475A24D1A49875D26B9C9DD1CABCF705F971DADB0DE0E259D0655025EBE7EE53A7090E585B027BD9F91B3D7F37678D97806AC47F217BF66
          Malicious:false
          Preview:..@. ..8................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):61764
          Entropy (8bit):4.601865106610293
          Encrypted:false
          SSDEEP:768:1QBLFKBMZM71px5Xif52Rv7+ZIDeEBeraAk:GJFKdayCE0U
          MD5:4A4628F4AEF8169BB8542579C7F5658B
          SHA1:8D59A3E016CBB54F45D09E28FA793D259A43E8CA
          SHA-256:CBA7456CD3C6F7A5A1C6F6A1BA9A9953EEDD6A3DDFC75E4EBADDE91553074179
          SHA-512:2E700E2FC94C340E47854A4A9E6C82876A438FE91E2A13DA96793903148605C37AF1A6318A85EEB4BD60AAEBE306E449A9F80CA8139FE7A0C49976F0301259B6
          Malicious:false
          Preview:..0. ..8.......................T........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):90944
          Entropy (8bit):6.511730770281231
          Encrypted:false
          SSDEEP:1536:R3URGiysLVDAX13eBp7VDgWJ3pdOP/Jh5P0qyb9e99:oaC2wgXn5P0Hb43
          MD5:C1AE65D5403730069A344D1F388C6CFB
          SHA1:F373B3BCF50FFF4FA7F06536A8F90573A13D11E6
          SHA-256:8B25C3A7EA6AC9015D47A27B47610CD93466CD42EBD459EF16AC09DF6064A278
          SHA-512:B4F8224AFEB6FE7613D034A1815038CBB625E265CCBA181B8E0D77B43B587649F24DBE923BF4030BB3349718C2631B33328A6734E888BEAA57E0B1D14C942437
          Malicious:false
          Joe Sandbox View:
          • Filename: versionsfx.exe, Detection: malicious, Browse
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................t.....b.....e....(...........k.....u.....p....Rich...................PE..L......].....................j....................@..........................p......D.....@.................................\...<....0............... ..@C...P..........................................@...............L............................text...X........................... ..`.rdata...+.......,..................@..@.data....-..........................@....rsrc........0......................@..@.reloc..~....P......................@..B................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):26000
          Entropy (8bit):6.372091847224071
          Encrypted:false
          SSDEEP:384:0jHpC8DORqCCYz4GUHR8huEcS8LaTtp4CKwZLKQx3HcHiWPFRP6ljka:0jHpC8DO/3BaRccSlT33bRd3cHHVa
          MD5:2CB4E087EB1A131C362A47AEFD5303F3
          SHA1:01774D56A4053CC4A5A436D5EDE1410F3807EB00
          SHA-256:FADB77635C66607ADD74F5D6C5D53B896FB6CB4B0696253010E4BE5E73CBA48B
          SHA-512:E0D2895D630C92DF987E32D250A2EBD1F098A9BE65C2AEE80DC6B55614747C87CF4BFA25C0BCA4A89CBE026AB40C3F60F68BD191A43B5BC31A71AF9E75884792
          Malicious:false
          Joe Sandbox View:
          • Filename: versionsfx.exe, Detection: malicious, Browse
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................w.....f.....`..........p.....z.....g.....b....Rich...................PE..d.....:].........."......6..........L7....................................................@.......... ......................................4>..d....p.......`..D....D...!...... ...`................................................... ............................text...z5.......6.................. ..`.data........P.......:..............@....pdata..D....`.......<..............@..@.rsrc........p.......>..............@..@.reloc..X............B..............@..B................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):24464
          Entropy (8bit):6.558966602070733
          Encrypted:false
          SSDEEP:384:y6YpbRjQy1hJyhq6Ur7+G6etKxOtQAEKro13CRGI3k0iWPFRAd6ljD:y6YpFQy1PywD+OVtQA/gC4IU0HT
          MD5:5D39CA520839D6621FF078334F76FF5E
          SHA1:F4F725634F5466AC1F44633323EE1484DF8FCC29
          SHA-256:9D0358F87FF1DA971ADFEFB50D1EFFFF1A37EB14B3378D5E027CEFD580445ACB
          SHA-512:6DDB04DF47F2E67A303AEB65F72FA2C6917C4FAA367CF42B819C31EE9B3B2DF00ACB425853111632491F9C5071AE3793803E1E4CA2CAE6E34F4E957B61837943
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o1g.._4.._4.._4.v.4.._4.v.4.._4.v.4.._4..^4.._4.v.4.._4.v.4.._4.v.4.._4Rich.._4........PE..L...p.:].................0...........3.......@...............................p......R.....@...... ...........................8..d....P...............>...!...`......0...............................x...@............................................text..../.......0.................. ..`.data...x....@.......4..............@....rsrc........P.......6..............@..@.reloc..b....`.......:..............@..B........................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):26176
          Entropy (8bit):6.710157001650457
          Encrypted:false
          SSDEEP:384:WKhgG50HMBCa071IcnYPLFIFgRKtURoO9XqFRgegl98+:WK7CMkaatAWy8t8
          MD5:2BC68856E9C2C314028FCF31DA1172ED
          SHA1:F90359E43F9A6A3D9775DB40323BD03C66FB1137
          SHA-256:E896DD17AE2291DBFFF3622D1D4486A0FCA8ED8293A577B91A258C7B969391F8
          SHA-512:6CA2C6E7ABB0168F8028019B4C088EA9807E59EAEFBF4BAB628E6C8E30C5C26F961A734014F97B46B1B72AE33C2587493E3DB44C7D5497C6137C7436F1BE2E23
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k,}./M../M../M../M..4M..&5..,M..&5..,M..&5..,M..&5...M..&5...M..&5...M..Rich/M..................PE..d...;..\..........".................dP...............................................}.......................................................P..(....`.......@.......&..@@...p..<.... ............................................... ...............................text...1........................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata.......@......................@..HINIT....&....P...................... ....rsrc........`....... ..............@..B.reloc.......p.......$..............@..B........................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):81696
          Entropy (8bit):5.983541064766677
          Encrypted:false
          SSDEEP:768:zMy5ZvUFT1hN9XavSH1j03Atz1tr2evxHs4gZWklMSsKDCHkoxLjG:Y+UFvNfw3AtxtrnxHeWIMSs2IkUjG
          MD5:15196527273B50E60D564BFA15B0EA90
          SHA1:4A5DF9D6E2CD920DB4CCB33834D6F91A32AE8426
          SHA-256:610B6F5A2D22F38565DC35296F9A8E9D66D1005EE41BA2FEBF62B2A8096C7793
          SHA-512:F793F93990E924241935AED6290D77B71D44098F4DE978501205221AB1022A16D347F7184649A83700581D04441358D62BF9F3D87AD4108B94434AE1FA551A02
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..h2s.;2s.;2s.;...;0s.;...;9s.;2s.;\s.;...;=s.;...;1s.;...;3s.;...;3s.;Rich2s.;........................PE..L....Z@.................P...........Q.......`................................................... ...........................S..x....p..8............... e..............................................@............................................text....O.......P.................. ..`.data........`.......T..............@....rsrc...8....p.......V..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):26000
          Entropy (8bit):6.374473740719878
          Encrypted:false
          SSDEEP:384:CjHpC8DORqCCYz4GUHR8huEcS8LaTtp4CKwZLKQx3HcJiWPFR6A6ljx:CjHpC8DO/3BaRccSlT33bRd3cJH6V
          MD5:F55E6E8B5C656AD8AF80FB0B2764974E
          SHA1:61B9DE0E7DA30FA7EB36B5A28BF52D03FF581EE1
          SHA-256:F610BF885A0395ABB83A2DAD64A7332D8FE9D36AD2A350659E56651EE13F12C1
          SHA-512:262E72CBF497100284C0AEB881D8459D47EC7384D499EE35A1BDFB03484887194F67DBE85C403C31024FBB951C5849712FF2B7DCF667927DF9EE654C06215CDD
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................w.....f.....`..........p.....z.....g.....b....Rich...................PE..d.....:].........."......6..........L7..............................................+.....@.......... ......................................4>..d....p.......`..D....D...!...... ...`................................................... ............................text...z5.......6.................. ..`.data........P.......:..............@....pdata..D....`.......<..............@..@.rsrc........p.......>..............@..@.reloc..X............B..............@..B................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):24464
          Entropy (8bit):6.5590890877774966
          Encrypted:false
          SSDEEP:384:ySYpbRjQy1hJyhq6Ur7+G6etKxOtQAEKro13CRGI3k0iWPFRAg6ljaz:ySYpFQy1PywD+OVtQA/gC4IU0HR
          MD5:BCFF9AD95DD5BB514942FA1686830ABD
          SHA1:E1B047D46A41D2F56C3A975B4C112490E7C519BB
          SHA-256:EE201E6AFD9661F52F97A40F100002F8E261468180CE53166AA3E897C8B5520E
          SHA-512:16308FFE5D9E700E8638890C0029BFD7B42B8112B55B885FA4080DCE40C22FC0AC98D5A31BC48C4F39B20D5A932BF2F711543AD9B7B2A8FA28CF1FFBB55368B6
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o1g.._4.._4.._4.v.4.._4.v.4.._4.v.4.._4..^4.._4.v.4.._4.v.4.._4.v.4.._4Rich.._4........PE..L...p.:].................0...........3.......@...............................p............@...... ...........................8..d....P...............>...!...`......0...............................x...@............................................text..../.......0.................. ..`.data...x....@.......4..............@....rsrc........P.......6..............@..@.reloc..b....`.......:..............@..B........................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (native) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):23616
          Entropy (8bit):6.833938105449012
          Encrypted:false
          SSDEEP:384:zViVmK1OnYPLFIFgRKtURJITFRHbRFOMgKl9gax:ZglOAqHbvgm
          MD5:37BBAA65D3D0CC0E62067EFF2779B324
          SHA1:C577FB873A7DA6A124EFA409A2A3EBE33A6EC1B4
          SHA-256:667CBBE9215726A42649ED4692F215CB5D16185DBD8FF9CC43ABAA32FEE766D6
          SHA-512:6FA768348D0C07FB3AFB93EC212B3CC570D9C721822176F981AE38AE8AF20B60D74B1ECE41A8C9C17489382C7114EC97ADFE2102F385F0127D31BBA6531E5425
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5..[..[..[..Z...[.....[.....[.....[.....[.....[.Rich.[.........PE..L...c..\............................>@....... ...............................p..............................................P@..(....P..................@@...`......` ............................................... ..\............................text............................... ..h.rdata..a.... ......................@..H.data........0......................@...INIT.........@...................... ....rsrc........P......................@..B.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1047
          Entropy (8bit):5.253846038048522
          Encrypted:false
          SSDEEP:24:wq6NzAmOX/Sr3baZF9bIG7PB4hAmEeMZPJ7RL7zoL9bcN4OP1kKDS:8ANL9VOAXZBRQSl9kZ
          MD5:2A7F3D4FA60325D97009338838AA4C02
          SHA1:9ECCCE4711F71A081B8776F124461EFAB2539A1A
          SHA-256:0C93C495F9647789F2D4DAB7704C8CB9CD29819B98902A48C502C70D83D5F349
          SHA-512:7C2EEA90BD2D29C0A706CA7E1A14B43B79B74BA850921520A6E66F6B749F0DD5B3DD524E10BC7A0D5D3F5A6877C38722F0E78D1C370D15BDF7E3732796F59FF2
          Malicious:false
          Preview:@echo off..setlocal enabledelayedexpansion..set RESULTCODE=0..cd /d %~dp0....if exist update.log (...del /F /S update.log..)....if exist Version_HubSPI.txt (...del /F /S Version_HubSPI.txt..)....if "%1"=="0" (...echo /**********USB FW Update Start**********/.. HUBIspTool.exe /AFD.. ping 127.0.0.1 -n 15 -w 1000 > nul.. HUBIspTool.exe /DUD >> update.log...echo ResultCode:!ErrorLevel!.....if !ErrorLevel!==0 (... echo "USB FW Update Success"...) else (... echo "USB FW Update Failed"... set RESULTCODE=99...)...echo /**********USB FW Update Finish**********/.. HUBIspTool.exe /RFD.. ping 127.0.0.1 -n 10 -w 1000 > nul..)....if "%1"=="1" (...echo /**********USB Get Version Start**********/.. HUBIspTool.exe /FWC >> update.log...echo ResultCode:!ErrorLevel!...echo "Get Version :"...for /f "tokens=1,2 delims=" %%a in (update.log) do (....echo %%a...)...echo /**********USB Get Version Finish**********/..)....::HUBIspTool_Console.exe /R..::ping 127.0.0.1 -n 10 -w 1000 > nul..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):90944
          Entropy (8bit):6.443133094217369
          Encrypted:false
          SSDEEP:1536:CKWVQN7YEGHI8MxSDDaUS43+n4epy52Hlt/:7uEGHDC4H5alF
          MD5:CC3E8CFDC684EDF492A084E74222D191
          SHA1:C8DE2D2B0E825A2BE332A681E30C6E1393FC0A33
          SHA-256:9E9FC28E5CA699BEA186F35EC8589ECE702EB1970BBA2193B2E6BDC469277B91
          SHA-512:FFC48F11197442B210BB38662FA22F52ED26D806D20FBE740A86AA3544F9D54B77497FDD3C471B87E6901B511CB4E407484F3D73CAC38FB4573D6713F92C7455
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.e.2.6.2.6.2.6.J.6.2.6.J.6.2.6.J.6.2.6...6.2.6.2.6.2.6.J.6.2.6.`.6.2.6.J.6.2.6Rich.2.6........................PE..L...?..\.....................j....................@.................................(.....@.....................................<....@............... ..@C...`..,.......................................@...............<............................text...9........................... ..`.rdata..>(.......*..................@..@.data... 3..........................@....rsrc........@......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):90944
          Entropy (8bit):6.445580625110277
          Encrypted:false
          SSDEEP:1536:jKWVQN7YEGHI8MxSDDaUS43+nPFpy5b0d8:AuEGHDCPW5wG
          MD5:BEA7E095A0D6EF89BBACDAACB30E3C1A
          SHA1:546D5F6AC77B6CA919864E39B88CC74E8F118543
          SHA-256:006B2C457B3A547C666E5E8A54DB135E670B1B0FA7B5568B25C2BFB85DF80951
          SHA-512:4174B6DA5CD923472F5AB1FFF2EA7CF837A72BD19DF82C87E588285CAFEE6CF9C9B027B66493CE4C53A4CE204D1BEBDC75ADEA02F98D6BC17B14F8438F6CB0DB
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.e.2.6.2.6.2.6.J.6.2.6.J.6.2.6.J.6.2.6...6.2.6.2.6.2.6.J.6.2.6.`.6.2.6.J.6.2.6Rich.2.6........................PE..L......\.....................j....................@..................................u....@.....................................<....@............... ..@C...`..,.......................................@...............<............................text...9........................... ..`.rdata..>(.......*..................@..@.data... 3..........................@....rsrc........@......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):142752
          Entropy (8bit):6.690660231717028
          Encrypted:false
          SSDEEP:1536:Y03HKNsbztP2NJXEc/yUlrhFB6CHJGMlL9/tdoZS3KCT8iof8njKh9G+Mipl9F/H:Y4lxP2NJ0c/7F6CHoquwQ/hs8nX5ySBH
          MD5:34A9E805684DCB5281DAB14CCF24239D
          SHA1:C93D9B622D7B1B7A950EC41D340495DD2F87855F
          SHA-256:BD4E90BC6FE53E014E8B27CAF48B71C0DB681E6CD24B85657516E4F403BD7CD0
          SHA-512:6FC03CE0C07B6AFF85ED43259916895D131C9B8CA74489899692374A2F68835757018F7E6BC747FD2B5C5BCCB429F587AAEF34C1984498D6BBA8146509B0DCEA
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#.{M..{M..{M.....{M.....{M....%{M...6..{M.....{M..{L..{M.....{M.....{M.Rich.{M.........................PE..L...T..^............................E.............@.......................................@.....................................d........................!.............................................@............................................text...#........................... ..`.rdata...M.......N..................@..@.data..............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):82320
          Entropy (8bit):6.262246782656082
          Encrypted:false
          SSDEEP:1536:cxG1MX9YcTFgqn4pLf2O3xm3TfM9f5Dbr:62cTFVQhkM55nr
          MD5:D570F5954480675F09262068DFBB990E
          SHA1:CEAA7FFE1D0198D7C5A1340268D71A6703839D43
          SHA-256:CA02975B1CD27AF0C3F0C48EF34F812D761CF1E7E832BAC5F0656549D050E7FE
          SHA-512:9DF5602F8F4A5D6F038FA8E592097DD8700C19DE9E5B1535662DF6B11D1323029A702B146FE862691A2753E319F82FC32875CE55535D0EDE0DA038C9135269EC
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.e.2.6.2.6.2.6.J.6.2.6.J.6.2.6.J.6.2.6...6.2.6.2.6.2.6.J.6.2.6.`.6.2.6.J.6.2.6Rich.2.6................PE..L....N.\.....................j....................@..........................p............@.....................................<....0............... ...!...P..(.......................................@...............8............................text............................... ..`.rdata...(.......*..................@..@.data..../..........................@....rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):90944
          Entropy (8bit):6.441207769019443
          Encrypted:false
          SSDEEP:1536:/xG1MX9YcTFgqn4pLf2O3xm3TfZ1f5NtUek:n2cTFVQhkZR5DUB
          MD5:7E3A5D28D304AFE7BC4845E0BAE75B5B
          SHA1:6CFF43737EF4AA408926B17BE2B207AA1B7A5836
          SHA-256:FE1C74F97F1B2FC0031B745075DA49CDF90933DF274089021585192908F3AE06
          SHA-512:67868E52B4A58E2C0D582D1F705B2046402DF2429A38F6DDFB8B159E42C70055633B9E8F1DBC686F6848C914F75FC5DB86B58260B28DCCFD28BF1376769785A5
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.e.2.6.2.6.2.6.J.6.2.6.J.6.2.6.J.6.2.6...6.2.6.2.6.2.6.J.6.2.6.`.6.2.6.J.6.2.6Rich.2.6................PE..L....N.\.....................j....................@..........................p......_X....@.....................................<....0............... ..@C...P..(.......................................@...............8............................text............................... ..`.rdata...(.......*..................@..@.data..../..........................@....rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):73728
          Entropy (8bit):6.015608498376334
          Encrypted:false
          SSDEEP:768:9kxGmAP5MzT9Yd+TFNOqAGDspLf8fO3XPTomm3TfMCGgHB8g52qa:OxG1MX9YcTFgqn4pLf2O3xm3TfLHf5
          MD5:3E17AC8A93690365547AD7963C3AB05E
          SHA1:7C2DCFF1D07448F23EAD5A89DFB61B47EEFE43E2
          SHA-256:019320B5F8DFB5DBCE60392E2B3F233FFE67D1339EF146E3878F7F15A84EA1C1
          SHA-512:415004AA339106CF72EE7A18331538D846325C816DE3050C5FCC2071CA9864AB6C666887435E6C86445B75B3F548D65FCAA85701C8A587735A483EDF2C0F0312
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.e.2.6.2.6.2.6.J.6.2.6.J.6.2.6.J.6.2.6...6.2.6.2.6.2.6.J.6.2.6.`.6.2.6.J.6.2.6Rich.2.6................PE..L...S.l].....................j....................@..........................p......m.....@.....................................<....0.......................P..(.......................................@...............8............................text............................... ..`.rdata...(.......*..................@..@.data..../..........................@....rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):90944
          Entropy (8bit):6.440453234950843
          Encrypted:false
          SSDEEP:1536:+RG1MX9YcTFTakopLfN3Bm3TfnEf5UMdS6:82cTFGjRknY5no6
          MD5:8AFA529D76EB4C8A38E5AC624877AC4C
          SHA1:A537983505C4108E0D4B386E1E217D699AD74FFC
          SHA-256:DF323CFFE12BE0CBA967EA9C67B3BC477612D2B408F04BC633CCDD52B3C46AED
          SHA-512:BAED64D6D394FE46307CBC0744A7BA25473EDA7FEAA7789D238530FAE2CD566582750213A2A1F677F9CB3A6CAE15EB5F26BA0D77951B68F2518242380AAD9F0D
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.e.2.6.2.6.2.6.J.6.2.6.J.6.2.6.J.6.2.6...6.2.6.2.6.2.6.J.6.2.6.`.6.2.6.J.6.2.6Rich.2.6................PE..L...lW.\.....................j....................@..........................p.......,....@.....................................<....0............... ..@C...P..(.......................................@...............8............................text............................... ..`.rdata...(.......*..................@..@.data..../..........................@....rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 950, Author: user, Template: Normal.dotm, Last Saved By: Nick Liao, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 06:00, Create Time/Date: Mon Jul 15 08:27:00 2019, Last Saved Time/Date: Mon Jul 15 08:33:00 2019, Number of Pages: 2, Number of Words: 496, Number of Characters: 2833, Security: 0
          Category:dropped
          Size (bytes):47104
          Entropy (8bit):3.8994401857498326
          Encrypted:false
          SSDEEP:384:hV2Rvk1cvuIxntUm4/pZxo777jvlf9dcniSDzLlJsiskWpX9VXwkjk0V2id2PftG:hVwk1cv+m4/3xsvkz3loFstbD2xz99
          MD5:D3CC809D13F604030EA03578E32C49FF
          SHA1:80B895FED933283E2F0022231862EFB213A0B3F9
          SHA-256:C347B883C6B5C5FFC96890612596135E4D27B262C2616C028929164013A70DB2
          SHA-512:81A5B87572629E03754FF7649B19A2E65330B24676F9267AA30C92CD7D61B472F4F0F56AA3AD1E486F996A110D8AE2B0797859C947BD874753D7DE735C877E0F
          Malicious:false
          Preview:......................>.......................U...........X...............T......................................................................................................................................................................................................................................................................................................................................................................................................................................................a......R......................bjbj..........................82..x.Ebx.Eb..............................................................................................T.......T.......T.......T.......T.......................h.......h.......h...8.......T.......$...h.......Z>..<...........................................L.......L.......L........=.......=.......=.......=.......=.......=.......=..$....?......LB..D....=......................T........"......................L.......L.....
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):546
          Entropy (8bit):5.148463017194337
          Encrypted:false
          SSDEEP:12:awquI6LYgX9roe1gxfMANWr3V6X6Osby/16v76+oGq6yrG/16/ca7hMw:A1A98e1WfMAor3oXT2yIjrAzrGI/J6w
          MD5:EEC89B4B14A4A4CEE2603783C2206A62
          SHA1:4E2802EF6327BE05ABAD4D6C38E8D5F9ABEE2CCB
          SHA-256:491084ED9CECEE4915070C3C7BB626C123C698D8FB3370190A1F58A9B961A331
          SHA-512:50FFEC31D5C189D8D29E6C85713F7A9C7E08170200FB865D752D24F0CED8F77088333390346AFFD78B9DAFF2E63401B0E9ADC98AEE990C248853BB0E289AA1CE
          Malicious:false
          Preview:[Misc]..ReturnLog=1..DefaultBlockUpdate=0..ResetEnable=1......[TargetID_U3]..21098110=0D12..21090813=0D12..21090210=0507..21090817=0538..21090820=0518..21090821=0518..17EFA391=0518..17EFA393=0518....[TargetID_U2]..21092813=0D12..21092210=0507..21092817=0538..21092120=0553..17EFA392=0518..17EFA394=0518....[HUBModule]..HUBNumber=2..NO.1HUBWantUpdateBinFile=VL820_Q7_0D24_Wistron_Lenovo_LDC_G2_Tier1_20200103L.bin..NO.2HUBDepth=1..NO.2HUBConnectionPortIndex=3..NO.2HUBWantUpdateBinFile=VL820_Q8_0D23_Wistron_Lenovo_LDC_G2_Tier2_20200103L.bin......
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):297888
          Entropy (8bit):6.274902437000946
          Encrypted:false
          SSDEEP:6144:q2CbI9V6Et8yniIbwmwjVVlqJ6Wo9+v3f/qHfomOctor5N9D:ycZwmwY6WEOcI5N1
          MD5:F65185C33D0F5B3C06437F2588B48138
          SHA1:13CDF1F187EA6FA202C3C779B34D02AF724EC69D
          SHA-256:5B5D6051D8B863BD833D750922949EEB976BBD8957A2CFBD61E166AB01D07E7B
          SHA-512:F7BB3936E656CAAE36116B77F04FC167779A3179FBF78A62816E1BB6919933352381BE0ABAE5C8C702C230A2EF9D3DBB04B02DD2B8AAFEBA3F0A607FAF357281
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*.K.*.K.*.K..K.*.K..K.*.K.*.K.(.K.RvK.*.K.R`K.*.K.RgK.*.K.xgK.*.K.RiK.*.K.RqK.*.K.xwK.*.K.RrK.*.KRich.*.K........................PE..L......^...........!........................................................`............@.............................(....t...........W...........j...!.......)..@................................N..@...................4t..@....................text............................... ..`.rdata..8...........................@..@.data...<........ ...z..............@....rsrc....W.......X..................@..@.reloc..zv.......x..................@..B................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):89
          Entropy (8bit):4.8842848762047675
          Encrypted:false
          SSDEEP:3:nRl6AaJAbQYFmzfTyl2WWUJy2RyXeRv:nRlr5QoC7yTT6ORv
          MD5:65DFA831FF1FA8EDCC3248EB25957CF2
          SHA1:B75E2E48767B22DBA01B5969B38F801420265017
          SHA-256:F4A777F33922CAA5088BE4722AD6790BB781575CD6D47264BD40006012FC6ECA
          SHA-512:400EC1121E49BCC18C44B3F63AEE99308CF91978B764930A4B5CA3AA85ED0E45FFA532350ED4F21944FF6A3827B2D341087E04765345DD9C40AA57EE6B0AF5C5
          Malicious:false
          Preview:[Result]..Get FW Version of Chip..Hub[2]_FW_Ver=0D23..Hub[1]_FW_Ver=0D24..return code=0..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):4651
          Entropy (8bit):5.418298299756232
          Encrypted:false
          SSDEEP:48:DmWdBWC0Spu1PsbfQtBVvtC/htNorGxqQtGVoC0tWUMPw9CGRSAf5PSQ6YJCiht3:DmWdB7gkgkoaxEFUMPwk2PLCrFwBww
          MD5:DF257237DABD8C474E7FCD6043D35973
          SHA1:EF9B5A2A5A4A1F15D8106E1D101B93CC4FC97339
          SHA-256:6E1CDABA456B6F6BD2FD49FCBDF5815796BF0FAA3E5181CB2D7DAE0662B6BE9F
          SHA-512:BC63D0259A9F8615A68B2CAAFC049CC8C39507235C7FBBFA85CB7E9DBD4DF2039C8A672A0ABCDC335E9741084C8AC9BE6F63DD78B9BA79A0C544A42E73869796
          Malicious:false
          Preview:===== API Version: (V0.3.6.8) =====..OS system: WIN8 WIN10....EnumHubToGetFWInfo..->GetKnownHubs()..GetKnownHubs->DevicePath = \\?\pci#ven_8086&dev_15ec&subsys_229f17aa&rev_06#cb96e80a05b7d00000#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}..System name is {36fc9e60-c465-11cf-8056-444553540000}\0001.. RootHubName is \\.\USB#ROOT_HUB30#7&30368eca&0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}..->GetPortData with HubHandle = 1e8, HubDepth = 0, PortCount = 4.. Port[4] Hub connected..Display Device Descriptor.. bDescriptorType 01.. bcdUSB 0310.. wVendorID 17ef.. wProductID a391.. wDeviceID 0d24.. iManufacturer 01 = VIA Labs, Inc... iProduct 02 = USB3.1 Hub.. Store HUB[0] - VID: 17EF, PID: A391, Ver: 0D24 USBMode: 3.. [0]ConnectedHubName is \\.\USB#VID_17EF&PID_A391#8&3a90e49a&0&4#{f18a0e88-c30c-11d0-8815-00a0c906bed8} ..*** get_HubNum++, total get hub: 1....->GetPortData with HubHandle = 1f4, HubDepth = 1, PortCount = 4.. P
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):819
          Entropy (8bit):5.4155621282886095
          Encrypted:false
          SSDEEP:12:2xXUgfVoGoTc4BSnCJVkUYgXFuxNowIFH0by/io76+gqIzG/iaca7hMABGh9TF:4Xh4seLFyNIkyK4rlYGKaJ64GTTF
          MD5:73F58E6F8915EA4F39EFD8FB68588C95
          SHA1:5C6EF1ECA20EAFDB18D95F01B769FA32B302633E
          SHA-256:1477BC744CB1D62D99F09762F97010DD3825DA8E4B068599A4B184C6E4483CCE
          SHA-512:2982B0FFC880EBAF06E3EAE7C5B51245B5BF2F4B0DB09AB9063ED5FA21B157FAB8D21327E716E3EA11267216E497B8E19CB539AE7703A22A8F3A4E3A588C1DC5
          Malicious:false
          Preview:===== Tool Version: (V 2.3.6.8) =====......LoadFunctionSetting()..argc: 2..argv[0] = HUBIspTool.exe..argv[1] = /FWC..--------------..---3. check Hub SPI FW version..3. DoGetSPIFWVersion()..1.2 LoadIniSetting()..DefaultBlockUpdate: 0..ResetEnable: 1..21092813=0D12 2..21092210=0507 2..21092817=0538 2..21092120=0553 2..17EFA392=0518 2..17EFA394=0518 2..21098110=0D12 3..21090813=0D12 3..21090210=0507 3..21090817=0538 3..21090820=0518 3..21090821=0518 3..17EFA391=0518 3..17EFA393=0518 3..2.1 LoadHubFWSetting()..HUBNumber: 2..NO.1HUBWantUpdateBinFile: VL820_Q7_0D24_Wistron_Lenovo_LDC_G2_Tier1_20200103L.bin..NO.2HUBDepth: 1..NO.2HUBConnectionPortIndex: 3..NO.2HUBWantUpdateBinFile: VL820_Q8_0D23_Wistron_Lenovo_LDC_G2_Tier2_20200103L.bin..2.1 EnumDevicesFW()..DoGetSPIFWVersion() dwError: 0....Final Status: 0x00......
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):148
          Entropy (8bit):4.797315182878996
          Encrypted:false
          SSDEEP:3:rzA/BfeUgzVAJiJJjhFJXWcQjyFsbQmyXjAVAJjBQYY5FJXWc2bQhy:GftqJj8bQmyXvjSYtxQQ
          MD5:B3EF7B1E755286E221853557E3476493
          SHA1:AD658AAEAE0880A021BB628F6B04335435604F36
          SHA-256:A7811F7D21934B33583245E5760E07C2B23EB6F11593B10CA29DC1557A327819
          SHA-512:B78300A380C46872C794C0100366F42EA4E077C58E7CAA0993F56288AD56F7C1ED6F96D7A3C9F383B2365E0B19EA6CD200ABAAE3C71919CF5626076D9BFFB8AC
          Malicious:false
          Preview:2 devices found:..(1)Device, Depth = 0, V/PID = 17EF/A391, FW Version = 0D24..(2)Device, Depth = 1, Port = 3, V/PID = 17EF/A393, FW Version = 0D23..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):289074
          Entropy (8bit):3.2972149911721136
          Encrypted:false
          SSDEEP:3072:8QHZfacoa0A+zXQkLeMgy/EInml4UE6EKr5D:86foa0A+jQkL7gOEInHUESD
          MD5:77BAF5F1CBB3321324303AFD31ECDF92
          SHA1:7432E4B1A390C8D85180B6A98A14CC5FC3073200
          SHA-256:BC7022644D0D9A0EA1DF358794B6161F0351EA0731916371204F7FA9A413EAB6
          SHA-512:43895518B90AF1EEBC39E5E2FD002367BAEE89319D846574348D238A71B16D0EEF0617C39504741EDEF6A85460D5210CE81ECA7B0BDCF3F6D587AD55F2CE46B5
          Malicious:false
          Preview::400000000020002011000000050A0000050A000070B51C4A1C4B1D4D1A601D4B1A681023134000D12B602B68802B29D1194B1C7AE4B2012C14D90021052000F0FFF901217D..:400040000400052000F0FAF9E4B2C0B2002C03D0041E05D0032403E0441EA0410224241A0023210002202B6000F0E8F9002807D0012C05D82100022000F0E0F900F032FAD2..:4000800001F056F86588EDAC38000340880000205400034094000020000000000000000000000000000000000000000000000000000000000000000000000000000000000D..:4000C00000000000000000000000000000000000000000000000000000000000000000002B040031646D0100AF11021F0000000000000000000000000000000010B5064CD6..:400100002378002B07D1054B002B02D0044800E000BF0123237010BD080100200000000034120000084B10B5002B03D00749084800E000BF07480368002B00D110BD064BCD..:40014000002BFBD09847F9E7000000000C0100203412000090000020000000001823F0B54343184C0500E3189E689A8A002E02D10E70300024E0144B8000C758C2239B0082..:40018000F8581F231840031C082800D908239BB20B70182169436118D31889899BB2002099420DD3D0218900934204D97858B054013292B2F8E7182045436419A2821738B1..:4001C000F0BD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):85915
          Entropy (8bit):3.6028815112683343
          Encrypted:false
          SSDEEP:1536:vCWaV+70OcmuDQp4fSj2G3+sWFfF2OZxNQZe9q0EbjnXuGACSxaGBo4:vb7aOFv+WXuk4
          MD5:72C81768E1A0F0CA614B64A77451EB84
          SHA1:FC275A544833E2893B354B44E03AD580B7D88C3F
          SHA-256:B2793BABA331AC6374553E2464D715CF7947FE4656F6D6BE51A80AD055750C0C
          SHA-512:6E44CCF1592B1AE0936F399AF440D8A47A6B9E216E753F5FAB3F21DBFF05D10E5B34267BA0D9B218E76BD4460542DEEAF10E9C48C0A14177111F894808A150E5
          Malicious:false
          Preview:1F0011AF0000..:00001401000020002001190000E1550000E15500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074060132646D0A00AF11021F0000000000000000000000000000000000000000BC..:00001501005943040500200004F237B4040100020000020B000000000000000000000000000C02180024021000340218004C0218000000000000000000E803000000000000020002000000010001048F0581070100010001000000000000000000000000002C91013E2CC103002CB104002C4106000000000000000000000000000A90012E5AD002005AA004005AB004005A400600000000000000000000005A005A005A005A000000000000000100640268027002740278027C02880200000000000000000C00000001000000A80200009802000000000000000000000000000000000000
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):119116
          Entropy (8bit):3.648905605736743
          Encrypted:false
          SSDEEP:1536:/YVqiJ+cNqqVpd4OyIgCXM+lGCFJ1MBHkNbCU2hV2oVRganP77FreTX9OrvlmV4h:u+EH5Rlbf2h/DFWxJYrXrQi
          MD5:418556B4841B07BF5D51C53DC8DFD267
          SHA1:35DBDFAE006643533755CB2199090E8A66E5851A
          SHA-256:B59B98009101984AF56CCA2195B64897D65A490F4D706F6C82890DDA196A4BB2
          SHA-512:9062E68CA927EE297295E752909E915640B07199B0CA5E662894DF23E076D0301FC51A2850E040AC34B2C8608A0B7D14B9149E9C0DE4F5F59D6000A02BC44C3A
          Malicious:false
          Preview:1F0011AF0000..:0000BD01000020002001C2000021920100219201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074060132646D0A00AF11021F00000000000000000000000000000000000000006E..:0000BE01005943040500200004F237B4040100020000020B000000000000000000000000000C02180024021000340218004C0218000000000000000000E803000000000000020002000000010001048F0581070100010001000000000000000000000000002C91013E2CC103002CB104002C4106000000000000000000000000000A90012E5AD002005AA004005AB004005A400600000000000000000000005A005A005A005A000000000000000100640268027002740278027C02880200000000000000000C00000001000000A80200009802000000000000000000000000000000000000
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):85915
          Entropy (8bit):3.5994862349010126
          Encrypted:false
          SSDEEP:1536:gCU4GsPE4F9hTPSCAJSHjXY7FoIoHU0axAcnK8t5zXL0nmk8xDptq1Je+:gUmSzYNNR3O0wvx
          MD5:CA69A572CA991B5367F770D3FCB65C28
          SHA1:EBE139CED8FA964FBCDC8A3F08B02599DF9AE6BA
          SHA-256:DB7531844136EDAE309E9E989F79F992049CD6A8FC4340FB58FDBE4DEA303D5B
          SHA-512:C96DF75AD996746FAA7996DB2FEED5BC5610186C3C9B45588216EB3D00EA8BA737B09722734B153C0C5949055215547949A5F2A5C96D0870C7E86C0311382AED
          Malicious:false
          Preview:1F0011AF0000..:00001401000020002001190000C1550000C15500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074060132646D2200AF11021F0000000000000000000000000000000000000000E4..:00001501005943040500200004D737B4040100020000020B000000000000000000000000000C02180024021000340218004C0218000000000000000000E803000000000000020002000000010001059F0581070101010001000000000000000000000000002C91013F2CD102002CC103002CB104002C41060000000000000000000A90012E5AD002005AA004005AB004005A400600000000000000000000005A005A005A005A000000000000000100640268027002740278027C02880200000000000000000C00000001000000A80200009802000000000000000000000000000000000000
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):124913
          Entropy (8bit):3.653994886277483
          Encrypted:false
          SSDEEP:1536:FuuNzNhrSGdfJtkEDuef1Izye1/D3h3Qr2EqIX825m7Ztk4VIRxJa9C2xBY4MZZf:RtNFSMRtkDGunLxUM9RH46qr9
          MD5:2F7239C368335656E3860EF704CB24F6
          SHA1:3F0685A71A1FA5E423A1755C1C6B91A2CE28A569
          SHA-256:D85510FAFB252C0057CA28E7C3973F37F74E58195DDB08E5EABB3DA2F6130B17
          SHA-512:9A72CB6393BAB184BD0BE00DDAE0453FD0247C61DFAC4AB18D9DED8929F65EE182A676811AFF7DA79B40744A4C49864C219B6F78CDAB1758903B7B27E93F7E6A
          Malicious:false
          Preview:1F0011AF0000..:0000BD01000020002001C20000B19B0100B19B01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074060132646D2500AF11021F000000000000000000000000000000000000000021..:0000BE01005943040500200004D737B4040100020000020B000000000000000000000000000C02180024021000340218004C0218000000000000000000E803000000000000020002000000010001059F0581070101010001000000000000000000000000002C91013F2CD102002CC103002CB104002C41060000000000000000000A90012E5AD002005AA004005AB004005A400600000000000000000000005A005A005A005A000000000000000100640268027002740278027C02880200000000000000000C00000001000000A80200009802000000000000000000000000000000000000
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):2744
          Entropy (8bit):5.269021002945609
          Encrypted:false
          SSDEEP:48:b8vRk+pRHH08rQq+0llAsSpMgmZmGmv7mvImvKmvqm/mGmv7mvImvKmvqmdf4ZTX:b6kenmMgKdANPfudANPfwafzWh/ENu9A
          MD5:3B59326A02042897DBD1AACBD5F0533C
          SHA1:08B2739CD2E21E10A732D395033E28E12A3B307D
          SHA-256:006F9318D9CC97EA4D73867C5CD3892A93F5024C71E4E5CA177D81D2EF8E9E92
          SHA-512:8B46CE6EFC8007B032958EC63617D0DB8EEC6BF3F1F730C06F2F99406A00079E13054A83FA450AE7667E5BE9B1A85011E279DEF283440CB79FF423356954E16D
          Malicious:false
          Preview:@echo off..setlocal....if not "%1"=="" (..set silent=%1..) else (..set silent=NULL..)....set workingDir=%CD%....rem echo *******finding ProductType, 1=Work Station, 2= Domain Controller, 3= Server*******..for /f "skip=1 delims=" %%p in ('WMIC Os get ProductType') do if not defined ProductType set ProductType=%%p..if %ProductType%==1 (.. set IsClientOS=true..) else (.. set IsClientOS=false..)..rem echo ProductType is %ProductType%..rem echo IsClientOS is equal to %IsClientOS%......rem echo *******finding OS Architecture*******..for /f "skip=1 delims=" %%x in ('WMIC Os get OSArchitecture') do if not defined OSArchitecture set OSArchitecture=%%x..rem echo arch value is %OSArchitecture%..set OSArchitecture=%OSArchitecture:-=~%..for /f "tokens=1 delims=~ " %%i in ('echo %OSArchitecture%') do set OSArchitecture=%%i..rem echo Modified OSArchitecture is %OSArchitecture%..if %OSArchitecture%==64 (.. set OSARCH=x64..) else (.. set OSARCH=x86..)..rem echo OSARCH is %OSARCH%......rem echo ****
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):1805560
          Entropy (8bit):7.9790942351901455
          Encrypted:false
          SSDEEP:49152:mRUp077GQSph1DxQOzAFXEfEacq1XT7HM:mSoe1GEf5j7HM
          MD5:4EC7419163433CAA50BF587C34E9D521
          SHA1:53E2AE9AFD4AE2E7C708CD86670811A1BAE93A59
          SHA-256:683113E898A51D719D9C2524DE66C47550618615838C533869D4CB2A4FFE1F7A
          SHA-512:35608CD476DE1DB259177856B4456EF5C34B7302C8C033388CF17FFDACAD66956CB9318D11A3342BCEE99FDADDA653589FFF0DF07CE16E5CAAEF731C9C8EFDF0
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.$.u.J.u.J.u.J...t.J.u.K...J...`.J...~.J...t.J...|.J...t.J...t.J.Richu.J.........PE..d...U..P.........." .........j...........................................................@.........................................p........P.......`...O...@.......L...@......0...0...............................0{..p............S..H............................text...a........................... ..`.data....H..........................@....pdata.......@......................@..@.idata.......P......................@..@.rsrc....O...`...P..................@..@.reloc..l............J..............@..B................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):16414
          Entropy (8bit):6.758782680466875
          Encrypted:false
          SSDEEP:192:0ikdOjcSgwdu+2jpedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeo:hhF364byFRefXklv2728NueFwr0+8
          MD5:C81E61B0B6A1BCA8CAF49F7B25E07001
          SHA1:C4362BB1487AAC440A26E7A05E6CBF9E7FB0BACD
          SHA-256:D7177CB458DD20C5ADDB5DF7C8D8E5E7639BBF51EB8CC93E0F3F1AEFB621F5E9
          SHA-512:BE8F64D52C2AFBB35CB0C5B302B3AAF43A4DCFEA138272E3FA2E013AB927DBFA5CE9776F61BBCE6D63573E40B4572FCED13E9ADBE2CD1788BBF528842BE3DB42
          Malicious:false
          Preview:0.@...*.H........@.0.@....1.0...`.H.e......0.....+.....7.....~0..z0...+.....7........K}' I..s.p.B...150910114306Z0...+.....7.....0..y0.......".b.....|....S1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...s.y.s...0..=. .t7..;....7..H...#.5..\.)=..<.J.1...0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.1.1...d.l.l...0y..+.....7...1k0i04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... .t7..;....7..H...#.5..\.)=..<.J.0..". &DGb.=.%=..m..q...6.c.)..dw..X.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...s.y.s...0y..+.....7...1k0i04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... &DGb.=.%=..m..q...6.c.)..dw..X.0.... &.J.J.y.Z.4o..........m...t..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r...
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17387
          Entropy (8bit):5.379440867876021
          Encrypted:false
          SSDEEP:192:Rj7f2CW2C8C02CVKftbgAgJ5f+71HFS+Cx0/H:EC5C8CHCKgJiRq0f
          MD5:F4FE5DD730C90031161259263CD123DE
          SHA1:C7D802EA38B241F336880DAB99AFE2EBB1820DC7
          SHA-256:26D4AC4AE68C4AED79145AFC346FF7C02E9C1683958883E86D1A11D9BA74FAD9
          SHA-512:7868A1FB0E3F917E595B17393512E69BCAB603AA2A3BB30AF49BD34C8F718C07B5C4397DCA7EABA3AEF31385B94B7CF2496458618E4A5EC74FA41382F5A5553F
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for %OPERATING_SYSTEM%..; Processor support for %PLATFORM% platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.DeviceD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):76520
          Entropy (8bit):6.627188536857479
          Encrypted:false
          SSDEEP:1536:Vw8wGLxc+iQGLEft0u70Izz5VKf6J7A64unjABRr:JwGLxc+iQ/f6utz5JJ7AlunKr
          MD5:29AF994A779ECE9D5ABC3700CB8B21DD
          SHA1:0ED3D4753E506823983205C9916AE92136BDA9E0
          SHA-256:EFB0F9789421D5733ADCA119BB0080AA823D4960630BC50F47ADACBEB7B87F78
          SHA-512:59BE93F9A63EC9F00CBD56728DDD3E0674307CAF93940C1D88545D5D5FE31B1366CD01FFD9B05D1866479E123AF251D77581299D25A0BD74AA35DBD2B35DB4EF
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o[..+:..+:..+:...n.(:..+:..?:...t..:...o.):...j.(:...i.(:...c..":...cd.*:...c..*:..Rich+:..........PE..d....@.U.........."..........$......$..........@.............................@......[.....`.....................................................<.... ..........l........F...0..8...`...8............................................................................text...-........................... ..h.rdata..\...........................@..H.data...............................@....pdata..l...........................@..HPAGE................................ ..`INIT....`........................... ..b.rsrc........ ......................@..B.reloc..8....0......................@..B........................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):677168
          Entropy (8bit):5.929690394728221
          Encrypted:false
          SSDEEP:6144:PsW7OzpPId26dQcEaUrPvwgwkRVagRoOQTiHaQsVIhVLpHf2mmPh:BIId79EaUTvwieMowXzZ2tPh
          MD5:9785DCE9D2C63572168E06E77F6C4F86
          SHA1:ECD8E95EC91BC424BC57E6743442A9FB2ADFA74D
          SHA-256:5684A9FE5C13164468D8AA2CE0370B1841F1686B42218D65C4E66AF7C80867D1
          SHA-512:CA8898A92EE1D6A317773BFF7FFE0C646B9FD0973AA0D554CED268A514536F1576DD6375EFDC313E17162A690CE99BB1D23EB181E148F7FF9EADD963F466891D
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g9I.#X'.#X'.#X'.* ..!X'.* ..7X'.* ..<X'.#X&.Y'.* ..fX'.* ...X'...Y."X'.* .."X'.* .."X'.Rich#X'.................PE..d......J.........."..........P...............................................p.......o....@.......... ......................................H...@............0..\m...<..0....`.......................................................................................text............................... ..`.data... ...........................@....pdata..\m...0...n..................@..@.rsrc................v..............@..@.reloc..<....`.......,..............@..B........................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1640168
          Entropy (8bit):7.9814842185845265
          Encrypted:false
          SSDEEP:49152:gYedhr1GtpoBkCX5onn5BIFpumu5Oo0hSx8fokJt:MPrMoCCXG5+M5O7hbL3
          MD5:6E8EC4C4FCAD08912FF71893A9E6A951
          SHA1:466674DED34CCA89EE6898BCEE5DB1323F0183B1
          SHA-256:DDA8A12A404FA9408B92A603F4EF925C37A12F79EE9754BA59DA4ACA002A799F
          SHA-512:5D65053A677D4204ACFF0EB996DE7DA4057B1948877C13E77856A50AA66E3AF16D77574465185CB6F61CFEB26563C4DCC070E4DC85A0B4B13A27E186597E9D16
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.U.J.U.J.U.J...T.J...^.J.U.K. .J...@.J...T.J...\.J...T.J...T.J.RichU.J.........................PE..L......P...........!.........................................................@............@..................................0.......@..p................F...0..(... ...............................hx..@...........@2...............................text............................... ..`.data....D..........................@....idata..X....0......................@..@.rsrc...p....@......................@..@.reloc..`....0......................@..B........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):16405
          Entropy (8bit):6.765528866907015
          Encrypted:false
          SSDEEP:192:CHdndiX5+26pedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnbDb:/364byFR3klv2728Nyk1BL
          MD5:CFEB360654E4DE241B5DA813999AB964
          SHA1:0FCC867814BE05A3E2AA49DBB85D29569B643F7E
          SHA-256:4A237CA11CD2A1A6613E3FB8E60DB08F083F5E0FB690EB5E27427F224FC9B653
          SHA-512:9E4ECD2A516CF0AF33C2987E40296942C2ED6A5A4B3735C33889B632EAC9915CD95F3A0D7EB39FF38230C7FDAAB9012C571B6FB911EB1B25D7DCD781483B08AF
          Malicious:false
          Preview:0.@...*.H........@.0.?....1.0...`.H.e......0.....+.....7.....v0..r0...+.....7.......li...I......Hu..150910114309Z0...+.....7.....0..y0.... &.J.J.y.Z.4o..........m...t..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...i.n.f...0q..+.....7...1c0a0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... &.J.J.y.Z.4o..........m...t..0..=. ....RW....`.B(.A..t.!7....e.$w0.1...0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.1.1...d.l.l...0y..+.....7...1k0i04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... ....RW....`.B(.A..t.!7....e.$w0.0.....FY".../.".%w...W...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.1.1...d.l.l...0..". .;....M.C...P.Z*po..AG..+....1..0...+.....7...1...04..+.....7...1&0
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17387
          Entropy (8bit):5.379440867876021
          Encrypted:false
          SSDEEP:192:Rj7f2CW2C8C02CVKftbgAgJ5f+71HFS+Cx0/H:EC5C8CHCKgJiRq0f
          MD5:F4FE5DD730C90031161259263CD123DE
          SHA1:C7D802EA38B241F336880DAB99AFE2EBB1820DC7
          SHA-256:26D4AC4AE68C4AED79145AFC346FF7C02E9C1683958883E86D1A11D9BA74FAD9
          SHA-512:7868A1FB0E3F917E595B17393512E69BCAB603AA2A3BB30AF49BD34C8F718C07B5C4397DCA7EABA3AEF31385B94B7CF2496458618E4A5EC74FA41382F5A5553F
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for %OPERATING_SYSTEM%..; Processor support for %PLATFORM% platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.DeviceD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (native) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):65768
          Entropy (8bit):6.916853774709188
          Encrypted:false
          SSDEEP:768:ScwIC8HJB2DFdPhb450zxSm5b5/hnmT6pOV/D85FMyasYLBxn2TtnXHmDuPs:ScwIH3EtVRUMFssYbn2pXHmDuPs
          MD5:9A69589F2A75218835CB008870A470EB
          SHA1:14240339229DD2B1E8DFB11F1FA88437AA884624
          SHA-256:179A8EDDAEC7388C5FCEB6E36013D7AA4F79F5F16D5096B66DA02B01A1E2CF32
          SHA-512:370703A82E4A3846240D0714FDDE54248536D6C35679399964BE55B39B1FB8E059C1A4661B22A3628DF280673ACD1478BB21148FE5ECE5B3B887B9C8280DDF74
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5x..T..T..T......T..T..T......T......T......T..I...T..I...T..I...T..Rich.T..................PE..L....?.U.....................".......s............@......................................@.....................................<........................F.............8...............................h...............X............................text.............................. ..h.rdata..............................@..H.data...............................@...PAGE................................ ..`INIT................................ ..b.rsrc...............................@..B.reloc..............................@..B................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):551728
          Entropy (8bit):6.165557885967087
          Encrypted:false
          SSDEEP:6144:0ZQaKSpwmx5ATm/LC3fwf3OoU9xkYSr/mdBTRhKWIUmPkr+LyIQjJA:0ZqSpwmxvL/f3vCNkPkrAyIQjJA
          MD5:FBC12E3F8BAB21AA85722AE2B9AA8072
          SHA1:0FE41A6AC4712B38529D6BE8E645B8E996619710
          SHA-256:5350AE1DEF1380F1364769A899C1D124FC120D855C59237A9EA80E8001359921
          SHA-512:703DE3EE257B40A104F2C6199C80E99FD8C0CF06F3161B17B8009EC66E24B6EEF5DE9A4D515268F10AAB4EC3DE3E04B7DB011EBDDF0B0674BC416E1AF2074C7C
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..o4..<4..<4..<=.`<"..<=.v<...<=.f<)..<4..<@..<=.q<o..<=.a<5..<=.d<5..<Rich4..<................PE..L......J................. ...V......j........0.......................................@....@...... ..............................,....p...............R..0....0..XC...................................=..@...............L............................text............ .................. ..`.data...`>...0.......$..............@....rsrc........p.......<..............@..@.reloc..._...0...`..................@..B................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):1806216
          Entropy (8bit):7.979011874115514
          Encrypted:false
          SSDEEP:49152:7RUp077GQSph1DxQOzAFXEfEacq1XT7Hm:7Soe1GEf5j7Hm
          MD5:57AD73B8B77D5706B64409C4F1EAF923
          SHA1:01F81544DECFC60E67DE0D7CE9EB086B7AD50717
          SHA-256:CFC517A1D9BD1B0517A33D7B196F42FE7C416B659B5DFD04F64BAF6123B0E398
          SHA-512:A18FF5C390C932E313EAD2E4E5B8A1F804CF8AD0E3CA922652F5B4B098036049AC9A9DA106465C74D154650A442FAA4C65F9AA0E901EBE03BB066F1CE23C0DA1
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.$.u.J.u.J.u.J...t.J.u.K...J...`.J...~.J...t.J...|.J...t.J...t.J.Richu.J.........PE..d...U..P.........." .........j............................................................@.........................................p........P.......`...O...@.......L...C......0...0...............................0{..p............S..H............................text...a........................... ..`.data....H..........................@....pdata.......@......................@..@.idata.......P......................@..@.rsrc....O...`...P..................@..@.reloc..l............J..............@..B................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):13053
          Entropy (8bit):6.515813949997593
          Encrypted:false
          SSDEEP:192:jUlB1z25pedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnbDDMHr:636PdtKXM+3Ef5dpBjRQiA
          MD5:574ED99C66C91C82A06E86FA58AE153A
          SHA1:F888566D4CFA5E7C02C83F20E269B5741F83FC8A
          SHA-256:9E0424B802CFC816C7B4806350055C9590CE0EE942B3A47DEE226DEB0960E382
          SHA-512:CEB69B72CC287B029B234F8E0BB2144D4775B6706756808A25C4546143CD54FE17EA99B0D9B59A163D4A640814FAF7F5A4ED28584631C07B13420D9DBFDE51EA
          Malicious:false
          Preview:0.2...*.H........2.0.2....1.0...+......0.....+.....7......0...0...+.....7......:O.s.CM...L...T..150908143031Z0...+.....7.....0...0....R0.1.3.3.2.D.3.0.2.6.3.6.2.E.A.7.4.1.9.3.B.5.4.7.8.C.1.C.B.3.3.5.4.9.0.7.E.9.A.F...1..=02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...s.y.s...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........3-0&6..A..G...5I..0....R3.C.A.A.5.0.E.D.7.A.7.B.7.5.8.9.8.6.2.F.9.7.5.D.0.1.7.4.0.E.5.B.F.E.6.F.B.A.E.A...1..W02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.1.1...d.l.l...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........<.P.z{u../.].t.[.o..0....RC.7.D.8.0.2.E.A.3.8.B
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17387
          Entropy (8bit):5.379440867876021
          Encrypted:false
          SSDEEP:192:Rj7f2CW2C8C02CVKftbgAgJ5f+71HFS+Cx0/H:EC5C8CHCKgJiRq0f
          MD5:F4FE5DD730C90031161259263CD123DE
          SHA1:C7D802EA38B241F336880DAB99AFE2EBB1820DC7
          SHA-256:26D4AC4AE68C4AED79145AFC346FF7C02E9C1683958883E86D1A11D9BA74FAD9
          SHA-512:7868A1FB0E3F917E595B17393512E69BCAB603AA2A3BB30AF49BD34C8F718C07B5C4397DCA7EABA3AEF31385B94B7CF2496458618E4A5EC74FA41382F5A5553F
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for %OPERATING_SYSTEM%..; Processor support for %PLATFORM% platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.DeviceD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:MSVC program database ver 7.00, 1024*995 bytes
          Category:dropped
          Size (bytes):1018880
          Entropy (8bit):5.709334938271226
          Encrypted:false
          SSDEEP:12288:WR1rZ1rz1ryUQKFzZf3LFaFC/QU9Cd3dEjCuffk0:cLBnQUzZfbFaFCkd3d0f
          MD5:0629849708E984CB3FD42165752D4BEE
          SHA1:D7387C2F799E9D4DD17C5E22D0F16B93C096291F
          SHA-256:DF65DA2483F8B5811ABE62C903DE73D3714DC77067AB5E293299FEEA99F22D11
          SHA-512:7FB4E02BE666742048B05CBAE42AC21BA7766875ACA2B82D591EEFCC65C512D20697018090B986CE34D259C54FE66545240F1FE109518DD18CB641FC783C0830
          Malicious:false
          Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):73424
          Entropy (8bit):6.694871696100383
          Encrypted:false
          SSDEEP:768:vq/1TMaC6RfWp4nRs3JHFgvQOhWwc48Jo1gMQkMEj3KPyt4nRpgXS/hXGTEu1Ho5:9qpZchMFnA2w2KFDK2WsFxxBuFYSer
          MD5:697C7B1026E993A3656398A9C1F0A383
          SHA1:47ED6F1E95E9981FAD321F194A02EF4866DAF02A
          SHA-256:ED0114566ADCAA44C0EE5FDEE64B6CBA54A1DEFC01071587759D89F71E18FC05
          SHA-512:D20E86612F500A0A88D959811E50F24D6CBCAF2E3A43C4D31AA636CDDD6F28EEDEB09F56C5133FA539262101D43405B579AC587BEC8C97C31B83C63B2011877B
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........rX8D.6kD.6kD.6k...kG.6k.d.kF.6kD.7kQ.6kMk.kG.6kMk.kE.6kMk.kE.6k...k@.6k...kE.6kIA.kM.6kIA.kE.6kIA.kE.6kRichD.6k........................PE..d...)g.U.........."..........0......@..........@.............................P.......:....`..................................................!..<....0..........x........F...@..4....................................................................................text............................... ..h.rdata..............................@..H.data...8...........................@....pdata..x...........................@..HPAGE................................ ..`INIT......... ...................... ....rsrc........0......................@..B.reloc..4....@......................@..B........................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):677168
          Entropy (8bit):5.929702636004893
          Encrypted:false
          SSDEEP:6144:9sW7OzpPId26dQcEaUrPvwgwkRVagRoOQTiHaQsVIhVLpHf2mmPW:zIId79EaUTvwieMowXzZ2tPW
          MD5:C6F654D9238D2C577B367215B979B09E
          SHA1:81E28D15C7B6FA287FE0B8CA62766D4B73C7724C
          SHA-256:21020757FAACF7B73F1FA09691D6F74609D9064468DC01DE242448079123D0AB
          SHA-512:EA6DDA7202419362CD019AD6997DBAD011BE57F81710751D1C9C1B16C81A94961ED095D243E6F232B9D31D2B93D649E08A7AB487FC91F7EC33A7CE79BD8FD538
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g9I.#X'.#X'.#X'.* ..!X'.* ..7X'.* ..<X'.#X&.Y'.* ..fX'.* ...X'...Y."X'.* .."X'.* .."X'.Rich#X'.................PE..d......J.........."..........P...............................................p............@.......... ......................................H...@............0..\m...<..0....`.......................................................................................text............................... ..`.data... ...........................@....pdata..\m...0...n..................@..@.rsrc................v..............@..@.reloc..<....`.......,..............@..B........................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1639304
          Entropy (8bit):7.981408482239472
          Encrypted:false
          SSDEEP:49152:ZYedhr1GtpoBkCX5onn5BIFpumu5Oo0hSx8fokJQ:xPrMoCCXG5+M5O7hbL2
          MD5:004033A48E8670EEAE077A10AE5103F0
          SHA1:087E16D0061CF03A623787C4456842A052598CEC
          SHA-256:CCC0A2DDEE6CC83B4BC3BF44ED525E206183F6EE3587AFB2263C7EFFED78895F
          SHA-512:02CB1A81B588DAC77896B92022B87243492C1102F439591829CF282D202A80692247D02F8B706A78D9ECE03B25256C14BC4F6B787746797FD124CEA122E5DFCF
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.U.J.U.J.U.J...T.J...^.J.U.K. .J...@.J...T.J...\.J...T.J...T.J.RichU.J.........................PE..L......P...........!.........................................................@......F.....@..................................0.......@..p................C...0..(... ...............................hx..@...........@2...............................text............................... ..`.data....D..........................@....idata..X....0......................@..@.rsrc...p....@......................@..@.reloc..`....0......................@..B........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):13053
          Entropy (8bit):6.518920813443939
          Encrypted:false
          SSDEEP:192:wlWbU1z29pedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnbDDMF:t836IgC/KXM+3Ef5dpBjRR8Ps
          MD5:9E697BE37D89C39FC8A526A9C824F755
          SHA1:DDC919A12CF89D1966A3ECFFB168A092BA2EDC7D
          SHA-256:AC8A85996099C3DABE100459A0F808081124A56A8A547A82B635AA8F3F99B9FC
          SHA-512:70538BF7279584CEC3E1682AE666AF44427D0C46EF7EB1B668042D214F6E2373CAA3BA5E52048A6BF31F1999D8B758653BF50380AC23E39F49049E460E6D5239
          Malicious:false
          Preview:0.2...*.H........2.0.2....1.0...+......0.....+.....7......0...0...+.....7.........Wd.H..Y.A.B(..150908143037Z0...+.....7.....0...0....RA.A.4.6.5.9.2.2.E.A.C.0.A.0.2.F.1.2.2.2.C.1.2.5.7.7.A.A.B.C.B.D.5.7.1.1.0.A.A.A...1..W02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.1.1...d.l.l...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........FY".../.".%w...W...0....RB.0.5.4.7.8.1.6.8.3.0.E.E.0.9.8.6.3.5.5.6.2.2.5.0.F.B.1.8.9.9.2.6.F.2.E.F.B.3.A...1..=02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...s.y.s...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........Tx.....cUb%....o..:0....RC.7.D.8.0.2.E.A.3.8.B
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17387
          Entropy (8bit):5.379440867876021
          Encrypted:false
          SSDEEP:192:Rj7f2CW2C8C02CVKftbgAgJ5f+71HFS+Cx0/H:EC5C8CHCKgJiRq0f
          MD5:F4FE5DD730C90031161259263CD123DE
          SHA1:C7D802EA38B241F336880DAB99AFE2EBB1820DC7
          SHA-256:26D4AC4AE68C4AED79145AFC346FF7C02E9C1683958883E86D1A11D9BA74FAD9
          SHA-512:7868A1FB0E3F917E595B17393512E69BCAB603AA2A3BB30AF49BD34C8F718C07B5C4397DCA7EABA3AEF31385B94B7CF2496458618E4A5EC74FA41382F5A5553F
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for %OPERATING_SYSTEM%..; Processor support for %PLATFORM% platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.DeviceD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:MSVC program database ver 7.00, 1024*979 bytes
          Category:dropped
          Size (bytes):1002496
          Entropy (8bit):5.705791841421589
          Encrypted:false
          SSDEEP:12288:1mMPWAJqIVls2qKwtHuRNUCfFeFUSMkd8dSsR:1mMP5JqCls2qKwtHuRNUCfFeFvd8dB
          MD5:A723C5915081ED8B55F66C8B52AD09C7
          SHA1:1557517772F0BB57C9A418F74BC13893A20E1629
          SHA-256:D5B74DCCD2B148EAAEF3EF86CD51520B7483A39FA308D92C7F47B45207F2734B
          SHA-512:263776968E71A9DA7E8852B2FA15701D36BB64774326E41E0C472E2C0A6D52DAEDEA20A2B4988649447210F3D2947AE1B6C14A2DEF2A76471F5B0DDFC6C4000F
          Malicious:false
          Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (native) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):64208
          Entropy (8bit):6.940522664876079
          Encrypted:false
          SSDEEP:1536:4XjcAp38t7CGz7/SfPlGMF5iqV1kFLuFYSeC:XAp3+7Xz7SfPXCqfaLWYSeC
          MD5:15AADB8A5A18EB5D009F02A06941E467
          SHA1:CBDDC3B3CB50ED0363B8C82E28D621691727EFA8
          SHA-256:FBEB7C57C91B3AEEB569A9ACA97E9DCCAB7842930101F84CD6D696F8CE83639D
          SHA-512:43BFC338BC4EB5013F9490FED25DA30D94091C55E0B219276B591BADD97093F2DF9A8897A97A929DB603B4CB2E402CBE4FB2E7120C741C7DBAE059360E347132
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P6'.1Xt.1Xt.1XtK.t.1XtjF.t.1Xt.1Yt.1Xt.I.t.1XtK.t.1Xt.c.t.1Xt.c.t.1Xt.c.t.1XtRich.1Xt........PE..L....f.U.....................(.......m............@......................................@.....................................<........................F..........p...................................@...............`............................text............................... ..h.rdata.. ...........................@..H.data...............................@...PAGE................................ ..`INIT................................ ....rsrc...............................@..B.reloc..............................@..B........................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):551728
          Entropy (8bit):6.165564879339643
          Encrypted:false
          SSDEEP:6144:vZQaKSpwmx5ATm/LC3fwf3OoU9xkYSr/mdBTRhKWIUmPkr+LyIQj5:vZqSpwmxvL/f3vCNkPkrAyIQj5
          MD5:3B8DC0B7236D35D9DF6B563AD23F46CB
          SHA1:0D6D711F35F19325BAEA1CC642DC941466E4935F
          SHA-256:2A0C2DBC583513AC37CBF1DC25B2F4AB355B8A443C8AB8AACC5415A48FB9CEC1
          SHA-512:7C9053F7AAB27A66CE0559ED0C432A3FD4EFC1F68C1FC284EAECE8ACDDB35220BEE20A02B21356D2C97F0CDB461215562E50BDE52C79C47D9CD637E5553B66B0
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..o4..<4..<4..<=.`<"..<=.v<...<=.f<)..<4..<@..<=.q<o..<=.a<5..<=.d<5..<Rich4..<................PE..L......J................. ...V......j........0......................................f.....@...... ..............................,....p...............R..0....0..XC...................................=..@...............L............................text............ .................. ..`.data...`>...0.......$..............@....rsrc........p.......<..............@..@.reloc..._...0...`..................@..B................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):1804688
          Entropy (8bit):7.979024763820667
          Encrypted:false
          SSDEEP:49152:ORUp077GQSph1DxQOzAFXEfEacq1XT7HA:OSoe1GEf5j7HA
          MD5:F2067C09AA7B20B25C3339CD6B895F75
          SHA1:CDAD8F72EBF65D19C2E981712BB5E681E0F06E34
          SHA-256:11636027F37CBE8A80C9F578AF15766CEC350C43D305F2D9D0B259C42066313E
          SHA-512:EA2A7ACAA85A69651A79CCE6C29275CCABB4F34BCF10BB128E953B8D30C52A279F95E2773345640136C3AED1BCE1A54D616594FEF0DB74FA15DF680A687866E6
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.$.u.J.u.J.u.J...t.J.u.K...J...`.J...~.J...t.J...|.J...t.J...t.J.Richu.J.........PE..d...U..P.........." .........j.......................................................\....@.........................................p........P.......`...O...@.......L...=......0...0...............................0{..p............S..H............................text...a........................... ..`.data....H..........................@....pdata.......@......................@..@.idata.......P......................@..@.rsrc....O...`...P..................@..@.reloc..l............J..............@..B................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):16400
          Entropy (8bit):6.768246664184139
          Encrypted:false
          SSDEEP:192:aYhOQ2jR2l4pedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnbDr:aTkd364byFRrklv2728NueFwrAt
          MD5:2FAFA4953008F13F66CBD3AF5A3DFC59
          SHA1:5C9470FC57378F219B2155A4C17837333B1C0C08
          SHA-256:7BCD3584DD965A150BE2BBDA526254C7AC044CC6B1A8BEE2DA929A1A19B0A0BD
          SHA-512:67B4B5651197A4D872B653A129FB834895D6DCC6609BF1CCEF6611E51F649BE8D16B4C827EC5E0EB7BBE0AEB271B81EB00687CB7E36794846A5A4458790D9AC5
          Malicious:false
          Preview:0.@...*.H........?.0.?....1.0...`.H.e......0.....+.....7.....p0..l0...+.....7.....\,A...5M..1.~/.V..150910133053Z0...+.....7.....0..m0..;. .t7..;....7..H...#.5..\.)=..<.J.1...0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...3...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.1.1...d.l.l...0y..+.....7...1k0i04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... .t7..;....7..H...#.5..\.)=..<.J.0.... &.J.J.y.Z.4o..........m...t..1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...3...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...i.n.f...0q..+.....7...1c0a0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... &.J.J.y.Z.4o..........m...t..0....).B..;..'....(.ii1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...3...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...s.y.s...0....<.P.z{u../.].t.[.o..1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...3...0R..+.....
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17387
          Entropy (8bit):5.379440867876021
          Encrypted:false
          SSDEEP:192:Rj7f2CW2C8C02CVKftbgAgJ5f+71HFS+Cx0/H:EC5C8CHCKgJiRq0f
          MD5:F4FE5DD730C90031161259263CD123DE
          SHA1:C7D802EA38B241F336880DAB99AFE2EBB1820DC7
          SHA-256:26D4AC4AE68C4AED79145AFC346FF7C02E9C1683958883E86D1A11D9BA74FAD9
          SHA-512:7868A1FB0E3F917E595B17393512E69BCAB603AA2A3BB30AF49BD34C8F718C07B5C4397DCA7EABA3AEF31385B94B7CF2496458618E4A5EC74FA41382F5A5553F
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for %OPERATING_SYSTEM%..; Processor support for %PLATFORM% platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.DeviceD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:MSVC program database ver 7.00, 1024*1011 bytes
          Category:dropped
          Size (bytes):1035264
          Entropy (8bit):5.7148440680646715
          Encrypted:false
          SSDEEP:6144:uQfUnLpYdeynhAzYvB7nMwd0Dd0qd0u5rDAPFlSxeAjCvPScqEF0FRmttslaHmdJ:ABwwVrA9lYeA+1F0FmtUzdCdAehues
          MD5:D1328D473B346E4E1FCA79A8FE78DD1C
          SHA1:70AE1BB955116EA58A0CA8DCC0FBB4287C784878
          SHA-256:14B4DA6D149501B5E83A5E4D63294E6F2B00D1975740621835C2ABA3F6C3330D
          SHA-512:E4F7729A599C3D5C6F47047D42C71A0DAA3B704928B78A5085F9950F8ECCCB81F0A708718E0BFE4AB6E14EDB405DFFD51B518718ECF23DBDCF3E8BAD08C4EF62
          Malicious:false
          Preview:Microsoft C/C++ MSF 7.00...DS...............8...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):71384
          Entropy (8bit):6.672006930116388
          Encrypted:false
          SSDEEP:768:tSBrzTs8PMufB34larZIk65t9KuhH3zdWgIUJ1RZXcqnyB/fd/hXGTEu1HoTkdVS:ODE9/hjj3RRgQKyV0KxTU8qJ
          MD5:3E83A606CC8B9F37B343E0D2D7F68E2F
          SHA1:7948617B1A8CCE74D50ECA94089A6D5227DA458A
          SHA-256:B7BBAB39C940870B588A00F7B93F513D49B40455934728E7B79D87A992E725D4
          SHA-512:D6F1CEAD319FC3AFA13AA8BFFC1122A891388E993B754EE21C9376E6AF38868B2ADD2754336FEF67CD45C2F01F8BAC0562579BF9469ED25C2922D66FFD17E512
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:*:oTy:oTy:oTy.y9oTy...y8oTy:oUy.oTy.y9oTy.y?oTy.y8oTy7=.y3oTy7=.y;oTy7=.y;oTyRich:oTy........PE..d...Df.U.........."..........0................@.............................P.......4....`.................................................. ..<....0..........T........@...@..4....................................................................................text.............................. ..h.rdata..|...........................@..H.data...8...........................@....pdata..T...........................@..HPAGE................................ ..`INIT....X.... ...................... ....rsrc........0......................@..B.reloc..4....@......................@..B........................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):677168
          Entropy (8bit):5.9297091592899545
          Encrypted:false
          SSDEEP:6144:gsW7OzpPId26dQcEaUrPvwgwkRVagRoOQTiHaQsVIhVLpHf2mmP0:8IId79EaUTvwieMowXzZ2tP0
          MD5:FEB899883A8AC9691AD3B68D014C55BD
          SHA1:D8F794872517F93EA242C80E1233A9734DAE02C7
          SHA-256:696BBE55F340DC7F15C98C545020081623E75EB10CB52D1A9843579D4D388E25
          SHA-512:FA4D07A325D6ECC732ADDA8F40F29C8A000F7E5BD9F733406C15AE30E1A05A73A8020E62E8C4543D0B8CB82FDD4F119F3D26C680114C641E113F4C634FB82F2C
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g9I.#X'.#X'.#X'.* ..!X'.* ..7X'.* ..<X'.#X&.Y'.* ..fX'.* ...X'...Y."X'.* .."X'.* .."X'.Rich#X'.................PE..d......J.........."..........P...............................................p............@.......... ......................................H...@............0..\m...<..0....`.......................................................................................text............................... ..`.data... ...........................@....pdata..\m...0...n..................@..@.rsrc................v..............@..@.reloc..<....`.......,..............@..B........................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1639304
          Entropy (8bit):7.981404803029481
          Encrypted:false
          SSDEEP:49152:oYedhr1GtpoBkCX5onn5BIFpumu5Oo0hSx8fokJG:kPrMoCCXG5+M5O7hbLQ
          MD5:3AA10893B7E0E0114504670687833887
          SHA1:B36015911963E6208BEF28DF39C1B15C5B0518EF
          SHA-256:1D20948B8F66BB602DAA7DBB32143809B192712501BE6D1BDE3317EAC1279393
          SHA-512:5C1766A45B8DCC4BED18AF7479D3DA99C93E9F2070AE46D4F79BF7A2C7FA58E771DA6EBE7338E295CCA1D68F00AAB26C26C6D862E636CE069E70B2ACA3EEE647
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.U.J.U.J.U.J...T.J...^.J.U.K. .J...@.J...T.J...\.J...T.J...T.J.RichU.J.........................PE..L......P...........!.........................................................@......C.....@..................................0.......@..p................C...0..(... ...............................hx..@...........@2...............................text............................... ..`.data....D..........................@....idata..X....0......................@..@.rsrc...p....@......................@..@.reloc..`....0......................@..B........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):14868
          Entropy (8bit):6.621647118564173
          Encrypted:false
          SSDEEP:192:rgLhJh2HpedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnbDDMHp:rI364byFRLlBRcoNkHZ
          MD5:DBECDC40F941C0213F85E0B0BBB6067F
          SHA1:4DEDE1B58B7D10F92708A0A489AF7C215BDE5D81
          SHA-256:9B726608618F34CECECE354A5A54FDC763C7D0FEC28FC71C8D1BB5AFBA130D8F
          SHA-512:828220B74FC4618BD9A49A82B9B4FE6B068D0E105EF63B96D28F65BF58F0CD33211FEA1581B664F69D9C243606868AC07228E624F4F95C2672DC49A226230CA3
          Malicious:false
          Preview:0.:...*.H........:.0.9....1.0...`.H.e......0..w..+.....7.....h0..d0...+.....7.......-..pzJ...".:.H..150910133056Z0...+.....7.....0..m0.... &.J.J.y.Z.4o..........m...t..1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...3...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...i.n.f...0q..+.....7...1c0a0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... &.J.J.y.Z.4o..........m...t..0.. . 1....=.+nc.>....My......?y.81..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...3...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...s.y.s...0y..+.....7...1k0i04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... 1....=.+nc.>....My......?y.80....~.,J.!.e.o'...^.m<..1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...3...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...s.y.s...0..;. ....RW....`.B(.A..t.!7....e.$w0.1...0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...3...0R..+.....7...1D0B...F.
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17387
          Entropy (8bit):5.379440867876021
          Encrypted:false
          SSDEEP:192:Rj7f2CW2C8C02CVKftbgAgJ5f+71HFS+Cx0/H:EC5C8CHCKgJiRq0f
          MD5:F4FE5DD730C90031161259263CD123DE
          SHA1:C7D802EA38B241F336880DAB99AFE2EBB1820DC7
          SHA-256:26D4AC4AE68C4AED79145AFC346FF7C02E9C1683958883E86D1A11D9BA74FAD9
          SHA-512:7868A1FB0E3F917E595B17393512E69BCAB603AA2A3BB30AF49BD34C8F718C07B5C4397DCA7EABA3AEF31385B94B7CF2496458618E4A5EC74FA41382F5A5553F
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for %OPERATING_SYSTEM%..; Processor support for %PLATFORM% platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.DeviceD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:MSVC program database ver 7.00, 1024*979 bytes
          Category:dropped
          Size (bytes):1002496
          Entropy (8bit):5.70161107855716
          Encrypted:false
          SSDEEP:12288:/OTRajijGjpubY3WXM4HvMARFIF3uIdFd1VJ:/qajijGjpuU3WXbHvMARFIFLdFd1j
          MD5:B0918B12061BBA3D8FC41DE67AB2D6A0
          SHA1:8B375816E0148F0AC084E0180CC89E25905DE864
          SHA-256:D8CDCC5B05CACBAED4237D3762F51D80CF9B44CF90651B22DEA92D9B90E5422F
          SHA-512:2CCCB70AC50D87258978C65BBAFBF7625D4816AF560EF134C1F1E83AF272AE2C54EC1BE8180E870C897D9CF32E99B8B4EC70532DFB1F9CC8C5FBAD6FFEADAC10
          Malicious:false
          Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (native) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):62680
          Entropy (8bit):6.9005326460740655
          Encrypted:false
          SSDEEP:768:cnPLf42VCdfQ/qXjVEq7V5GOmE/euz0zjNjs/hnmT6pOV/D85FMQPk2AcSnxyhE:0zf42VCxQ/qXiq7TGfu4FMFRk2ROxy+
          MD5:F9B9E452F0E3AECDB850525D29D0F6AB
          SHA1:5E3B4C9862ADE83F60E8D19BA096D50DB83AC990
          SHA-256:FC1254FAE3671CA821A0597741E4B50EB5CD20590AF18756AE9F42910A79B8CF
          SHA-512:89BD97359C4C05A677AF2752CB8E136006E57542D87016BD08D2CF5DB3A0D8A5E43FFDA160F52992472972CA92547BC07E1ED389EF2125D142FB53CC0FA091C8
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........r%.o.v.o.v.o.v+..v.o.v...v.o.v.o.v.o.v+..v.o.v+..v.o.v.=.v.o.v.=.v.o.v.=.v.o.vRich.o.v........................PE..L....f.U.....................(......hm............@.................................-.....@.....................................<........................@......|...`...................................\...............\............................text...g........................... ..h.rdata..............................@..H.data...............................@...PAGE................................ ..`INIT................................ ....rsrc...............................@..B.reloc..|...........................@..B........................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):551728
          Entropy (8bit):6.1654886092762515
          Encrypted:false
          SSDEEP:6144:UZQaKSpwmx5ATm/LC3fwf3OoU9xkYSr/mdBTRhKWIUmPkr+LyIQjB:UZqSpwmxvL/f3vCNkPkrAyIQjB
          MD5:D843C0415115C2CD57CC7C204D9FDE22
          SHA1:75075DDF0F0219BC6199A46FBD3A534250C85F62
          SHA-256:30F4D91ADCCAFABAA7CE4BC95FD9A6742DD7BFB91B394F9BE512A09B2B4B677B
          SHA-512:E32B9A9B14FE2898CA10E151A104930E92C053DC6BD2F0B0592241CD7BE4C73AC7C7C1C61875CD4B492D33BFD0C185899F9E66C39A77F7853F7DD4BC19BF1D26
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..o4..<4..<4..<=.`<"..<=.v<...<=.f<)..<4..<@..<=.q<o..<=.a<5..<=.d<5..<Rich4..<................PE..L......J................. ...V......j........0......................................}K....@...... ..............................,....p...............R..0....0..XC...................................=..@...............L............................text............ .................. ..`.data...`>...0.......$..............@....rsrc........p.......<..............@..@.reloc..._...0...`..................@..B................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):1804688
          Entropy (8bit):7.979025664267744
          Encrypted:false
          SSDEEP:49152:CRUp077GQSph1DxQOzAFXEfEacq1XT7H9:CSoe1GEf5j7H9
          MD5:9FAB8EF2CA44E64AF106AAFD453B8CA1
          SHA1:7CA34B8A5698176C17124B9E9E4C66ED2A417CC6
          SHA-256:526C86CD95C0BD53EA500B68EE49A84ACE8A65ECFA1C91018274C36DF5A4B78D
          SHA-512:278899A484CC28FEDAE5AD6267734EB5105937EB8EFAF1B675F93D2BFD3AE7E3EB6EFA4C8749A78FEE7EC8FF36C4B32F08B009BA1B9EC3AE1010C54E324E2386
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.$.u.J.u.J.u.J...t.J.u.K...J...`.J...~.J...t.J...|.J...t.J...t.J.Richu.J.........PE..d...U..P.........." .........j......................................................A.....@.........................................p........P.......`...O...@.......L...=......0...0...............................0{..p............S..H............................text...a........................... ..`.data....H..........................@....pdata.......@......................@..@.idata.......P......................@..@.rsrc....O...`...P..................@..@.reloc..l............J..............@..B................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):16388
          Entropy (8bit):6.767168015953082
          Encrypted:false
          SSDEEP:192:gY6Oh0Na2hpedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnbDDD:gcX364byFRpylv2728Nw0abZ8N
          MD5:EB8435D6E887D7F2FD1ABD24B3BAE11D
          SHA1:F800F34DF1785F5DD1AED61046AEC595544480B5
          SHA-256:C4F60F059ACDB217F5A8F259887C845F5E8F50387CA01ED81BF727839D7C5070
          SHA-512:2D3D6A0567CCFCF8FB1EF32EA425EA7C896CB5209DCB281FF81EB06F6D0364A15230055D8D232EA49808E33CF0731F1EF191852EE5F26BC0617ACF78FDC0D834
          Malicious:false
          Preview:0.@...*.H........?.0.?....1.0...`.H.e......0..w..+.....7.....h0..d0...+.....7........m7..A..R .h...150910130716Z0...+.....7.....0..m0..;. .t7..;....7..H...#.5..\.)=..<.J.1...0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.1.1...d.l.l...0y..+.....7...1k0i04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... .t7..;....7..H...#.5..\.)=..<.J.0.... &.J.J.y.Z.4o..........m...t..1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...i.n.f...0q..+.....7...1c0a0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... &.J.J.y.Z.4o..........m...t..0....<.P.z{u../.].t.[.o..1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.1.1...d.l.l...0.. . bN.N.G.w:.:.....{p..LD._%r...us1..0...+.....7...1...02..+.....7...1$0"...O.
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17387
          Entropy (8bit):5.379440867876021
          Encrypted:false
          SSDEEP:192:Rj7f2CW2C8C02CVKftbgAgJ5f+71HFS+Cx0/H:EC5C8CHCKgJiRq0f
          MD5:F4FE5DD730C90031161259263CD123DE
          SHA1:C7D802EA38B241F336880DAB99AFE2EBB1820DC7
          SHA-256:26D4AC4AE68C4AED79145AFC346FF7C02E9C1683958883E86D1A11D9BA74FAD9
          SHA-512:7868A1FB0E3F917E595B17393512E69BCAB603AA2A3BB30AF49BD34C8F718C07B5C4397DCA7EABA3AEF31385B94B7CF2496458618E4A5EC74FA41382F5A5553F
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for %OPERATING_SYSTEM%..; Processor support for %PLATFORM% platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.DeviceD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:MSVC program database ver 7.00, 1024*1011 bytes
          Category:dropped
          Size (bytes):1035264
          Entropy (8bit):5.713467197866789
          Encrypted:false
          SSDEEP:6144:QFFFFNiaqnI/Iv7b89S1FqOaFQ7vaFQeUaFQ129ctqkx9wDY4bvSymcBIyFxFUFS:/faQawatWUsWvSyzNFUFlcGFdqdHBq
          MD5:20D65B0D562C8A0C10EF474E5BCF3119
          SHA1:BBC9ABA87206D9FDBBB76A5352966EE5363ABB74
          SHA-256:DD3D625BAC8BC2FF94ACF5FA124EFF4CF6FE4F97C7B498E58F2F3AFFA497A992
          SHA-512:BE024DCF6F4BFD46C981A8478FA6A8624233F868BFE8510E36D06AEC2856E9C34E7874AE305FDBF1B7060B82172CF6D6EA62A79425FA39A66D873414A5D29E74
          Malicious:false
          Preview:Microsoft C/C++ MSF 7.00...DS...............8...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):71384
          Entropy (8bit):6.6748785609153884
          Encrypted:false
          SSDEEP:768:9W3WPXIBMnm9m5biRUmceLLkN58GJ9gAuFl4l/9kltunqPAYrnRppH/hXGTEu1HX:FYOkALurLF7UK1U3OfYxrZ
          MD5:6B894CFC29E7CFB6E7D768ECB269389E
          SHA1:19E4B8AFAF705F9C3780DB3E54084CA2420561EA
          SHA-256:4979692B13B706C08993B908F9AFB1A89F87A911A791B9348FF47D36C3A04E02
          SHA-512:6A710FCEC9AE5EF64B97430583C1B150F8666918D6BC93BF2B47A9D99915856CCB68C26AA957598685EB00939D82071377FCE0A9EF17031D7E1A9A56A892AA64
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........(Hr.{Hr.{Hr.{..p{Kr.{...{Ir.{...{Ir.{...{Mr.{Hr.{\r.{..o{Lr.{..l{Ir.{E A{Ar.{E z{Ir.{E .{Ir.{RichHr.{........PE..d....f.U.........."..........0.................@.............................P............`.................................................. ..<....0..........T........@...@..4....................................................................................text............................... ..h.rdata..t...........................@..H.data...8...........................@....pdata..T...........................@..HPAGE................................ ..`INIT....X.... ...................... ....rsrc........0......................@..B.reloc..4....@......................@..B................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):677168
          Entropy (8bit):5.929707431727371
          Encrypted:false
          SSDEEP:6144:csW7OzpPId26dQcEaUrPvwgwkRVagRoOQTiHaQsVIhVLpHf2mmPI:oIId79EaUTvwieMowXzZ2tPI
          MD5:EFDF4D091DFC47CC4982F05B8AF3E803
          SHA1:DCC03D1B6BAC188A4AA191F96876D8EE9E722CD4
          SHA-256:94D65BE3F4AB0F41C2A916A0E97D72729A4C0DAE01785CC3798645DD4629BDBD
          SHA-512:845E8C927A54D3DDF5DF6CF7DBBFCD5816E8F9BE81FBB8869770A684F51E9C075343E8ED162F769166BABCBF7BB35118CDF4A5B8660B381320A4243311FBE4B7
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g9I.#X'.#X'.#X'.* ..!X'.* ..7X'.* ..<X'.#X&.Y'.* ..fX'.* ...X'...Y."X'.* .."X'.* .."X'.Rich#X'.................PE..d......J.........."..........P...............................................p............@.......... ......................................H...@............0..\m...<..0....`.......................................................................................text............................... ..`.data... ...........................@....pdata..\m...0...n..................@..@.rsrc................v..............@..@.reloc..<....`.......,..............@..B........................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1637776
          Entropy (8bit):7.981423931161702
          Encrypted:false
          SSDEEP:49152:CYedhr1GtpoBkCX5onn5BIFpumu5Oo0hSx8fokJO:mPrMoCCXG5+M5O7hbLA
          MD5:18E3683E9006C5926B210BC79659BBBA
          SHA1:A430060ABD4FB30B8FC4B3DAF876B182BED9E1B6
          SHA-256:5B672F28E5281FC11B061CD53C42FF04035D8E889A68C00A09D45CD25AF35E13
          SHA-512:7EDC4A5C5915053FEB070C65ECBB8C49E51AAE7DD0AFC8448330F21857801C3A5FB50331F8B795109B98B8125C249C52392FCF002798DCA6EFB747D54A17A211
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.U.J.U.J.U.J...T.J...^.J.U.K. .J...@.J...T.J...\.J...T.J...T.J.RichU.J.........................PE..L......P...........!.........................................................@...........@..................................0.......@..p................=...0..(... ...............................hx..@...........@2...............................text............................... ..`.data....D..........................@....idata..X....0......................@..@.rsrc...p....@......................@..@.reloc..`....0......................@..B........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):14868
          Entropy (8bit):6.620655670158651
          Encrypted:false
          SSDEEP:192:6Xz66lQ21pedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnbDDM8:6Xy364byFRa1nlBRcoN3BWf
          MD5:8B1D14A95FE2CAE7FEBE56E8058E7236
          SHA1:B1D85AD70C6E353DEE92259A48F74303A2144E50
          SHA-256:74FDD1A727E708BF4291479ABAD56EEC4C364D318BC9A9E684F5DA60A6B57612
          SHA-512:96B8BAA524EAE3DAA69704CE81F0DD768ECD10E3081CED04135F809F0303EC4A4537032A0F4ACD2B5D22044A4FF13F7ABFA6AE15186EB47F215BD580597A0AAB
          Malicious:false
          Preview:0.:...*.H........:.0.9....1.0...`.H.e......0..w..+.....7.....h0..d0...+.....7.......Q.!..O..O.^....150910130719Z0...+.....7.....0..m0.... &.J.J.y.Z.4o..........m...t..1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...i.n.f...0q..+.....7...1c0a0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... &.J.J.y.Z.4o..........m...t..0.. . m(...iM..}Y./.U.wx...zM=........1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...s.y.s...0y..+.....7...1k0i04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... m(...iM..}Y./.U.wx...zM=........0..;. ....RW....`.B(.A..t.!7....e.$w0.1...0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.1.1...d.l.l...0y..+.....7...1k0i04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>010...`.H.e....... ....
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17387
          Entropy (8bit):5.379440867876021
          Encrypted:false
          SSDEEP:192:Rj7f2CW2C8C02CVKftbgAgJ5f+71HFS+Cx0/H:EC5C8CHCKgJiRq0f
          MD5:F4FE5DD730C90031161259263CD123DE
          SHA1:C7D802EA38B241F336880DAB99AFE2EBB1820DC7
          SHA-256:26D4AC4AE68C4AED79145AFC346FF7C02E9C1683958883E86D1A11D9BA74FAD9
          SHA-512:7868A1FB0E3F917E595B17393512E69BCAB603AA2A3BB30AF49BD34C8F718C07B5C4397DCA7EABA3AEF31385B94B7CF2496458618E4A5EC74FA41382F5A5553F
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for %OPERATING_SYSTEM%..; Processor support for %PLATFORM% platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.DeviceD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:MSVC program database ver 7.00, 1024*979 bytes
          Category:dropped
          Size (bytes):1002496
          Entropy (8bit):5.703592844131807
          Encrypted:false
          SSDEEP:6144:MWCByI4Hnpe2dhoUSBRPgNQ5TVK91qK91RK91wqUNWnPDwhgoAeseFeFBLU/YoTI:1FyBVK+KtK8yPDw60FeFpAYMadtdd3
          MD5:2855AEAAAF43FFEC716873302F68210A
          SHA1:3F6436F05307EEAF1BB2B74B16E725E912699DF8
          SHA-256:301F06958A21D14CC63CA51FFF14F27310EC87E50EBDAB7C3AB154086ABF88DB
          SHA-512:1EC9D201C2E9D518CA3915CE70356732391D54CBEF981F24EBE501F6CDBEE21BA48070782B250B99E360C0DD65B956ED46E811028067B9AE33B767D7E4009110
          Malicious:false
          Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (native) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):62680
          Entropy (8bit):6.897861890305919
          Encrypted:false
          SSDEEP:1536:Szf42VCxQ/qXiq7TGfu4FMFWRIRbImJhfh:V2VCCCyKTGfudCI1NJ7
          MD5:63283237F5515FA8430D0211EEB85C00
          SHA1:F42873B92FFA24CF8CA09A592AC33F1E32597D4D
          SHA-256:142EA167C4B3123FE5F6D3B70A582D9487C9355D777F411DD5B11E93C6FDC9BC
          SHA-512:0AC539E73C28E10A8A2FAADE548952A929957B2A3BC5189816DEF7A7C60739761E8823A5147E2FB21F21614BA0C7B70FBE2CD2FFBA13F8C19D6B65B4047EA0AA
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k............Co.....b.............Co.........................Rich............................PE..L...}f.U.....................(......hm............@.................................?(....@.....................................<........................@......|...`...................................\...............\............................text...g........................... ..h.rdata..............................@..H.data...............................@...PAGE................................ ..`INIT................................ ....rsrc...............................@..B.reloc..|...........................@..B................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):551728
          Entropy (8bit):6.165564332429276
          Encrypted:false
          SSDEEP:6144:qZQaKSpwmx5ATm/LC3fwf3OoU9xkYSr/mdBTRhKWIUmPkr+LyIQjZ:qZqSpwmxvL/f3vCNkPkrAyIQjZ
          MD5:E778C83F31781E7392204BBF2482EE64
          SHA1:844F30D0699A929688F7F5A595DB355AD34A75CC
          SHA-256:92AEAF1B901295BDE7DB2C538548E900C75F1BD0B380F36EE90EE3F53A08E798
          SHA-512:382F94A57CF205E8461697AEA2A2EAF1B35656A4AED4303D5428A1703A4F4696DA0BF9A3223A92D2B52C7F051E6AAA4FEA0645FEE2243A608171945502BFFCE3
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..o4..<4..<4..<=.`<"..<=.v<...<=.f<)..<4..<@..<=.q<o..<=.a<5..<=.d<5..<Rich4..<................PE..L......J................. ...V......j........0......................................R.....@...... ..............................,....p...............R..0....0..XC...................................=..@...............L............................text............ .................. ..`.data...`>...0.......$..............@....rsrc........p.......<..............@..@.reloc..._...0...`..................@..B................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):679904
          Entropy (8bit):5.9172904249828155
          Encrypted:false
          SSDEEP:6144:DcjsynWrZI8I/VELVqZFbq+0pHKmdTJF805CbLLDySQSAj99HJYnJzDX+v34nQGO:RpRkVWqZRqXVI0oLDUZxA434QNPL
          MD5:A79CADEA6287A6EE6359F532432107DB
          SHA1:5064E1FFF01CBC97F22FAE6E1B06A0BF819A9DDB
          SHA-256:1A297EDBB0D922BE22F472E4ECF77859B6D81C3B4EACFECD06EF1168D258D11C
          SHA-512:E681967E116B9C4B3B5184247D2EBCF10497F8D8EB3CCCF526E436DC590BC9A6000323CE6CCF4C1BD4D544AE00BED08E32026C91D9074CDCAB8CAD8634ABFE95
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<.hA].;A].;A].;f..;C].;f..;U].;f..;`].;A].;.\.;f..;.].;f..;f].;f..;@].;f..;@].;f..;@].;RichA].;........................PE..d.....IE.........."..........>......<...............................................C[....@.......... ..........................................@.......h....P..xr...D.......p..D....................................................................................text... ........................... ..`.data........0......................@....pdata..xr...P...t..."..............@..@.rsrc...h...........................@..@.reloc.......p.......6..............@..B................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):1730312
          Entropy (8bit):7.978143964934263
          Encrypted:false
          SSDEEP:24576:aU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWE:PFCsfZRZA6Xn388avVovfLd+Mo4iEE
          MD5:15697F36CE6AF9DA48A4DE6FBE25BC31
          SHA1:FD5186AEED04CFB21020A1954DD9A8F4A062A9CF
          SHA-256:9F989FD50FA4D75B48EA72E26A91931A045C5671E71D17918EA5FF2BA7E0E718
          SHA-512:4BE6BC8D489916C79CCED256440A6FD77CCB4737F7CA2FAF5AECA2F48FB728DEFC1F69FCAF0C7A8BB2C2B10F5349928C1D30A8AE055A0CDC61AFEF39E2F205C1
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...;...........................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):13221
          Entropy (8bit):6.49798837701577
          Encrypted:false
          SSDEEP:192:nHzRfQJ2UECspedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnbA:TYJ36PdtKXM+3Ef5dpBjRB2
          MD5:4CD581E405CC63E473E44F841B47028E
          SHA1:15E3F13B9433133301FFDE31647C245FAA3CF81C
          SHA-256:83D520D89F1B2DC3A3D1E5F9367584157D458D137C863F4499E2DDF5189B03B6
          SHA-512:7711883652E3B24E5E385F396032132A2B48E4C57F53EF935F930B450B5DEBC161392B7468211F4C5D79D8CA83043EB8B97AF5804BC621B5B5C8FDF171F6891A
          Malicious:false
          Preview:0.3...*.H........3.0.3....1.0...+......0.....+.....7......0..|0...+.....7............F.!..Z....150909215209Z0...+.....7.....0..I0....R0.5.6.3.9.9.F.A.A.C.B.9.F.C.4.9.F.3.C.F.7.8.B.F.C.3.D.9.F.2.F.4.6.3.E.5.0.1.2.E...1..{0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........c.....I..x.....c...0....R3.E.C.0.C.E.A.2.5.2.1.F.4.B.A.B.4.4.D.0.4.F.F.7.9.6.2.B.C.C.5.B.5.0.6.C.9.4.1.F...1..Y08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...i.n.f...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........>..R.K.D.O..+.[Pl..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17387
          Entropy (8bit):5.378553101610816
          Encrypted:false
          SSDEEP:192:yj7f2CW2C8C02CVKftbgAgJ5fT71+RS+Cx0/H:FC5C8CHCKgJ2Nq0f
          MD5:44B58B8DD8293C9A3AD1CEC84F6EB157
          SHA1:3EC0CEA2521F4BAB44D04FF7962BCC5B506C941F
          SHA-256:0963E8BE4691AD2A056725287CA61FA6730FB1D058F682F5D6DEF3D01DBF1CEC
          SHA-512:1C604067D10DD6E4BFB78D3244E9D70D5512CDA5AE992676BBEC9AEFF3234EC8A89096728FC9548D80B9236B6DB3839BCC90B56A9D60B9F2C546D0FE552DA2D2
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for Windows Server 2003..; Processor support for OS unknown platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.Device
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:MSVC program database ver 7.00, 1024*611 bytes
          Category:dropped
          Size (bytes):625664
          Entropy (8bit):5.6925485402103595
          Encrypted:false
          SSDEEP:6144:Xbq991lw7Om7hqQ3Pu4oB1ZX/qdqdwO/39fvvDv:s91iC4aJCdqdwS5vv
          MD5:43ECA8DF9A3E13FDE3BC16D3F552BD0D
          SHA1:4DC5CA1FFA529889C3CBBEE51606C9DBB4A9CE77
          SHA-256:459F3A545F6CBC0A5A280ADD61AF000B575E834BD9176E6C03BA395236397606
          SHA-512:12BD63B9E3C1C6520D3675EEB771163DC32C472D0EE81231F69EFA7E55120B694BA40196E482841FAE99CC3AAD16FCF94349925490CAEC2934213905D4CC6182
          Malicious:false
          Preview:Microsoft C/C++ MSF 7.00...DS...........c...........a...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):71928
          Entropy (8bit):6.562459534085404
          Encrypted:false
          SSDEEP:768:tV356ZrvEsXV5MbOWT3js3lCtsnPC7G8YCAcvvxXGTEu1HWk10teRUPI3q4nucJ:YobOWTTsYtYP+GIaQPG13qcucJ
          MD5:DF32D81DCF211D811B6E226C4E9F0752
          SHA1:6EF3DA2D937658BC7427CA392BCB197828AD726B
          SHA-256:E73E2380B0C296D2C4CFD509808C429C52299274B03F610757C212884B33093A
          SHA-512:9D5176358386B581067F7CA05EFD8DD061508B889EE465A01AFC0C79187E0E80A2294B6A8226CB47B617D76A064BBF2645224C1D0E542D1F9EAD4486642DB837
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x......................................Em......Ek......................E{.............................Rich............PE..d....g.U.........."..........,......`........................................P.......~.......................................................!..<....0...................@...@..$....................................................................................text............................... ..h.rdata..L...........................@..H.data...............................@....pdata..............................@..HPAGE................................ ..`INIT....@.... ...................... ....rsrc........0......................@..B.reloc.......@......................@..B........................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):544736
          Entropy (8bit):6.180738833337954
          Encrypted:false
          SSDEEP:6144:D2BG1lkWPDmh/CsOs5Un05pJg6fjlhFbLdG3sBtmmP0OPx68:ic19PCCsOsCn01g6L9bP0OPx
          MD5:82862B768A80880A2F22C44C96C20596
          SHA1:4DC3930646FC584FED017132DA5AA4661D7FEC01
          SHA-256:9EF92CFEED3A6589F64ECA6A0EDF32335F5F97509EE6051A7FF68F7780A60180
          SHA-512:142A413C0A90D37767146689D34868D409FE5734AE6FF718DD9AC01D5B127B78DC723C86B3D0A2259D2E26954224911BEF6E933F330BBBB8838B5F4890B4AFDB
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........S;.|=h.|=h.|=h..@h.|=h..Ph.|=h..Fh.|=h.|<h.}=h..Sh.|=h..Ah.|=h..Eh.|=hRich.|=h........PE..L...Z.IE.....................:...............0...............................p......a.....@...... ..............................,....p..`............4..........xB...................................B..@...............L............................text............................... ..`.data...@=...0....... ..............@....rsrc...`....p.......8..............@..@.reloc...[.......\..................@..B........................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1470728
          Entropy (8bit):7.976096044693027
          Encrypted:false
          SSDEEP:24576:CjG90oN2lj11mk/22yYzGrarZRm4X5Uh6rVh5LdfBwOyCSQM1fFhSWRAen:GGtN2h1120R7m4XShYVxfBwrC21fXSa
          MD5:6D398A234C074DF4AC4F73739E6404B6
          SHA1:DC0D6610D1CAF5AD6D468B6D867631AB2BB0362F
          SHA-256:6784ED4CA9986CB5FFF0C39C3AE63C0B0DAF7B05CFC22B78B2124820647F80D7
          SHA-512:99800E0130A5E80A6DB81FE2FA7612A11B915DFB5B3EBBFBF557844A2DBA1357C14217176327C0972D5ED28B9BC99BB3EBC09A9BF5B64AD8F1607E821E34400A
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.B...B...B...Kd1.E...B.......Kd7.Q...Kd .M...Kd6.C...Kd'.....e...C...Kd0.C...Kd5.C...RichB...........PE..L.....[J...........!.........N......C.....................................................@..........................................P...<...........6...;..............................................@............................................text............................... ..`.data....G..........................@....rsrc....<...P...>..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):13221
          Entropy (8bit):6.499817704615822
          Encrypted:false
          SSDEEP:192:GHE/u6vq2UECgpedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnp:bGV36PdtKXM+3Ef5dpBjRzXwg
          MD5:22BECBA2004E5DD2C41C0337CDBBBDA4
          SHA1:D796D56069E25CF074C0A67ADCF0A7DA2FBB1500
          SHA-256:BB9B74E10B68238671A112CDD95C3B4D508F33405435B168C8C3A1BB69BC8393
          SHA-512:FB7BB45DC6950DF599A973FAECA666E89ECC694411F912572D82FB13308DC1BFD4E44A43F3726446FFABB7D36B2CD9EF2CA14D89BFFFD0E4D1279FF411331B56
          Malicious:false
          Preview:0.3...*.H........3.0.3....1.0...+......0.....+.....7......0..|0...+.....7.......Pg..K..L.M.p..150909215212Z0...+.....7.....0..I0....RA.0.D.0.3.C.7.5.D.3.6.F.1.F.F.2.2.7.B.2.6.2.B.C.3.A.A.0.8.7.7.7.E.7.3.5.1.2.F.0...1..{0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........<u.o..'.b.:..w.5..0....RA.6.0.0.1.3.4.C.B.B.9.0.9.0.5.0.4.C.6.3.9.C.F.E.6.D.A.A.F.F.F.9.D.E.F.B.E.0.C.5...1..Y08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...i.n.f...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...........L...PLc..m.......0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17377
          Entropy (8bit):5.377933774316491
          Encrypted:false
          SSDEEP:192:6Yj7f2CW2C8C02CVKftbgAgJ5fT71+RS+Cx0/H:CC5C8CHCKgJ2Nq0f
          MD5:108F163548FD4E8E344CD37ACF5413E6
          SHA1:A600134CBB9090504C639CFE6DAAFFF9DEFBE0C5
          SHA-256:5A3D8556E7592E442E5605E6DE199A702EDBD0919E78B3B3C38747C2951AF9B2
          SHA-512:B7B7BD7685AAB03FD4ABB28092367590B2A9A32342C8E1922D448010D42FB5EB8144EBA97C412DCACE0DDEDA491DB40C0233EC60CF0D7E2264F2AA00A7E66879
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for Windows XP..; Processor support for x86 based platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.DeviceDesc%=CyUs
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:MSVC program database ver 7.00, 1024*643 bytes
          Category:dropped
          Size (bytes):658432
          Entropy (8bit):5.697508292371285
          Encrypted:false
          SSDEEP:12288:vLm0JXhKv2VwuM7YSL/ipgG/707SKstc+6UnddpdY:vLm0JXhKv2euM7YSL/ipgG/707SKsa+v
          MD5:1ABC445CB4E070F75FD3D6C689B714E5
          SHA1:AC0D7FA0828446A9A224B72D9A57C559F02AA055
          SHA-256:1B8C42CBF8D1812689D95D3C1A4A7523DF46C59F1AF0F31D3AB6433AFE741233
          SHA-512:C793D1C1741389AE7327B0035D518E81D0C60B386317E979217132B84B00D4E1334296C9CD7062ED6A0995A1F23FE5A22D43D4E1CB95BAADC15EDBF613E8761F
          Malicious:false
          Preview:Microsoft C/C++ MSF 7.00...DS...............p...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (native) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):65528
          Entropy (8bit):6.698873355690312
          Encrypted:false
          SSDEEP:1536:eQIJeE/oiYz7pn5T2wT8YS/BQsoxhbwjCZT/XSOkg:LIJeEgiYzl5T2wT8YS/BQbxhbwwXSzg
          MD5:48A534D866C6DAE8DD67132F245DEDBF
          SHA1:1D42AF388656FD1C5C2AE0DBE5E49ECE76B8AB5F
          SHA-256:4D697599790F749301ABFBABCC5E61EB81C13CD33C8245A8FCF6BE5173516100
          SHA-512:A9EB35D074DCE254404F9C690C13C3BFAB604EE197C3F64BD42467FD77364E64CF7ABD04DE7DBDFDA1CA8C1D626F30C68350C244B7118E6CFE66625ABCBB7D6B
          Malicious:false
          Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$...........................................................................................................................................................................................................................................................................................................................................................................................................Q.u.Q.u.Q.u.X...R.u.X...S.u.Q.t.I.u..(.R.u.X...].u.X...P.u.X...P.u.RichQ.u.................PE..L....g.U.....................%.......a..............................................{...........................................<........................@......p.......................................................d............................text............................... ..h.rdata..............................@..H.data... ...........................@...PAGE....................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):679904
          Entropy (8bit):5.9172904249828155
          Encrypted:false
          SSDEEP:6144:DcjsynWrZI8I/VELVqZFbq+0pHKmdTJF805CbLLDySQSAj99HJYnJzDX+v34nQGO:RpRkVWqZRqXVI0oLDUZxA434QNPL
          MD5:A79CADEA6287A6EE6359F532432107DB
          SHA1:5064E1FFF01CBC97F22FAE6E1B06A0BF819A9DDB
          SHA-256:1A297EDBB0D922BE22F472E4ECF77859B6D81C3B4EACFECD06EF1168D258D11C
          SHA-512:E681967E116B9C4B3B5184247D2EBCF10497F8D8EB3CCCF526E436DC590BC9A6000323CE6CCF4C1BD4D544AE00BED08E32026C91D9074CDCAB8CAD8634ABFE95
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<.hA].;A].;A].;f..;C].;f..;U].;f..;`].;A].;.\.;f..;.].;f..;f].;f..;@].;f..;@].;f..;@].;RichA].;........................PE..d.....IE.........."..........>......<...............................................C[....@.......... ..........................................@.......h....P..xr...D.......p..D....................................................................................text... ........................... ..`.data........0......................@....pdata..xr...P...t..."..............@..@.rsrc...h...........................@..@.reloc.......p.......6..............@..B................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):1730312
          Entropy (8bit):7.978143964934263
          Encrypted:false
          SSDEEP:24576:aU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWE:PFCsfZRZA6Xn388avVovfLd+Mo4iEE
          MD5:15697F36CE6AF9DA48A4DE6FBE25BC31
          SHA1:FD5186AEED04CFB21020A1954DD9A8F4A062A9CF
          SHA-256:9F989FD50FA4D75B48EA72E26A91931A045C5671E71D17918EA5FF2BA7E0E718
          SHA-512:4BE6BC8D489916C79CCED256440A6FD77CCB4737F7CA2FAF5AECA2F48FB728DEFC1F69FCAF0C7A8BB2C2B10F5349928C1D30A8AE055A0CDC61AFEF39E2F205C1
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...;...........................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):13221
          Entropy (8bit):6.49798837701577
          Encrypted:false
          SSDEEP:192:nHzRfQJ2UECspedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnbA:TYJ36PdtKXM+3Ef5dpBjRB2
          MD5:4CD581E405CC63E473E44F841B47028E
          SHA1:15E3F13B9433133301FFDE31647C245FAA3CF81C
          SHA-256:83D520D89F1B2DC3A3D1E5F9367584157D458D137C863F4499E2DDF5189B03B6
          SHA-512:7711883652E3B24E5E385F396032132A2B48E4C57F53EF935F930B450B5DEBC161392B7468211F4C5D79D8CA83043EB8B97AF5804BC621B5B5C8FDF171F6891A
          Malicious:false
          Preview:0.3...*.H........3.0.3....1.0...+......0.....+.....7......0..|0...+.....7............F.!..Z....150909215209Z0...+.....7.....0..I0....R0.5.6.3.9.9.F.A.A.C.B.9.F.C.4.9.F.3.C.F.7.8.B.F.C.3.D.9.F.2.F.4.6.3.E.5.0.1.2.E...1..{0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........c.....I..x.....c...0....R3.E.C.0.C.E.A.2.5.2.1.F.4.B.A.B.4.4.D.0.4.F.F.7.9.6.2.B.C.C.5.B.5.0.6.C.9.4.1.F...1..Y08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...i.n.f...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........>..R.K.D.O..+.[Pl..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17387
          Entropy (8bit):5.378553101610816
          Encrypted:false
          SSDEEP:192:yj7f2CW2C8C02CVKftbgAgJ5fT71+RS+Cx0/H:FC5C8CHCKgJ2Nq0f
          MD5:44B58B8DD8293C9A3AD1CEC84F6EB157
          SHA1:3EC0CEA2521F4BAB44D04FF7962BCC5B506C941F
          SHA-256:0963E8BE4691AD2A056725287CA61FA6730FB1D058F682F5D6DEF3D01DBF1CEC
          SHA-512:1C604067D10DD6E4BFB78D3244E9D70D5512CDA5AE992676BBEC9AEFF3234EC8A89096728FC9548D80B9236B6DB3839BCC90B56A9D60B9F2C546D0FE552DA2D2
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for Windows Server 2003..; Processor support for OS unknown platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.Device
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:MSVC program database ver 7.00, 1024*611 bytes
          Category:dropped
          Size (bytes):625664
          Entropy (8bit):5.6925485402103595
          Encrypted:false
          SSDEEP:6144:Xbq991lw7Om7hqQ3Pu4oB1ZX/qdqdwO/39fvvDv:s91iC4aJCdqdwS5vv
          MD5:43ECA8DF9A3E13FDE3BC16D3F552BD0D
          SHA1:4DC5CA1FFA529889C3CBBEE51606C9DBB4A9CE77
          SHA-256:459F3A545F6CBC0A5A280ADD61AF000B575E834BD9176E6C03BA395236397606
          SHA-512:12BD63B9E3C1C6520D3675EEB771163DC32C472D0EE81231F69EFA7E55120B694BA40196E482841FAE99CC3AAD16FCF94349925490CAEC2934213905D4CC6182
          Malicious:false
          Preview:Microsoft C/C++ MSF 7.00...DS...........c...........a...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):71928
          Entropy (8bit):6.562459534085404
          Encrypted:false
          SSDEEP:768:tV356ZrvEsXV5MbOWT3js3lCtsnPC7G8YCAcvvxXGTEu1HWk10teRUPI3q4nucJ:YobOWTTsYtYP+GIaQPG13qcucJ
          MD5:DF32D81DCF211D811B6E226C4E9F0752
          SHA1:6EF3DA2D937658BC7427CA392BCB197828AD726B
          SHA-256:E73E2380B0C296D2C4CFD509808C429C52299274B03F610757C212884B33093A
          SHA-512:9D5176358386B581067F7CA05EFD8DD061508B889EE465A01AFC0C79187E0E80A2294B6A8226CB47B617D76A064BBF2645224C1D0E542D1F9EAD4486642DB837
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x......................................Em......Ek......................E{.............................Rich............PE..d....g.U.........."..........,......`........................................P.......~.......................................................!..<....0...................@...@..$....................................................................................text............................... ..h.rdata..L...........................@..H.data...............................@....pdata..............................@..HPAGE................................ ..`INIT....@.... ...................... ....rsrc........0......................@..B.reloc.......@......................@..B........................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):544736
          Entropy (8bit):6.180738833337954
          Encrypted:false
          SSDEEP:6144:D2BG1lkWPDmh/CsOs5Un05pJg6fjlhFbLdG3sBtmmP0OPx68:ic19PCCsOsCn01g6L9bP0OPx
          MD5:82862B768A80880A2F22C44C96C20596
          SHA1:4DC3930646FC584FED017132DA5AA4661D7FEC01
          SHA-256:9EF92CFEED3A6589F64ECA6A0EDF32335F5F97509EE6051A7FF68F7780A60180
          SHA-512:142A413C0A90D37767146689D34868D409FE5734AE6FF718DD9AC01D5B127B78DC723C86B3D0A2259D2E26954224911BEF6E933F330BBBB8838B5F4890B4AFDB
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........S;.|=h.|=h.|=h..@h.|=h..Ph.|=h..Fh.|=h.|<h.}=h..Sh.|=h..Ah.|=h..Eh.|=hRich.|=h........PE..L...Z.IE.....................:...............0...............................p......a.....@...... ..............................,....p..`............4..........xB...................................B..@...............L............................text............................... ..`.data...@=...0....... ..............@....rsrc...`....p.......8..............@..@.reloc...[.......\..................@..B........................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1470728
          Entropy (8bit):7.976096044693027
          Encrypted:false
          SSDEEP:24576:CjG90oN2lj11mk/22yYzGrarZRm4X5Uh6rVh5LdfBwOyCSQM1fFhSWRAen:GGtN2h1120R7m4XShYVxfBwrC21fXSa
          MD5:6D398A234C074DF4AC4F73739E6404B6
          SHA1:DC0D6610D1CAF5AD6D468B6D867631AB2BB0362F
          SHA-256:6784ED4CA9986CB5FFF0C39C3AE63C0B0DAF7B05CFC22B78B2124820647F80D7
          SHA-512:99800E0130A5E80A6DB81FE2FA7612A11B915DFB5B3EBBFBF557844A2DBA1357C14217176327C0972D5ED28B9BC99BB3EBC09A9BF5B64AD8F1607E821E34400A
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.B...B...B...Kd1.E...B.......Kd7.Q...Kd .M...Kd6.C...Kd'.....e...C...Kd0.C...Kd5.C...RichB...........PE..L.....[J...........!.........N......C.....................................................@..........................................P...<...........6...;..............................................@............................................text............................... ..`.data....G..........................@....rsrc....<...P...>..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):13221
          Entropy (8bit):6.499817704615822
          Encrypted:false
          SSDEEP:192:GHE/u6vq2UECgpedtdjFjWEour0ZfJ5pcEODrn71gSxuIcFt7CUV+b5HIIwSeDnp:bGV36PdtKXM+3Ef5dpBjRzXwg
          MD5:22BECBA2004E5DD2C41C0337CDBBBDA4
          SHA1:D796D56069E25CF074C0A67ADCF0A7DA2FBB1500
          SHA-256:BB9B74E10B68238671A112CDD95C3B4D508F33405435B168C8C3A1BB69BC8393
          SHA-512:FB7BB45DC6950DF599A973FAECA666E89ECC694411F912572D82FB13308DC1BFD4E44A43F3726446FFABB7D36B2CD9EF2CA14D89BFFFD0E4D1279FF411331B56
          Malicious:false
          Preview:0.3...*.H........3.0.3....1.0...+......0.....+.....7......0..|0...+.....7.......Pg..K..L.M.p..150909215212Z0...+.....7.....0..I0....RA.0.D.0.3.C.7.5.D.3.6.F.1.F.F.2.2.7.B.2.6.2.B.C.3.A.A.0.8.7.7.7.E.7.3.5.1.2.F.0...1..{0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........<u.o..'.b.:..w.5..0....RA.6.0.0.1.3.4.C.B.B.9.0.9.0.5.0.4.C.6.3.9.C.F.E.6.D.A.A.F.F.F.9.D.E.F.B.E.0.C.5...1..Y08..+.....7...1*0(...F.i.l.e........c.y.u.s.b.3...i.n.f...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...........L...PLc..m.......0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):17377
          Entropy (8bit):5.377933774316491
          Encrypted:false
          SSDEEP:192:6Yj7f2CW2C8C02CVKftbgAgJ5fT71+RS+Cx0/H:CC5C8CHCKgJ2Nq0f
          MD5:108F163548FD4E8E344CD37ACF5413E6
          SHA1:A600134CBB9090504C639CFE6DAAFFF9DEFBE0C5
          SHA-256:5A3D8556E7592E442E5605E6DE199A702EDBD0919E78B3B3C38747C2951AF9B2
          SHA-512:B7B7BD7685AAB03FD4ABB28092367590B2A9A32342C8E1922D448010D42FB5EB8144EBA97C412DCACE0DDEDA491DB40C0233EC60CF0D7E2264F2AA00A7E66879
          Malicious:false
          Preview:; Installation INF for the Cypress Generic USB Driver for Windows XP..; Processor support for x86 based platforms...;..; (c) Copyright 2012, 2013, 2015 Cypress Semiconductor Corporation..;....[Version]..Signature="$WINDOWS NT$"..Class=USB..ClassGUID={36FC9E60-C465-11CF-8056-444553540000}..provider=%CYUSB3_Provider%..CatalogFile=CYUSB3.cat..DriverVer=08/19/2015,1.2.3.14....[SourceDisksNames]..1=%CYUSB3_Install%,,,....[SourceDisksFiles]..CYUSB3.sys = 1....[DestinationDirs]..CYUSB3.Files.Ext = 10,System32\Drivers....[ControlFlags]..ExcludeFromSelect = *....[Manufacturer]..%CYUSB3_Provider%=Device,NT,NTx86,NTamd64....;for all platforms..[Device.NT]..;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb3, USB\VID_XXXX&PID_XXXX..%VID_04B4&PID_00F0.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F0..%VID_04B4&PID_00F1.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F1..%VID_04B4&PID_00F3.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_00F3..%VID_04B4&PID_4720.DeviceDesc%=CyUsb3, USB\VID_04B4&PID_4720..%VID_04B4&PID_00B0.DeviceDesc%=CyUs
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:MSVC program database ver 7.00, 1024*643 bytes
          Category:dropped
          Size (bytes):658432
          Entropy (8bit):5.697508292371285
          Encrypted:false
          SSDEEP:12288:vLm0JXhKv2VwuM7YSL/ipgG/707SKstc+6UnddpdY:vLm0JXhKv2euM7YSL/ipgG/707SKsa+v
          MD5:1ABC445CB4E070F75FD3D6C689B714E5
          SHA1:AC0D7FA0828446A9A224B72D9A57C559F02AA055
          SHA-256:1B8C42CBF8D1812689D95D3C1A4A7523DF46C59F1AF0F31D3AB6433AFE741233
          SHA-512:C793D1C1741389AE7327B0035D518E81D0C60B386317E979217132B84B00D4E1334296C9CD7062ED6A0995A1F23FE5A22D43D4E1CB95BAADC15EDBF613E8761F
          Malicious:false
          Preview:Microsoft C/C++ MSF 7.00...DS...............p...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (native) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):65528
          Entropy (8bit):6.698873355690312
          Encrypted:false
          SSDEEP:1536:eQIJeE/oiYz7pn5T2wT8YS/BQsoxhbwjCZT/XSOkg:LIJeEgiYzl5T2wT8YS/BQbxhbwwXSzg
          MD5:48A534D866C6DAE8DD67132F245DEDBF
          SHA1:1D42AF388656FD1C5C2AE0DBE5E49ECE76B8AB5F
          SHA-256:4D697599790F749301ABFBABCC5E61EB81C13CD33C8245A8FCF6BE5173516100
          SHA-512:A9EB35D074DCE254404F9C690C13C3BFAB604EE197C3F64BD42467FD77364E64CF7ABD04DE7DBDFDA1CA8C1D626F30C68350C244B7118E6CFE66625ABCBB7D6B
          Malicious:false
          Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$...........................................................................................................................................................................................................................................................................................................................................................................................................Q.u.Q.u.Q.u.X...R.u.X...S.u.Q.t.I.u..(.R.u.X...].u.X...P.u.X...P.u.RichQ.u.................PE..L....g.U.....................%.......a..............................................{...........................................<........................@......p.......................................................d............................text............................... ..h.rdata..............................@..H.data... ...........................@...PAGE....................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):449
          Entropy (8bit):5.215358050025016
          Encrypted:false
          SSDEEP:12:lOzxamNLX51Xe1XBMTW5NJ5IkghIDNn5IkgjfIRn8:lOQmNLpded6qpghItgjfIRn8
          MD5:79119019C34240E59150DD5E2FB2515B
          SHA1:4CAE534C8C389137CBB3F8B0218EDCF8488EBCDB
          SHA-256:96EE6164BC9CB2C6373A48189E731C0F9F6A30EE0172971B0E20B8CCBBADC527
          SHA-512:706E48E4CC512EF98A5EBA634704C1BA12F1FD0309D9513E8DAECEEEF9AB156A7C33900A4F1DEBC39467A06B66E1593DBBCE88B347B763E1125C8A45B11FC0A0
          Malicious:false
          Preview::: Retrieve FW version..@echo off..setlocal....set workingDir=%CD%....pushd %workingDir%....echo Installing necessary driver . . ...cd DriverInstallerCyUSB3\cyusb3..call DriverInstallerScript.bat..@echo off....echo Generate debug.log,Please waiting.....popd....ccg4_dock_fw_update.exe -vid 17EF -pid A354 -v > debug.log..IF %ERRORLEVEL% NEQ 0 (.. ccg4_dock_fw_update.exe -vid 17EF -pid A35F -v > debug.log..)..echo Done!..timeout /t 3....@echo on
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):289074
          Entropy (8bit):3.346308342342341
          Encrypted:false
          SSDEEP:3072:rNaW95QwX41Qc9cPVSo9gm1ULeberWt761jFr9:rNEq41QoctSo9gm6LGee76tf
          MD5:E6CBC05CB2C004872BAF832804BEC675
          SHA1:A2614E60707A6B98C316187C109B48E17420B5C6
          SHA-256:DC0817CB06F35F50C89CD379608B7BAE7A7C01EC9140460EB742181A75043DB3
          SHA-512:3FB7B04EFDD881B96EC231652B0A2807425B95C74F1B2AE1080E14EB41A5323D88B25A17004DD68DC427D3E5DC7445BE61CCD17CC4A07CACCD0CB7652CFB9FEA
          Malicious:false
          Preview::400000000020002011000000050A0000050A000070B51C4A1C4B1D4D1A601D4B1A681023134000D12B602B68802B29D1194B1C7AE4B2012C14D90021052000F0FFF901217D..:400040000400052000F0FAF9E4B2C0B2002C03D0041E05D0032403E0441EA0410224241A0023210002202B6000F0E8F9002807D0012C05D82100022000F0E0F900F032FAD2..:4000800001F056F86588EDAC38000340880000205400034094000020000000000000000000000000000000000000000000000000000000000000000000000000000000000D..:4000C00000000000000000000000000000000000000000000000000000000000000000002B040031646D0100AF11021F0000000000000000000000000000000010B5064CD6..:400100002378002B07D1054B002B02D0044800E000BF0123237010BD080100200000000034120000084B10B5002B03D00749084800E000BF07480368002B00D110BD064BCD..:40014000002BFBD09847F9E7000000000C0100203412000090000020000000001823F0B54343184C0500E3189E689A8A002E02D10E70300024E0144B8000C758C2239B0082..:40018000F8581F231840031C082800D908239BB20B70182169436118D31889899BB2002099420DD3D0218900934204D97858B054013292B2F8E7182045436419A2821738B1..:4001C000F0BD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1846
          Entropy (8bit):4.3009708334091155
          Encrypted:false
          SSDEEP:24:oUqAdZ78VA6TCEBqOgWyUhIPOgJrDlcEbFQRTPCjZUAvMyADVUYvOber:oU7d18eNgClPOgtNGOeAv1ADVUivr
          MD5:59C7F4AC3793534A0D3807E4F031A8E1
          SHA1:BF94B1A3C348A6DB357AEC6A6F4DF427F5031D2B
          SHA-256:15F141022EF89538FAA0C6DF40B79FD025CC59D95FC02568ADCB86DC9D018009
          SHA-512:6AFC616D98A86B2A78EF621C3E523386494C54662C0981DB689198E686376BA1C4D87BF6B56EFEFDC4B37DF339A3586E3EB284355E9455492EE607335B5FF1A2
          Malicious:false
          Preview:C:\Users\LLA\Desktop\Cypress Lenovo_USB-C Gen2_FW Update Tool>ccg4_dock_fw_update.exe -h....***********************************************************************..****** ******..****** CCG4 Dock Solution ******..****** CCGx/HX3 and Billboard Unified Firmware Update Utility ******..****** Base Version 0.5 Tool Build 7 ******..****** ******..****** Test Release only ******..****** ******..***********************************************************************......Please power cycle the board at the end of operation for normal functioning!....Usage:..______..ccg4_dock_fw_update.exe [-cfu <filepath>] [-ccu <filepath>] [-cfd1 <filepath>].. [-ccd1 <filepath>] [-bf <filepath>] [-bc <filepath>]..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):2289
          Entropy (8bit):3.7638474089493834
          Encrypted:false
          SSDEEP:24:Jhnp8xWfvFkIY9+vaEl1ZcAWJTJyw23wMluIefoYf0/JIa9aP79S:rexsvi+SEKAqyVpLyg9C79S
          MD5:6FF774258FB138AA517E1281CE592850
          SHA1:ED1CD1B1B1D0FE7B82B07E3C3CC52E0BC4D98F6C
          SHA-256:866D7784DBB9C51DB88239B9D030B9C6746653BF89AB413A72F617D01F60F209
          SHA-512:19B55911EB132200786E8D07EC41F01F0CF8FD3964FF571A268B7062B37F5D42A8235F0B2C49FB135730918AA3F84E76CE0C41600E96563DBE1491264E6F8B8D
          Malicious:false
          Preview:Firmware Release Note for BillBoard Projects..Cypress Semiconductor Corporation....Release Information..--------------------------------------------------------------------------------..Customer : Lenovo..Project : ThinkPad USB-C Dock Gen2..Drop Date : 2018/07/09..Drop changelist : ..--------------------------------------------------------------------------------....Release Package Contents..--------------------------------------------------------------------------------..cyusfw_combined_210_cy_V_0_1_X.hex..cyus_bbcfg_210_V_0_1_X.cyacd..cyusfw_210_V_0_1_X.img..Release Note Lenovo USBC-Gen2 V0.0.X.txt..--------------------------------------------------------------------------------....Package Usage Dependency..--------------------------------------------------------------------------------..Product Number. : ..Hardware : ..Silicon Number. : CY7C65210..--------------------------------------------------------------------------------....Host Protocol
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):8056
          Entropy (8bit):4.580063302388855
          Encrypted:false
          SSDEEP:96:rZH2SFzDVpOerCKo1cTdLrHPervrWqHOujN6QtPld3DR096:rh2SthpZGiPerWqHOujN66PlNVG6
          MD5:B44085F39EBADAA7843D70F350264AC7
          SHA1:2E6F8A4A7EC9EA18F61066AD743DE8902CECE4BA
          SHA-256:7063B9A8D442E4C578722DFD93B5314B3C9638181DBC1B408ABB97E3C136BD09
          SHA-512:E41444F65A5E5C322C85EA481A31E5DCDB097264C0568E1D5B990C4874943E7BA49B497A5F2F0B234B4B66BED963D1E8F1DD2931DC44B1A7A9E0780D311FDDE9
          Malicious:false
          Preview:Firmware Release Note for CCGX Projects..Cypress Semiconductor Corporation....Release Information..--------------------------------------------------------------------------------..Customer : Lenovo..Project : ThinkPad USB-C Dock Gen2..Drop Date : 2018/07/09..Drop changelist : ..--------------------------------------------------------------------------------....Release Package Contents..--------------------------------------------------------------------------------..LNV_USBC-Gen2_Dock_V0.0.X_4226.hex..LNV_USBC-Gen2_Dock_V0.0.X_4226_FW1.cyacd..LNV_USBC-Gen2_Dock_V0.0.X_4226_FW2.cyacd..Release Note Lenovo USBC-Gen2 V0.0.X.txt..--------------------------------------------------------------------------------....Package Usage Dependency..--------------------------------------------------------------------------------..Product Number. : ..Hardware : ..Silicon Number. : CYPD4226..-------------------------------------------------------------------------
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):8232
          Entropy (8bit):4.5806991836832776
          Encrypted:false
          SSDEEP:96:rZH2SFzDVpkx1erCKo1cTdLrHPervrWqHOujN6QtPld3DR096:rh2SthpjGiPerWqHOujN66PlNVG6
          MD5:D5A78A7FB3EBC9B11D856EC3F44C923B
          SHA1:79D6B6E4927C03EF058EDD941DCC6455A48F1268
          SHA-256:5436AEC53BF26B05777FF11E5250013EEFB16D91A81B07230953570EC4AD8519
          SHA-512:11207851B84FEC5CEE43A1B208856D5F3A98075B6821EF0A4631996B58D0E4246C4D6C647569301C0C98B46680D8698ACB31F95C43F2A01329717833A2FEC019
          Malicious:false
          Preview:Firmware Release Note for CCGX Projects..Cypress Semiconductor Corporation....Release Information..--------------------------------------------------------------------------------..Customer : Lenovo..Project : ThinkPad USB-C Dock Gen2..Drop Date : 2018/07/09..Drop changelist : ..--------------------------------------------------------------------------------....Release Package Contents..--------------------------------------------------------------------------------..LNV_USBC-Gen2_Dock_V0.0.X_4226.hex..LNV_USBC-Gen2_Dock_V0.0.X_4226_FW1.cyacd..LNV_USBC-Gen2_Dock_V0.0.X_4226_FW2.cyacd..Release Note Lenovo USBC-Gen2 V0.0.X.txt..--------------------------------------------------------------------------------....Package Usage Dependency..--------------------------------------------------------------------------------..Product Number. : ..Hardware : ..Silicon Number. : CYPD4226..-------------------------------------------------------------------------
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):856
          Entropy (8bit):4.040265538372474
          Encrypted:false
          SSDEEP:12:8552dR8tbRVWAxxmRJxonjTI9xmRXxUnpTIyvmRotAIzlmRPsnT:vzU1kAx0JyjTm0X+pT4Z1AT
          MD5:8F67476CED802B24617B891E743E8FBC
          SHA1:27A6008E8D6554BFE1BD77CF483DD2212D2D0D59
          SHA-256:794FF365B8C3F93FC5122A332E20D0EA5EBB628434243D7F0FD068DD4D85E4A2
          SHA-512:78B158068EB858552E7B78F50A0041745288629667D3058B5A80C6BD548A451EC8B5419C41D9DBB0D147842AAFFC18608786D32D0C070A8608F039DCC11238F4
          Malicious:false
          Preview:ccg4_dock_fw_update.exe Tool return value decoding:..----------------------------------------------------....Return value:.. bit 1-0:.. 00: Billboard update not requested.. 01: Billboard update not attempted.. 10: Billboard update success.. 11: Billboard update failure.. Bit 3-2:.. 00: CCG4 update not requested.. 01: CCG4 update not attempted.. 10: CCG4 update success.. 11: CCG4 update failure.. Bit 5-4:.. 00: Tier-1 update not requested.. 01: Tier-1 update not attempted.. 10: Tier-1 update success.. 11: Tier-1 update failure.. Bit 7-6:.. 00: Tier-2 update not requested.. 01: Tier-2 update not attempted.. 10: Tier-2 update success.. 11: Tier-2 update failure..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):85915
          Entropy (8bit):3.598655766574572
          Encrypted:false
          SSDEEP:1536:kCNH6fdpfbldpjSUeJFYN75Ctlh1953ZcUcNWBzxx+C6MJaLNieqyr:kFuFO96TZ+V9r
          MD5:ED8065B03743B4076CA3639C70C5C679
          SHA1:1EFCBE4022F6D993A06F9E25B3AD608A8AA2498D
          SHA-256:00FC2F8281843127366789AE322B645E809D8C49120507B48FA40BF79E22DC86
          SHA-512:A922717648BAC3442CA99DFD88867322A66C3F9137944B2FBF03DC02BE90DF562E2E2BC80CBDABE4868A7CE1812D84A6179DE659D14684DAC9E098AF866F5A0A
          Malicious:false
          Preview:1F0011AF0000..:00001401000020002001190000C1550000C15500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074060132646D1300AF11021F0000000000000000000000000000000000000000F3..:00001501005943040500200004D737B4040100020000020B000000000000000000000000000C02180024021000340218004C0218000000000000000000E803000000000000020002000000010001059F0581070101010001000000000000000000000000002C91013F2CD102002CC103002CB104002C41060000000000000000000A90012E5AD002005AA004005AB004005A400600000000000000000000005A005A005A005A000000000000000100640268027002740278027C02880200000000000000000C00000001000000A80200009802000000000000000000000000000000000000
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):124386
          Entropy (8bit):3.660158164926742
          Encrypted:false
          SSDEEP:1536:+HJAsLX0V+eFeUkscrQmSIFRYP5qPLluAensYCK3Bn1tSkqK29nkjDaQJivmZa0x:uDg+ekfON3S9+xpHdVKryJ
          MD5:CACAD52760D1D2BD92F3D9877B6E93B1
          SHA1:B11403E8617F1D2AFBD8322A826A4A5D93EF478C
          SHA-256:9318FD36D894ABF2EF18DA5A27E2E9E48A5C54409953FFCDF1883DCF9F40DCAB
          SHA-512:62D5FEA60FAC55C4B578339C7358D3415CB4FC384862D540A46FC28BBB52AD8E9198B0DE3180CF84A42974126D5313010BD958BCE4FC08B881475DF63BCC4A4E
          Malicious:false
          Preview:1F0011AF0000..:0000BD01000020002001C200006D9C01006D9C01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074060132646D1300AF11021F0000000000000000000000000000000000000000B9..:0000BE01005943040500200004D737B4040100020000020B000000000000000000000000000C02180024021000340218004C0218000000000000000000E803000000000000020002000000010001059F0581070101010001000000000000000000000000002C91013F2CD102002CC103002CB104002C41060000000000000000000A90012E5AD002005AA004005AB004005A400600000000000000000000005A005A005A005A000000000000000100640268027002740278027C02880200000000000000000C00000001000000A80200009802000000000000000000000000000000000000
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):289074
          Entropy (8bit):3.3448344992392136
          Encrypted:false
          SSDEEP:3072:uE9NUYMFO9ybQy9IUFZA0dydQMa2zYU7hbNrfd:uqDMFrbQyNFZA0AyCzH7hz
          MD5:45B98D2E4B48D9DC1685BB337F9E9442
          SHA1:DFBB3389130BAA588D4C445E23D86954D9F69882
          SHA-256:0AAC27D3242019E830CBAF630521D3655B32E44428FDFB6A0E8AF54FE3CAA8EC
          SHA-512:E299B7D2C95202D2E4A00EE6F00281F6683697BC7931D319F3F53C7794E5127EAEE899D84CAE2CF6CC08D859C78B83EAE03458D9921F1320A9609359B2F86108
          Malicious:false
          Preview::400000000020002011000000050A0000050A000070B51C4A1C4B1D4D1A601D4B1A681023134000D12B602B68802B29D1194B1C7AE4B2012C14D90021052000F0FFF901217D..:400040000400052000F0FAF9E4B2C0B2002C03D0041E05D0032403E0441EA0410224241A0023210002202B6000F0E8F9002807D0012C05D82100022000F0E0F900F032FAD2..:4000800001F056F86588EDAC38000340880000205400034094000020000000000000000000000000000000000000000000000000000000000000000000000000000000000D..:4000C00000000000000000000000000000000000000000000000000000000000000000002B040031646D0100AF11021F0000000000000000000000000000000010B5064CD6..:400100002378002B07D1054B002B02D0044800E000BF0123237010BD080100200000000034120000084B10B5002B03D00749084800E000BF07480368002B00D110BD064BCD..:40014000002BFBD09847F9E7000000000C0100203412000090000020000000001823F0B54343184C0500E3189E689A8A002E02D10E70300024E0144B8000C758C2239B0082..:40018000F8581F231840031C082800D908239BB20B70182169436118D31889899BB2002099420DD3D0218900934204D97858B054013292B2F8E7182045436419A2821738B1..:4001C000F0BD
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):4967
          Entropy (8bit):4.3685643253501905
          Encrypted:false
          SSDEEP:48:rcsvP2SeAz6yVp9QVplaAU2CCdXh0kjLaJM3dio2SgPN8oR7fN9mzarG:rZH2SFzDVp2Pld3DR096
          MD5:36C158DE7FDB5FC26F710DB59CFD57AE
          SHA1:5F6A5FE21074F98F251EFC47A37587674BCDA90F
          SHA-256:DB36E06FE1144D2E7E07977D8E79BE6DBEB5AFBD3157F270ACFA8A60C7950450
          SHA-512:5E2E9A066E33E52E21DCB0ABDCB6D58B72FA0F54C69CACACA2DFB184C6DB01B15129C5F57BFDF610B94C328FC9CC4038CF6F44A16DF091BAF9FFB8C11FC60CC5
          Malicious:false
          Preview:Firmware Release Note for CCGX Projects..Cypress Semiconductor Corporation....Release Information..--------------------------------------------------------------------------------..Customer : Lenovo..Project : ThinkPad USB-C Dock Gen2..Drop Date : 2018/07/09..Drop changelist : ..--------------------------------------------------------------------------------....Release Package Contents..--------------------------------------------------------------------------------..LNV_USBC-Gen2_Dock_V0.0.X_4226.hex..LNV_USBC-Gen2_Dock_V0.0.X_4226_FW1.cyacd..LNV_USBC-Gen2_Dock_V0.0.X_4226_FW2.cyacd..Release Note Lenovo USBC-Gen2 V0.0.X.txt..--------------------------------------------------------------------------------....Package Usage Dependency..--------------------------------------------------------------------------------..Product Number. : ..Hardware : ..Silicon Number. : CYPD4226..-------------------------------------------------------------------------
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):586752
          Entropy (8bit):5.964026819876535
          Encrypted:false
          SSDEEP:12288:BayXtTkmcRp4Yd4Vb7DNglzCtn5hBZNwBt:mRXkBZ
          MD5:DD16B5313C8A71B2B64900CD52C26CCD
          SHA1:0262D0C3ABB5FF69F304368997A43E806E9A9D53
          SHA-256:35EFE88C47BFF81A640902935D665DD769704B6A32F58598452D4B844BEC356D
          SHA-512:0C80F044DAFA7D44F06E04D01CE9A50305A178A200DB9F07E1D8B1E56E709D883287F778D3F95C773E57CD6EDA1AE79B1C06B0DC1D01C69AB2D4F62C0DD1B591
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u,..1M.F1M.F1M.F..oF=M.F..mF.M.F..lF(M.FR..G#M.FR..G.M.FR..G#M.F.UF9M.F/..F2M.F1M.F.M.F_..G;M.F_.aF0M.F_..G0M.FRich1M.F........................PE..L.....&Z.....................~....................@..........................p............@.................................`...x.... .......................0...2...t..8............................t..@...............`............................text............................... ..`.rdata..............................@..@.data....7..........................@....idata..............................@..@.gfids..............................@..@.00cfg..............................@..@.rsrc........ ......................@..@.reloc..Z:...0...<..................@..B................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):168448
          Entropy (8bit):6.600303111226562
          Encrypted:false
          SSDEEP:3072:EuBoNDlwGgyxKhEt/PZn/7MEWQ0lxr1rdZ28SfuXi4YfVIbVALW/N+yN:EuBoNDlwxeIi/PZ/7Zd0lxASuKYyN
          MD5:2E08ECE10A45B7CF57A623098AE95CB2
          SHA1:2EAE1AC428FC2FC102B68981E705F1F580155CB9
          SHA-256:020C68111A99DC51BEEC8E7C41F64491CBC53E540F0F2B16B3C69446CAB4A173
          SHA-512:DB8FA1412236974DFF2142BDBAC9462F60193DEED17C3692A34EDFFFEB270C2C042A1E73B62CAF70C983177F013A13E7A29ED933A51FE564E7F3032FB1D85C2F
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q...0..0..0......0......*0......0...m..0...m..0...m..0..b?..0..|.6.0..Hn.0..0...0...m..0...m..0...m..0..Rich.0..................PE..L......Z..........................................@.......................... ............@.................................,`..x................................ ...V..p............................V..@............................................text...;........................... ..`.rdata..n...........................@..@.data....V...p.......Z..............@....gfids...............l..............@..@.rsrc................n..............@..@.reloc... ......."...p..............@..B................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):107522
          Entropy (8bit):3.699794453121741
          Encrypted:false
          SSDEEP:1536:G/R1NWvIwzhdAn2KUccn28tG7d0FM/KlGOt2iU5B0nOkrzqFATbGJQGg2FAC+iaI:aQZaTiMO+0nz9BTdV9kB
          MD5:B55D2B2A6C1BCB31A67CE5995CB83A87
          SHA1:CA3E8E15BE8FD9422ABC830D13508BDB2B9E1CFA
          SHA-256:DC174F9BE88ACFD61A45B3074DF4D9C22B82584DD9548DA84E6349F7A25FFF68
          SHA-512:2BC4D791E94CA77166D96C72C42B08E75301E184F0906FCFFE56EE156787B012D6E1E2CC0712FC7828408D52479645C94128DA5D07133C29FA1C9E420EBEE7FF
          Malicious:false
          Preview:1F0011AF0000..:00001401000020002001190000A9C20000A9C2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FA02003032643702A81100180000000000000000000000000000000000000000EF..:000015010059430400001100049E4BB40401000200000000000000000000000000000000000002140014020C0020020C00000000000000000000000000E80300000000000002000200000001100106BB0581070100010001000000000000000000000000002C91013E2CD102002C2103002CC103002CB10400C2410600000000000A90012E5AD002005AA004005AB004005A400600000000000000000000005A005A005A005A000000000000000414010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):107522
          Entropy (8bit):3.7052083582940987
          Encrypted:false
          SSDEEP:1536:HUkcNBIcjPYxncKUgALAOEPvD0bgWriQOtYuN5P0bXrVWKADVTgoAWHW8CHrR3/k:OfCVfCHOt0bbyI7dVSh
          MD5:F58D0FDC9AD03DBF201BB3B2FE6DE3EE
          SHA1:CC324F51F283148340252811F9A9DF57E1ACC604
          SHA-256:88BE2E1C3086300EBFEE56700645DDAAF86946E18648338B7A514102E276806D
          SHA-512:2474FA76F335207959B04D497BD9060CD92C1990B7DE1601DE165759C183B3D102EFC1723ED429166D0DF97172071B20A6495B36764F1A8A8F430D2F68F274D7
          Malicious:false
          Preview:1F0011AF0000..:00010001000020002001050100A9AE0100A9AE010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FA02003032643702A811001800000000000000000000000000000000000000003B..:000101010059430400001100049E4BB40401000200000000000000000000000000000000000002140014020C0020020C00000000000000000000000000E80300000000000002000200000001100106BB0581070100010001000000000000000000000000002C91013E2CD102002C2103002CC103002CB10400C2410600000000000A90012E5AD002005AA004005AB004005A400600000000000000000000005A005A005A005A000000000000000414010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):168448
          Entropy (8bit):6.600303111226562
          Encrypted:false
          SSDEEP:3072:EuBoNDlwGgyxKhEt/PZn/7MEWQ0lxr1rdZ28SfuXi4YfVIbVALW/N+yN:EuBoNDlwxeIi/PZ/7Zd0lxASuKYyN
          MD5:2E08ECE10A45B7CF57A623098AE95CB2
          SHA1:2EAE1AC428FC2FC102B68981E705F1F580155CB9
          SHA-256:020C68111A99DC51BEEC8E7C41F64491CBC53E540F0F2B16B3C69446CAB4A173
          SHA-512:DB8FA1412236974DFF2142BDBAC9462F60193DEED17C3692A34EDFFFEB270C2C042A1E73B62CAF70C983177F013A13E7A29ED933A51FE564E7F3032FB1D85C2F
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q...0..0..0......0......*0......0...m..0...m..0...m..0..b?..0..|.6.0..Hn.0..0...0...m..0...m..0...m..0..Rich.0..................PE..L......Z..........................................@.......................... ............@.................................,`..x................................ ...V..p............................V..@............................................text...;........................... ..`.rdata..n...........................@..@.data....V...p.......Z..............@....gfids...............l..............@..@.rsrc................n..............@..@.reloc... ......."...p..............@..B................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):49152
          Entropy (8bit):6.084842137987411
          Encrypted:false
          SSDEEP:768:ICwngEK2t2TLYC8Y2GkJOqpp+BjlgBZ1pHLiytCHhLNu30rvwRpnD0OKCfGlP:ICKgEK2cYx6Y3pHey8HhIkrvGD0OK2Gt
          MD5:135058CA2C5EAB09884C501A02AE5A87
          SHA1:A50087F385E8A470C5718B5CA8E4F12544AF210F
          SHA-256:C5165FC35172B1DF503F41BE5D266292D190D2471EBD3499E3F148A9E7571E14
          SHA-512:F0EF1206C68072F360C8ABAA00A39CDE1605D4C88FFD0A7D6B0A85335B8A93CD96E2D0AD8595DD23F6DEA5E2A3A328A66CAF5A76391FB5D4345EDD0FE8723260
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m.....L...L...L.t.L...LnC.L...L.t.L...L.t.L...L...L...L...L...L.t.L...L.t.L...L.^.L...L.t.L...LRich...L........PE..L....K.V...........!.........(.....................................................f.....@.................................,...d...................................p...................................@...............D............................text.../........................... ..`.rdata..y...........................@..@.data...d...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):5434
          Entropy (8bit):1.238098962605543
          Encrypted:false
          SSDEEP:48:OgtdXGGGGGGzSrFOGyDdFOVRiONFW4hGF5LjS:BKrm6cbm
          MD5:CB2C3CC357EB0E01EFDCA9E25B70CC1D
          SHA1:83291F14AC8EA1476497BC30F0DB9D689472E07E
          SHA-256:08FEC0EA34603C54698C992AD177593ECAC7ACCA75400625291481956199F7ED
          SHA-512:844FEFEADD7BDD08957C81E6B8633D3A3D5AAE3B24A72DBA0D74A028188955CA9AA7E78460241FA963BB4BBD4398BA3B6163896BB20B64D73786DF79239ED87A
          Malicious:false
          Preview:08AA11981100..:00003000804359555300010000CF1B3C0B312200000022000000160000478485A103030000FFFFFFFF801A060002010100000000000000000000000000FFFFFFFF00000000000000000000000000000000000101FF00FFFFFFFF00FF01FFFF0001FFFF0001FFFF0001FFFF0001FFFF0001FFFF0001FFFF0001FFFF00000000000000000000C8..:0000310080000000000000000000000000FFFFFF00010001FFB4041A5200003200FFFFFFFFFFFFFFFFFFFFFFFF000000000403090400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002C0343007900700072006500730073002000BB..:0000320080530065006D00690063006F006E0064007500630074006F007200000000000000000000000000000000000000000000001E035500530042002D00490032004300200042007200690064006700650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008C..:00003300800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000040C000002000000000000000000FF01000000000000000000
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):72483
          Entropy (8bit):3.4609414593663232
          Encrypted:false
          SSDEEP:1536:MF6+T7IVyaavDSXbbKzHIntVG2a9V5zBIREw2Cu8GHyta/+:ahNagD2bbKJ9V5FwG0
          MD5:558F261CD9DDCE6E8FD5B438B9A34A40
          SHA1:7FD6642569A14532CC561897501326D158522816
          SHA-256:92EF9C4890A9702F9378FD5542E4148497392CDE80FF311A2718755A48D2174E
          SHA-512:F5E4340BEDB466E8F1A0641EE65F2DD35F21F6FBB27D45DB26B86DE5C19CD60205361EB6BE696FD8F8582361F9BA2C57B95570568CE1DEB691CD220AF37426ED
          Malicious:false
          Preview::40000000f00f002055020000690200006b0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006f0200006d0200006d020000710200007302000032..:400040006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d02000090..:40008000150d00006d0200007b0e00006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d0200006d02000083..:4000c00000000700000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8..:4001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bf..:4001400000000000000000000000000000000000000000000000000000000000000000000000000000000000801700000000000000000000000000000000000000000000e8..:40018000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f..:4001c0000000
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):49152
          Entropy (8bit):6.084842137987411
          Encrypted:false
          SSDEEP:768:ICwngEK2t2TLYC8Y2GkJOqpp+BjlgBZ1pHLiytCHhLNu30rvwRpnD0OKCfGlP:ICKgEK2cYx6Y3pHey8HhIkrvGD0OK2Gt
          MD5:135058CA2C5EAB09884C501A02AE5A87
          SHA1:A50087F385E8A470C5718B5CA8E4F12544AF210F
          SHA-256:C5165FC35172B1DF503F41BE5D266292D190D2471EBD3499E3F148A9E7571E14
          SHA-512:F0EF1206C68072F360C8ABAA00A39CDE1605D4C88FFD0A7D6B0A85335B8A93CD96E2D0AD8595DD23F6DEA5E2A3A328A66CAF5A76391FB5D4345EDD0FE8723260
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m.....L...L...L.t.L...LnC.L...L.t.L...L.t.L...L...L...L...L...L.t.L...L.t.L...L.^.L...L.t.L...LRich...L........PE..L....K.V...........!.........(.....................................................f.....@.................................,...d...................................p...................................@...............D............................text.../........................... ..`.rdata..y...........................@..@.data...d...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):22556
          Entropy (8bit):6.831038543297904
          Encrypted:false
          SSDEEP:384:Vnz6oozeU/KJUT8zLAYKSbc3z6m018n3PHFn5FiS3087g9lECOHIHX3N:VntpU/KJUk30z0S3PHFn5FiSk8c7eHIt
          MD5:19CD68381C19C587CE93C06BC14A3BE0
          SHA1:1C2B1D7124597580E6585C5DB837C2CC68C22725
          SHA-256:84AF3BF5AA85F3043579FEEECEB649496246C2957BDC647EC6AB78CED439189A
          SHA-512:3077E4787CE54E40720DC3560005DA8EB37CA096394748F5CFFE934E05B0BB5242485FD686DE7DAA0AEA74EA365853C16231506BA558382B43BCF97D9F3DBC5B
          Malicious:false
          Preview:CYUS........."...H.F.....H.GIT..... .........I.F.G..... .H.G."...H.F............... .............H.h.(...I.1.`pG....... .".I@...... ...h.".C.`.......w.....!I..)..@...pG...p@.R...pG...x.pKxCp.x.p.x.p.y.qKyCq.y.q.y.q.:.0.1.......xI..p@.R...pG.....x.x.B....@...@.I.R.... ...F... .F.....Y .R..B.......J.i.....i@.@..a.i.... .`d .....h.....`.h. .C.`.i.C.a. .I@..`... .I@..1.`.H.i.....iI.I..a.i....pGp..F.I...X. .&.. ..`= .. ..`. .IhC@.."1F..x..HA]. ...)..!..hR.R..`.f.!..a..hR.R..`?!..a..hR.R..`.! .A`(F...p....F.I...X. .I...1.`(F....F.H.#B].HkC.'...*H..{.(7..H.)...!..q..hI....!..q..h....}.)..z.)..n.".C.f...!AU.!.u.r..}.)b.@].(..Ih.@.@x....(W.u.I.s. HUQ.pn....M. |.(J.`..(G.pn..D.H't.!AU?..{= .#.....*(..)&..!..q..hI...1..h.....h....{I...s2)...s.J.r.!QU1hI.I.1`1h."...C1`...hR.R..`.s!|.)..0..h.... ~.(.....hI.I..`'v`}8!.NMC.(...Hx.jI...}J..QX.h.....)......gu.|.(..p]..... lI...`..kI...X.!.".1.....`.`.!.fpGeI...X.!=".1.....`.`.!.f.!..@..h."...C.`pG...F.x.x...C..$ ^IhCA..1."hF..j.(F....(F
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):170496
          Entropy (8bit):6.620752418555444
          Encrypted:false
          SSDEEP:3072:WYgXJZmXcC8I19QC2mC7zAqdh1LKGAlEUjSRBgL8F0f+kps3xVy0bRm:WYgXJOcCR10Fr1GBlbW8CY
          MD5:F3B7D89D96BB1CF48CB615226F63B032
          SHA1:D5BFE2C304763BDE6D8CEEF0F9B9A63999AFA265
          SHA-256:D29FC7BA66AF3183793A590CC90DCAEF8DA7F03AF97352E4C623E1DB6727C657
          SHA-512:FE5A12C4CFADDD4C7A0D7E8989984D511421FDEC40B62C43E7AD0CF98435ACB855BD3E6771462566A8BFBD54A8E014D3A9996D1A15C1ED6AE60A6993643C3908
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."@..f!..f!..f!...@.l!...B..!...C..!...|..t!...|..x!...|..t!....z.n!..xs".e!..f!...!...|..l!...|N.g!...|..g!..Richf!..........................PE..L...,.dX............................(e............@.......................................@..................................m..x...................................Pc..p............................c..@............................................text............................... ..`.rdata..............................@..@.data...8#...........n..............@....gfids...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1908
          Entropy (8bit):5.566655227683004
          Encrypted:false
          SSDEEP:48:0AGKed6BrWr9HrWrfuAWddrW4IrWLsLA4riIJA4nZcopBn:0tZmWr9LWrGVhWlWLy/X
          MD5:97FC4E57730C3892589E27E70F03F167
          SHA1:FDC4F5499FF09D773C55A9D66C8FAE58E99F7A70
          SHA-256:492CAC377C0E37A0459ADC98293303DB29F390EE99F6E2AB9BD8ED09509B6E03
          SHA-512:75F089FF50C837579270B430539E34602F6E3770CA05C148A4E0216D1EF3B7CFB2F43313AB08F2EF3B546612999BCFEE7F820F13EAC9143B597CD10D3B485F2A
          Malicious:false
          Preview:@echo off..setlocal..setlocal enabledelayedexpansion..set RESULTCODE=0..cd %~dp0....echo /**********PD\BillBoard FW Update Start**********/....cd .\DriverInstallerCyUSB3\cyusb3..call DriverInstallerScript.bat \q....@echo off..cd ....cd ......@echo off....if "%1"=="1" (...ccg4_dock_fw_update.exe -vid 17EF -pid A38F -cfu1 CCG4_FW1.cyacd -cfu2 CCG4_FW2.cyacd -f...echo ccg4_FWU_status1:!ERRORLEVEL!...IF !ERRORLEVEL! NEQ 8 (....echo Can't find PID:A38F....ccg4_dock_fw_update.exe -vid 17EF -pid A38F -cfu1 CCG4_FW1.cyacd -cfu2 CCG4_FW2.cyacd -f...).....echo ccg4_FWU_status2:!ERRORLEVEL!.....IF !ERRORLEVEL! NEQ 8 (....set RESULTCODE=99...).....ping 127.0.0.1 -n 50 -w 1000 > nul..)....ccg4_dock_fw_update.exe -vid 17EF -pid A38F -cfu1 CCG4_FW1.cyacd -cfu2 CCG4_FW2.cyacd -f..echo ccg4_FWU_status3:%ERRORLEVEL%..IF %ERRORLEVEL% NEQ 8 (.. echo Can't find PID:A38F.. ccg4_dock_fw_update.exe -vid 17EF -pid A38F -cfu1 CCG4_FW1.cyacd -cfu2 CCG4_FW2.cyacd -f..)....echo ccg4_FWU_status4:%ERRORLEVEL%.
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):410
          Entropy (8bit):5.334854849653117
          Encrypted:false
          SSDEEP:12:lO2spA1Xe1XBMiN5Ikg1DgXkNn5IkgN+DgcS9N:lO2GAded62g1DgX2gIDgcw
          MD5:7FFDC414628398543DCFB4EA22CD4C4B
          SHA1:8170D3BC420806DAED58137E3F73934C226177F1
          SHA-256:D2A0A8EADFBF5A4C66389829E2F14DB5F7E2BA7B3DCDAEF9772927190EC245DF
          SHA-512:CD4EF3B107E7AE1601FFE5731425888D11D90890566BDCCCAD80640B5790567B80F30B41955BF387F7D3807BFC98926123456923E6B2DE7CC4B5D67ACBA2A679
          Malicious:false
          Preview::: Retrieve FW version..@echo off..setlocal..cd %~dp0....cd .\DriverInstallerCyUSB3\cyusb3..call DriverInstallerScript.bat \q....@echo off..cd ....cd ......@echo off....ccg4_dock_fw_update.exe -vid 17EF -pid A38F -v..echo Tool_running_status:%ERRORLEVEL%..IF %ERRORLEVEL% NEQ 0 (.. ccg4_dock_fw_update.exe -vid 17EF -pid A35F -v..)..echo Tool_running_status:%ERRORLEVEL%..ping 127.0.0.1 -n 3 -w 1000 > nul..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1844
          Entropy (8bit):4.252902028640046
          Encrypted:false
          SSDEEP:24:Gwz2A6mQGU/EBqOgWyUSsFM9HbbytGm7cVLV/FtGmNBGmipwJY2Gmt:GwzLxQH/gCht/G57cVLV/7dNBdipwddt
          MD5:A4D6B509B2F05EFBBB01B6CFCBABAFA2
          SHA1:E80F1666B9475CBBFD10C5CCBDA13B7C40DA7328
          SHA-256:221A0FAF955DDA110760CEBB8CE89C37B4633B77FD4D7D6B31F1004E58138A3D
          SHA-512:9301AA80C38268B4C2FC870261529ECF1821461AB58AB5821A4DC1E35D1906FB5109C1EDCE4B1BA647DCD69F4E5C0A55DA2B7308171FEEFCACB370881CCAC14B
          Malicious:false
          Preview:..***********************************************************************..******........ ******..****** CCG4 Dock Solution ******..****** CCGx/HX3 and Billboard Unified Firmware Update Utility ******..******. Base Version 0.5 Tool Build 7 . ******..******........ ******..******.. Test Release only .. ******..******........ ******..***********************************************************************......Please power cycle the board at the end of operation for normal functioning!......Searching for Billboard Device . . .....Firmware Update Device Found!....Connected with Firmware Update Device.....*******************************************....***********************************************..BILLBOARD VERSION INFO ..***********************************************.....Billboard Firmware Version...--------------------------...Version : 0.1.0.30....No USB-I2C device found..Failed to connect with Fi
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):56
          Entropy (8bit):4.524346503629671
          Encrypted:false
          SSDEEP:3:rMvccJfs6QrNLINovoNKv:YET7r5INovo4v
          MD5:22A1DDFCC34FA540FE3D8F7231D14DE3
          SHA1:4EAF82CEC5AFAEA64E836826518B969151AFECFF
          SHA-256:BF1F3F1FF3F518387CF548DFB326B20CE804F1FC8B4A75F06F179D7EE5F8FC11
          SHA-512:A6C8120BBF5D423D61E253A87014B4DDDD7F4F01C72FE776F14B04747AAE9A8E29C54CFB178B215CCCBA6647D05144592D1C340E6F00687A2FB685EB7ACBC983
          Malicious:false
          Preview::: Display Help....ccg4_dock_fw_update.exe -h....pause..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):81888
          Entropy (8bit):6.32151959258234
          Encrypted:false
          SSDEEP:1536:Dyn6984oLNQ3sS59jsc3S/BW+sap5A4cSFMMu:/TsSFuJW+dp5A4Y/
          MD5:FDB92AEC262A2078B456D331093CC067
          SHA1:870F9C11990F6778D16C69D93DE5A3606632047B
          SHA-256:E1632A981BFC5C173C617F80573F9FD2D40680033C591DF2044C7F82AB77FCB6
          SHA-512:8ECED4BAF22BF3B8AA84E4AFC9A7ED043DC82507C02D7222DC17D136BD6014E9F951AD29C9CA155F3F8945A6732BB533953C5591EEB1C5FFA6490B6C3FFBF486
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................t.....b.....e....(...........k.....u.....p....Rich...................PE..L....W.Z.....................j....................@..........................`............@.....................................<.... ...................!...@..8.......................................@...............L............................text...4........................... ..`.rdata...+.......,..................@..@.data...h-..........................@....rsrc........ ......................@..@.reloc..z....@......................@..B................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):82400
          Entropy (8bit):6.3207470859214965
          Encrypted:false
          SSDEEP:1536:FBfhJyRUDeylHCd4Amx131pF+orXb5/lwRM:3eQDIur5/lM
          MD5:6BC3F5B58108EF36F349299ACAA113AA
          SHA1:45C13E33E4534463182A967B24B1DA2D6EC2AE46
          SHA-256:10671703234C747B99255DF972159312A0357547BC0361D0A9AB27F6F0F31F70
          SHA-512:E1B4733FF3B3DD579F9238ACECB8C54C09C809D5FEDA1AC40DDE72C47DC4B0279AF1A76EE9AA8E929555B57F7C755146DDF0A36A7BD06B47499CC68D374959AC
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................t.....b.....e....(...........k.....u.....p....Rich...................PE..L....W.Z.....................j....................@..........................p......Zb....@.....................................P....0............... ...!...P..|...................................p...@...............P............................text...H........................... ..`.rdata..^+.......,..................@..@.data....-..........................@....rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):4.959346975541633
          Encrypted:false
          SSDEEP:192:KTaLSPj3hfPCrFXWWDiB6Bbzz3LssNW/GW:KTjb3AXpOBoLbs2W/GW
          MD5:7F5924AF8B6338C8C7913D4C2482150B
          SHA1:5836FE57B132BDE9E696F20A42885CBD162223F4
          SHA-256:8F5F159C32279C25AAA8662044BA61E0D0415E53E14EFCBB735D96D7568D86FB
          SHA-512:CFC3346A263E993183452BD0F6E9DD86C4E5F98BDF1D18F81993BDFB66CF52B516AEA298AE549EA4AAF622984E1FBE7A4DC90792E5FE6B1AAD0C1A80665F7888
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d._.............}q......}`......}f..............}v......}|......}a......}d.....Rich............PE..d.....[J.........."..........................................................p............@.......... ...............................................P.......@...............`..........................................................x............................text...J........................... ..`.data........0......................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc..H....`.......&..............@..B..[J@.....[JM...+.[JX...+.[JX...g.[Jb...R.[Jo...T.[J|...........KERNEL32.dll.msvcrt.dll.NTDLL.DLL.COMCTL32.dll.SETUPAPI.dll.SHELL32.dll.................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):26176
          Entropy (8bit):6.710157001650457
          Encrypted:false
          SSDEEP:384:WKhgG50HMBCa071IcnYPLFIFgRKtURoO9XqFRgegl98+:WK7CMkaatAWy8t8
          MD5:2BC68856E9C2C314028FCF31DA1172ED
          SHA1:F90359E43F9A6A3D9775DB40323BD03C66FB1137
          SHA-256:E896DD17AE2291DBFFF3622D1D4486A0FCA8ED8293A577B91A258C7B969391F8
          SHA-512:6CA2C6E7ABB0168F8028019B4C088EA9807E59EAEFBF4BAB628E6C8E30C5C26F961A734014F97B46B1B72AE33C2587493E3DB44C7D5497C6137C7436F1BE2E23
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k,}./M../M../M../M..4M..&5..,M..&5..,M..&5..,M..&5...M..&5...M..&5...M..Rich/M..................PE..d...;..\..........".................dP...............................................}.......................................................P..(....`.......@.......&..@@...p..<.... ............................................... ...............................text...1........................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata.......@......................@..HINIT....&....P...................... ....rsrc........`....... ..............@..B.reloc.......p.......$..............@..B........................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):55808
          Entropy (8bit):4.916915180047461
          Encrypted:false
          SSDEEP:768:CMy5ZvUFT1hN9XavSH1j03Atz1tr2evxHs4gZWk:3+UFvNfw3AtxtrnxHeW
          MD5:ACA9369B987D5BFE2AA864F2107FD30C
          SHA1:D69502D010E97FEB710568E81725A5DDDB711EA0
          SHA-256:64A7B9C0B8D28BF48DBE837C3540A6B8DBCC12F631A7FB7609DCE230DAA2B24E
          SHA-512:E955A43F801C0D94A75059B25433A4DB08D071E4E226AB740FFA078CD248EEB1D532FECD578B33DDB3143DBE261D959FA7C0C751524004D4EB8CF3731323D9CD
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..h2s.;2s.;2s.;...;0s.;...;9s.;2s.;\s.;...;=s.;...;1s.;...;3s.;...;3s.;Rich2s.;........................PE..L....Z@.................P...........Q.......`......................................x............ ...........................S..x....p..8...............................................................@............................................text....O.......P.................. ..`.data........`.......T..............@....rsrc...8....p.......V..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):37376
          Entropy (8bit):5.722089095810362
          Encrypted:false
          SSDEEP:384:6HFTB1fgeAs10I24IR11Ic2NRhbHeJh8+oXBjxJd5IyYQGSbdkDjkoebjDISMWq5:utGvsLoLYbSEln5IyYpamDjobj8SIrN
          MD5:F9A942758040B5B60FB6315753CE94C3
          SHA1:42EFFC11F97E7E8744E216F7A859A12BAAEB4B8C
          SHA-256:28EBFE91ACE0DA7B9484690491E167CA514B26023AC679F5F2A12B2BD3A451E9
          SHA-512:EEB87E6DBBC7FB6604D61BFD42BBA95AB61E739CE2486C048E4947C41FFC99D8BF384FDF3B46C6BD5118B4A9FE2F66460A937EFDB2427F0DECC654F3A2BAFE28
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4|.4|.4|.4}..4|.....4|.....4|.....4|.J;".4|.....4|.Rich.4|.................PE..d....^CB..........#......"...r.......%...............................................a......................................................8*..x....`..0g...P......................p...........................................|.......H............................text....!.......".................. ..`.data........@.......&..............@....pdata.......P.......(..............@..@.rsrc...0g...`...h...*..............@..@K.CB8...y.CBC...y.CBP...K.CBZ...y.CBd...M.CBo...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.GDI32.dll.USER32.dll.imagehlp.dll.............................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):8202
          Entropy (8bit):7.088395587124031
          Encrypted:false
          SSDEEP:192:wUqiR7A0yowJL/8Qpkqs1I5ZgjlN73q+ebCfz5c5V:cE9YJLu1M6j738bC65V
          MD5:67A9526391323A87AB97C5779DBF460B
          SHA1:72AA01B8FDA96B997CE4170B6D9B1B811CAFD48A
          SHA-256:C120818FF62195BD01CCF048353D67758BA541B51BCB685A1960125373AA536A
          SHA-512:C945899A86D78A9344648BA8619627E1DD34CEF3FC51C0498F72E0798A45B4708ADA3B351816D28C143C6A4FB5ADA04038F388DE0B16C2B7D27CDAC74B9C437C
          Malicious:false
          Preview:0. ...*.H..........0......1.0...+......0.....+.....7......0...0...+.....7.........c..J.v.1E..;..110216062427Z0...+.....7.....0...0....RC.F.0.1.A.A.8.2.5.E.F.C.2.9.C.9.B.9.5.A.8.0.E.F.A.7.4.9.F.8.B.3.9.9.B.B.0.E.0.A...1..?02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...0...0B..+.....7...1402...F.i.l.e....... v.l.8.1.0.f.i.l.t.e.r...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............^.).Z..I......0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.5.5.3.A.6.D.8.4.5.2.2.E.4.4.1.C.2.5.0.4.4.5.6.5.8.9.1.F.6.1.F.8.B.A.9.A.C.0.7...1..G02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...0...0B..+.....7...1402...F.i.l.e....... v.l.8.1.0.f.i.l.t.e.r...s.y.s...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........S..E".A.PDVX.......0....RD.9.0.8.0.9.D.4.1.1.0.F.3.1.C.1.6.5
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):2661
          Entropy (8bit):5.189202206932614
          Encrypted:false
          SSDEEP:48:jNEV2azmckYprWkN4WyFZ7RNjNhWyFjC6xd7Kq5aXxGAv:jNH0A9PzkmaXxGAv
          MD5:6EA8AA640BBA2B8193C1587E983AFF7F
          SHA1:CF01AA825EFC29C9B95A80EFA749F8B399BB0E0A
          SHA-256:A1C585EA5E3077DD05D1118FC09D68EC97EDD200F7B1F56099634311892A29F2
          SHA-512:47A91C74EF3DD020A0C96CBE58A0A2E5E3A9948126563A9FB87D0C091A3C7BA72C1B0846720018C893BE9CE9BA4F8AF9DACD6ECC5C56AE47589F0F04C60BC7DC
          Malicious:false
          Preview:; vl810filter.inf..;..; Copyright (c) VIA Labs, Inc...;....[Version]..Signature = "$Windows NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %VLI%..DriverPackageType=ClassFilter..DriverPackageDisplayName="VL810 Filter Driver"..CatalogFile=vl810filter.cat..DriverVer=12/29/2010,10.12.29.1....;..; General installation section..;....[DefaultInstall]..CopyFiles = @vl810filter.sys..Addreg = vl810filter.AddReg....[DefaultInstall.NT]..CopyFiles = @vl810filter.sys..Addreg = vl810filter.AddReg....[DefaultInstall.NTVLI64]..CopyFiles = @vl810filter.sys..Addreg = vl810filter.AddReg....[DestinationDirs]..DefaultDestDir = 12....[Manufacturer]..%VLI%=VLI, NTamd64....;=======================================================================..; 32-Bit NT Driver..;=======================================================================....[VLI]..%vl810filter.DrvDesc%=vl810filter,{36FC9E60-C465-11CF-8056-444553540000}\vl810filter....[vl810filter]
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):2663
          Entropy (8bit):5.190453416434898
          Encrypted:false
          SSDEEP:48:sNEM2azmckYprWkN4WyFZ7RNjNhWyFjC6xd7Kq5aXxGAv:sNA0A9PzkmaXxGAv
          MD5:47390C7BE56D71B8BE710E9499191462
          SHA1:C39EFF1B1DE1FB0190ED04A75E78B98FD4C5815B
          SHA-256:59226971F45C2386CA3CF18B152C7CE74D8082D2033F763F74158674B08BA09C
          SHA-512:5BEA1510F5D53C61B9DF6D802F825BD05E682153DC6CAE686FB5810D73DBB709738FC995CDEDC28B6553CD2B53F190BB26BFD1B255EDB407A2A2F205F83AE362
          Malicious:false
          Preview:; vl810filter.inf..;..; Copyright (c) VIA Labs, Inc...;....[Version]..Signature = "$Windows NT$"..;Class = USB..;ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %VLI%..DriverPackageType=ClassFilter..DriverPackageDisplayName="VL810 Filter Driver"..CatalogFile=vl810filter.cat..DriverVer=12/29/2010,10.12.29.1....;..; General installation section..;....[DefaultInstall]..CopyFiles = @vl810filter.sys..Addreg = vl810filter.AddReg....[DefaultInstall.NT]..CopyFiles = @vl810filter.sys..Addreg = vl810filter.AddReg....[DefaultInstall.NTVLI64]..CopyFiles = @vl810filter.sys..Addreg = vl810filter.AddReg....[DestinationDirs]..DefaultDestDir = 12....[Manufacturer]..%VLI%=VLI, NTamd64....;=======================================================================..; 32-Bit NT Driver..;=======================================================================....[VLI]..%vl810filter.DrvDesc%=vl810filter,{36FC9E60-C465-11CF-8056-444553540000}\vl810filter....[vl810filte
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:data
          Category:dropped
          Size (bytes):9281
          Entropy (8bit):7.22006992892299
          Encrypted:false
          SSDEEP:192:TZKncfnYe+PjPXrBvRk+vvWqn+jtlAur9ZCspE+TMArK50:tfnYPL9AqnCUHeMbO
          MD5:AA406F5D7570F10541C5D95062851B40
          SHA1:F9DBC945A991E968364396F0CDE0DA349AEDAF2D
          SHA-256:0D90AA9C7DFAAA540D48BDDD787D36A218A32ABD931D9A8DD111FAF9A2A45280
          SHA-512:ADBEB7C6EA18034D91EFD1EA5446E9160D0DACCC91A1FB5B028F668AC7B104EEB869E62B776F039FED282FE9C92D19FE51670E5361ED8154BD40BDB085A5434F
          Malicious:false
          Preview:0.$=..*.H........$.0.$*...1.0...+......0.....+.....7......0...0...+.....7........<..jE.W.8..Y...150611053500Z0...+.....7.....0...0....R9.6.0.C.D.C.1.B.F.3.2.F.9.3.1.2.3.C.D.6.4.F.0.E.4.2.8.6.8.6.9.4.9.6.D.1.7.9.C.B...1..50>..+.....7...100....O.S.A.t.t.r........2.:.6...1.,.2.:.6...2...0E..+.....7...17050...+.....7.......0!0...+............./..<.O.B.....y.0H..+.....7...1:08...F.i.l.e.......&v.l.8.1.0.f.i.l.t.e.r.x.8.6...i.n.f...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.5.5.3.A.6.D.8.4.5.2.2.E.4.4.1.C.2.5.0.4.4.5.6.5.8.9.1.F.6.1.F.8.B.A.9.A.C.0.7...1..70>..+.....7...100....O.S.A.t.t.r........2.:.6...1.,.2.:.6...2...0B..+.....7...1402...F.i.l.e....... v.l.8.1.0.f.i.l.t.e.r...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........S..E".A.PDVX.......0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.9.0.8.0.9.D.4.1.1.0.F.3.1.C.1.6.5.A.4.D.0.2.0.6.B.A.5.E.E.B
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (native) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):23616
          Entropy (8bit):6.833938105449012
          Encrypted:false
          SSDEEP:384:zViVmK1OnYPLFIFgRKtURJITFRHbRFOMgKl9gax:ZglOAqHbvgm
          MD5:37BBAA65D3D0CC0E62067EFF2779B324
          SHA1:C577FB873A7DA6A124EFA409A2A3EBE33A6EC1B4
          SHA-256:667CBBE9215726A42649ED4692F215CB5D16185DBD8FF9CC43ABAA32FEE766D6
          SHA-512:6FA768348D0C07FB3AFB93EC212B3CC570D9C721822176F981AE38AE8AF20B60D74B1ECE41A8C9C17489382C7114EC97ADFE2102F385F0127D31BBA6531E5425
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5..[..[..[..Z...[.....[.....[.....[.....[.....[.Rich.[.........PE..L...c..\............................>@....... ...............................p..............................................P@..(....P..................@@...`......` ............................................... ..\............................text............................... ..h.rdata..a.... ......................@..H.data........0......................@...INIT.........@...................... ....rsrc........P......................@..B.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):120320
          Entropy (8bit):6.52224823920798
          Encrypted:false
          SSDEEP:1536:sOut8pWJleEf9LvRD1juzCjMNDryBeJjcLODjSX+oAsmA3AA9hYexn5nQPh2E:sX8pWJrfZaGAtryYMAw9hPn5nQPh2E
          MD5:684A7C6A9C4EBF9DF95D29B5C281C4EB
          SHA1:686200081A8BE6E46C87C3451CD493E3D026B108
          SHA-256:D01F52F2DA519E8441A2AAEBCAC032B8D57B033F1596B53B8F96AC48B3D3CE50
          SHA-512:DC05E612765B5378DC92AD967FF8834963B3C67149E909E0E202CA1F587F07A5A9EF6AE2CC2603D0C72550832AB1DF5E289F0FB260586BB6F4CB7ED7431E8EA1
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.`...3...3...3..Q3&..3..@3...3..V3...3-m.3...3..F3...3...3d..3.._3...3..D3...3Rich...3........PE..L.....2\.................R...........}.......p....@.......................................@....................................P....`.......................p.......q..................................@............p...............................text....Q.......R.................. ..`.rdata...M...p...N...V..............@..@.data...h...........................@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):451
          Entropy (8bit):4.88404616135618
          Encrypted:false
          SSDEEP:12:wbYVJ6NzAm4FxIAwXddP1wPKnLAwl/A4dj/P1wbDU:wq6NzAm2IrdP1uKnLb/ACj/P1CDU
          MD5:E472A83E0BFFB8478A76B5B0695ACA6F
          SHA1:AA3ABA8A8E25F42A256F2C19B81915C4BCA6DBD1
          SHA-256:0EDA87A880416C4ECE928EA68F589041F9C69998BEE70D25F978867DFF9B8B76
          SHA-512:FB1EF8D7FED1F2A3AB0DD6089C0E50259045E173E60E006305833AD850F6263D8E4BA041D5DB3805D56D2C6C9D0CE0A67F2CEE4709E1F8ED4B1BDE523700B7DB
          Malicious:false
          Preview:@echo off..setlocal enabledelayedexpansion..set RESULTCODE=0....cd /d %~dp0....if "%1"=="0" (...echo /**********Switch5G Start**********/...start /wait HUBIspTool.exe /SFG...echo Errorlevel:%errorlevel%...echo /**********Switch5G Finish**********/..)....if "%1"=="1" (...echo /**********Switch10G Start**********/...start /wait HUBIspTool.exe /STG...echo Errorlevel:%errorlevel%...echo /**********Switch10G Finish**********/..)....exit /B %RESULTCODE%
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):70
          Entropy (8bit):4.766424582427001
          Encrypted:false
          SSDEEP:3:/qwKWRKJ+RJkAwCKDXIAThoSO9:/ExAwJD42hZI
          MD5:B396B27DDF15AB6337EB98355427CA57
          SHA1:34973312BD739FD480C495E074642A9395F6C724
          SHA-256:603F3A070F54A519D67B6329A1DEB06D52421FCD0050C8E82E70236B9F58A2BA
          SHA-512:0A8E6D8C3233169C355E4F5B2DAC1931182D6E6835540FC0134CB548E2416C96DE06E65D37020778A2A32559293BAC82DEF08A0EE54F42457E12EB9A83D8F52A
          Malicious:false
          Preview:@ECHO off..start /wait HUBIspTool.exe /SFG..echo %errorlevel%..//pause
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):70
          Entropy (8bit):4.737853153855572
          Encrypted:false
          SSDEEP:3:/qwKWRKJ+RJkAwlyxKDXIAThoSO9:/ExAwlND42hZI
          MD5:F54E46237B106E89F0B3A343FECBB5C9
          SHA1:AD8A016E66DFDEB8B12F78FA57B89D70D120CAAF
          SHA-256:D3C83D54FA43018ACE65F84957F39AD77F177B108909B35F2F740B4DB378E922
          SHA-512:AC31736993D9FEE64263F4FFFB01F25B7EDCBB56F538B6314DA5F39F8026BA7005FF2BE6C9AE27BA58F53153C860B141FEB45AF243A12A53B3AF464609CB17C4
          Malicious:false
          Preview:@ECHO off..start /wait HUBIspTool.exe /STG..echo %errorlevel%..//pause
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):214
          Entropy (8bit):4.781961061291237
          Encrypted:false
          SSDEEP:6:ayv443RJtUNqYS9rL7B6BC0fCXN6lsX7JD7KP0M:ayv443RgVS9rsMAIWgkn
          MD5:930C31A244390A06F75B68CDE6BCF4B7
          SHA1:890ADA00FC740B0D2D122D8B5A8A9231B45D0C95
          SHA-256:40E2069D04D7927022BD80C3379DA2F7B498075CEEC1047AAF202F1DA6BCB003
          SHA-512:D3A556C01708AF18E3FECCA9A4EC43B2468B92E9A1B2FF7E0FA24B22D0F4FC953636986A28187BFE85CEFBD002BAE39D16FCBED1076A001DB2811CEBAD69C4C8
          Malicious:false
          Preview:[Misc]..WantUpdateHUBName=Lenovo LDC-G2....[TargetID_U3]..21090812=0D12..17EF1010=0D12..21090813=0D12..17EFA391=0518..17EFA393=0518......[TargetID_U2]..21092812=0D12..21092813=0D12..17EFA392=0518..17EFA394=0518....
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):282624
          Entropy (8bit):6.19106128645698
          Encrypted:false
          SSDEEP:6144:ojyp65OCbkc1GK5P2Q0cOC8qPcwCTip9+vjf8oHbo6coK:ojyIjl0cXVCTisK
          MD5:CF3F2ACA40BCC8FA1A19BBB356971606
          SHA1:A51335C3854CEAD727B8DEA0DD58B96EE42505EA
          SHA-256:8D2D3C992F064312C0806D1E0B7E29FB4F5DAC46A928DC985D8445D96A120930
          SHA-512:B8F05B23C40AE7706BC973DEFA508F4EC5529DDF94173D27C2D6B1ED633858BD1E69FC4708961303934EB5103BED99E189B45E45F9BD3A9D88DD5D07210F50DF
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................6... ....'....'...)...1...7...2...Rich...........PE..L...n.2\...........!........................................................p............@.........................0v.......a...........W.......................'..@................................<..@...................Ta..@....................text............................... ..`.rdata..5...........................@..@.data............ ...b..............@....rsrc....W.......X..................@..@.reloc..Vu.......v..................@..B................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):949
          Entropy (8bit):5.548179072799405
          Encrypted:false
          SSDEEP:24:DmwiXnQaWCtyBBApu2mKKHQdCYxGyBBAXwfKmSUT1s9bk0U:DmwCWC0Spu1K1CGRSAf5RebM
          MD5:E3F4DA009EC81F2A2AA8980E4C413317
          SHA1:9060E8A5D294336D1B64B8D274916C03DAC306FE
          SHA-256:93E9BB11A6BC33934E4A886D6A1E595CBE76146F8F4928AA9020365F758CF204
          SHA-512:43E61ECA6D23C6B7FDB9E07C7ED689D76C2385C5114ACCA9843F62B8F10D7CCACC660922D2B66BF92BD9086C9CB67057CDE08ADC8716FB0F7800D04129BE6749
          Malicious:false
          Preview:===== API Version: (V1.3.4.9) =====..OS system: WIN8 WIN10....EnumHubs..->GetKnownHubs()..GetKnownHubs->DevicePath = \\?\pci#ven_8086&dev_15ec&subsys_229f17aa&rev_06#cb96e80a05b7d00000#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}..System name is {36fc9e60-c465-11cf-8056-444553540000}\0001.. RootHubName is \\.\USB#ROOT_HUB30#7&30368eca&0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}..->GetPortData with HubHandle = 220, PortCount = 4, HubDepth = 0..<-GetPortData..GetKnownHubs->DevicePath = \\?\pci#ven_8086&dev_a36d&subsys_229f17aa&rev_10#3&11583659&7&a0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}..System name is {36fc9e60-c465-11cf-8056-444553540000}\0000.. RootHubName is \\.\USB#ROOT_HUB30#4&d82d81&0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}..->GetPortData with HubHandle = 1e8, PortCount = 26, HubDepth = 0..<-GetPortData..--- quit GetKnownHubs(), Get Known Hubs Number: 0....GetKnownHubs() - HUBNumber is 0 to return....GetEnumInfo() - Get Hub Number: 0..
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (native) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):16456
          Entropy (8bit):6.579379859012549
          Encrypted:false
          SSDEEP:384:9mSKEkWhLvZozueMx/8xJa4iPnYPL9RKS7pe3NF:94WhmCFG/0
          MD5:E10CB603586D792565780E6BEEF030F9
          SHA1:60AC31A3BC750C5BF05598B8DD55FBF9254BD7C7
          SHA-256:AA98687FAF81CB23B1B146BB49AC8D0A98C4DB1A48037E68AC013F78029FDC8D
          SHA-512:23245BC43C920AAE67A392D3C994A0B469C98E6240C18E3981CF14A96F6CC22035238AF29A61164A82EC0372DB480D427BF3197C5235004E1FD25835BCCDD496
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..u...u...u.....#.v.....%.r...u...T.....'.t..... .v...R|S.t...R|P.t...Richu...................PE..L.....H_............................l$.......0....@..........................p.......c....@..................................P..P....................(..H....`.......0..8............................0..H............0...............................text...(........................... ..h.rdata.......0......................@..H.data........@......................@...INIT.........P....... .............. ....reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):15400
          Entropy (8bit):6.391622165141798
          Encrypted:false
          SSDEEP:192:Nby7QIZYSy5lYZZnmTRXCQa9l0HmksacPyrUp+vaBXujtlAur9ZCspE+TMDQr1HU:Nb2QIqSy5l1RXCb0HTsaOLBCUHeMDG
          MD5:A4DE3D1854BA9B8E77B2324C52887A2C
          SHA1:8A7E3D57F841E2F70453DE312AB3B3710C5F7255
          SHA-256:4C776F34C6042D943BAEC3C13D7154A245AAE8DD95E1933211FD19352C770676
          SHA-512:0A26A7717F5C00CACD9974DA9F0B4F6ECF6389CF2D15E0B762976A6291362FA90C366788EBD3E56EE355A6AAC558C9463A1247DC511B35439F3E99F6036BCA82
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y7..=Vi.=Vi.=Vi.=Vh.3Vi.4...8Vi.4...>Vi.4...9Vi.4...<Vi.4...<Vi.Rich=Vi.........................PE..d..._kgQ..........".................d`.......................................p......c........................................................`..<............P.......(..(............0...............................................0...............................text............................... ..h.rdata.......0......................@..H.data........@....... ..............@....pdata.......P......."..............@..HINIT.........`.......$.............. ...........................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32+ executable (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):73216
          Entropy (8bit):5.749807714053496
          Encrypted:false
          SSDEEP:1536:cLzuZag0wKLvzJjTei8wvU0qfLzUMNS3R69O1:c/uZr0wK5jTeiTvuTzXf9O
          MD5:F1790BCE9276C9900889B488B616E3C1
          SHA1:758CA0A1EAA3876238850FC477C3BCB642B2C538
          SHA-256:31C693E32EC8400DF87CE23E06A70F5139F3C7DED5482C50F46F23F08128D64F
          SHA-512:77BFF4FB2A2A672597F26D78ADCE88188F94F7E283ABE9DF590B0476A7A61CE81AD074D9EBF076F57B1D83A444B6EE52732FDCF571E935627F499FA791F6F7D5
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z3.;]..;]..;]..M...;]..M...;]..M..;]..C..;]..;\..;]..M.;]..M...;].Rich.;].........PE..d...[.fZ.........."..........r......@-.........@.....................................5....@.................................................t...P....`.......P...............p..\....................................................................................text.............................. ..`.rdata...B.......D..................@..@.data....=..........................@....pdata.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:PE32 executable (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):64000
          Entropy (8bit):5.928848773959112
          Encrypted:false
          SSDEEP:1536:IpKmHdaTdrHDg2Bcg//hfLJnTS9GhXwPg:IpKmaHDugxAgmP
          MD5:4D31DE46B0A89F4F7D033BA2890D5485
          SHA1:6E34D4966B61691FA3FD86033482CDF824D432B3
          SHA-256:6E252313F498C5839F0947A9C31A628BDF910DA81052DECD159FD6F5B4D48F6A
          SHA-512:AE8E4D6B2E7CFF094395FE267550E0B6B1B8150F3195D1147D98E1A7BFC2363ED61BCE6E48EE2F88193D829836D13263A1DE50C810CD1CB474BFF2D48CF8B3A9
          Malicious:false
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{x:...i...i...i.l.i...i.l.i...i.l.i...i.b.i...i...i...i.l.i...i.l.i...iRich...i................PE..L...}.fZ.....................b.......'............@..........................`............@.................................<...P....0.......................@......................................@...@...............8............................text...6........................... ..`.rdata..P4.......6..................@..@.data...H3..........................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):185
          Entropy (8bit):5.087436315882879
          Encrypted:false
          SSDEEP:3:mKDDFARESLcA6VdLF0vERNERNy4rwayqtAxF6viKgZYwAEkyjVMF8FKK73LZEck:hmRtLYVJ6v/brwTqtAxF6vpgZibCVEUW
          MD5:FC7D83692DCDDCD20A87A8739B14CA3B
          SHA1:D460C92D0338B095ECCF8B2DC9B145469994EF59
          SHA-256:50DB8171FC4E84D0F732C355484E1768BAA975D93A38F5465A4498FCF50EB99C
          SHA-512:CF35CD7522A44431602DC1EDDFE4F40DDBF3147E49DC9A31CEB6C73C78017BC78293AA7D74BA2F43ED97AA96531596373A1F629589D69A3DE7E1F1B4C4D0C94D
          Malicious:false
          Preview:@echo off..setlocal enabledelayedexpansion..set path=%path%;%~dp0....cd /d %~dp0....if exist value.txt (...for /F "tokens=4" %%a in (value.txt) do Memory_x64.exe /W_BYTE FDAE04A8 %%a..)
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:DOS batch file, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):229
          Entropy (8bit):5.158467292287347
          Encrypted:false
          SSDEEP:6:hmRtLYVJ6v/brwTqtAxF6vzCUzJH8ymEcgjTAxH8YNEcM:wbYVJ6b3C19g8D9M
          MD5:53360F8E6EAF0C3018110127E7D3AA14
          SHA1:A94DF7E243C0B104E85185FC983A4CB07C92F5C2
          SHA-256:39554EB910FFADBE380736A19934883B408F13FD8CA8C8C18F4AE947F3A208DA
          SHA-512:D390BE1453FE72105AE3911C2761B7A91C30B5F58B71479E2DC146954593D4D4CA2A35482DE9ECD53211B4745BC8B744715DDCC134F337B6335C656F3D896FC7
          Malicious:false
          Preview:@echo off..setlocal enabledelayedexpansion..set path=%path%;%~dp0....cd /d %~dp0....if exist value.txt (...del /F /S value.txt..)....Memory_x64.exe /R_BYTE FDAE04A8 >> "%~dp0value.txt"....Memory_x64.exe /W_BYTE FDAE04A8 1........
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):19
          Entropy (8bit):3.642149881636906
          Encrypted:false
          SSDEEP:3:xag7cVf:tct
          MD5:2577FDE04C26155AD420F64F9B3470A8
          SHA1:D7F0645A54AC798223FAA21685267C2990674342
          SHA-256:6ADEC7202B3DA64F673937EDEF074F6BBF0291D61943D8E478DE5E3962189D42
          SHA-512:AEFC79DE06402CEFF1AF8684578C7DA9F37318EF62C6D69402070C50532F91E75666EFDA7252734ED68A04405539375EF682B2B5D2EAE577077EF7398A35CDAB
          Malicious:false
          Preview:Read FDAE04A8 is FF
          Process:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):10067
          Entropy (8bit):4.9205777219444995
          Encrypted:false
          SSDEEP:192:fEFCXltQGhr2C0CsC0CPCBCfC/1C/0C/VCYCLP11714p:fEFCXltQGhre2xoP11714p
          MD5:10AFBF21A555AC645FD90570E8450D69
          SHA1:C4438DEB35229B57014CC4C7971A6395C350A611
          SHA-256:AE213DDE3BF8D31855170B87EAB9484A80079B41B171BCF1A051477EBB106606
          SHA-512:36F68FC9F5D453E45D86CE5176E8570BE37B1F9CE6214B64A081867080C76DAC7A9350676FEA6103090567F77DA682F8086AAC1447BA5404DCAECCBEADED69F4
          Malicious:false
          Preview:<?xml version="1.0" encoding="utf-8"?>..<Root>.....<StartDelay SecsTime = "0" />.....<Sequence First = "DP"....Second = "PD"....Third = "AUDIO"....Fourth = "HUB" />.....<FlashBlock IsBlock = "true" /> "true" or "false"-->.....<Version version = "0.00.03"....DP = "5.03.101"....HUBI = "0c74"....HUBII = "0c73"....PDBillboard = "0.1.0.25"....PDCCG4 = "md.0.0.11"....Audio = "49-0E-01"....FWUTool = "0.00.06" />.....<Version version = "0.00.04"....DP = "5.03.101"....HUBI = "0c74"....HUBII = "0c73"....PDBillboard = "0.1.0.25"....PDCCG4 = "md.0.0.11"....Audio = "49-0E-01"....FWUTool = "0.00.06" />.....<Version version = "0.00.05"....DP = "5.03.101"....HUBI = "0c74"....HUBII = "0c73"....PDBillboard = "0.1.0.25"....PDCCG4 = "md.0.0.12"....Audio = "49-0E-01"....FWUTool = "0.00.06" />.....<Version version = "0.00.06"....DP = "5.03.102"....HUBI = "0c74"....HUBII = "0c73"....PDBillboard = "0.1.0.25"....PDCCG4 = "md.0.0.12"....Audio = "49-0E-03"....FWUTool = "0.00.06" />.....<Version version
          File type:PE32 executable (console) Intel 80386, for MS Windows
          Entropy (8bit):7.9998862574886145
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:usbcg2dkfw1113_2_versionsfx.exe
          File size:19544304
          MD5:56eef90c94ae310977c87990ae122903
          SHA1:b2e1d085d3b95cb734d2975793b9e23cfeda969e
          SHA256:553a3365bd7aeb1f4dbe16b501c8c58586ac9dfbb23b98ffef71ab6d07e21cf8
          SHA512:8ef6aca110c30c55b19305317220b5a62e74b4aa0cce23dfa8e7f0895e06a1b92ea6862713f0a307f33e7989f789a258cdccdb9a7a138532e16c03e73b0ae1d1
          SSDEEP:393216:eiYa8qvcOaIe1UuwrQ0imBP3dmuOdAwout24QZ60Gt0SNANnbwRof6:elgvcKDuii4Muru0zGt0dNgoS
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......89.K|X|.|X|.|X|..Gv.wX|..Dr.yX|..Gx.~X|.|X}.CX|..P!.yX|.J~v.oX|..^z.}X|.Rich|X|.................PE..L.....n\........../......n.
          Icon Hash:8484d4f2b8f66e3c
          Entrypoint:0x407b74
          Entrypoint Section:.text
          Digitally signed:true
          Imagebase:0x400000
          Subsystem:windows cui
          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          DLL Characteristics:NX_COMPAT
          Time Stamp:0x5C6ED910 [Thu Feb 21 17:00:00 2019 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:055b54baca7071c22bd06d81fe64942d
          Signature Valid:true
          Signature Issuer:CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
          Signature Validation Error:The operation completed successfully
          Error Number:0
          Not Before, Not After
          • 3/7/2021 4:00:00 PM 3/15/2022 4:59:59 PM
          Subject Chain
          • CN=Lenovo, OU=G06, O=Lenovo, L=Morrisville, S=North Carolina, C=US
          Version:3
          Thumbprint MD5:B4625C13DA531D72DDCBF53B1E19FE1A
          Thumbprint SHA-1:089C44D12605D6154A7462EDC84DC2CAC24CF24F
          Thumbprint SHA-256:6F82B8575A92031791D18F732C67ED3559A289B5C1A9FB3609EF0AEAC4EBC8E0
          Serial:0FD6B55A718575F94277BAFE36BB3A37
          Instruction
          push ebp
          mov ebp, esp
          push FFFFFFFFh
          push 00408360h
          push 00407CB0h
          mov eax, dword ptr fs:[00000000h]
          push eax
          mov dword ptr fs:[00000000h], esp
          sub esp, 20h
          push ebx
          push esi
          push edi
          mov dword ptr [ebp-18h], esp
          and dword ptr [ebp-04h], 00000000h
          push 00000001h
          call dword ptr [00408090h]
          pop ecx
          or dword ptr [0040B048h], FFFFFFFFh
          or dword ptr [0040B04Ch], FFFFFFFFh
          call dword ptr [00408094h]
          mov ecx, dword ptr [0040902Ch]
          mov dword ptr [eax], ecx
          call dword ptr [00408098h]
          mov ecx, dword ptr [00409028h]
          mov dword ptr [eax], ecx
          mov eax, dword ptr [0040809Ch]
          mov eax, dword ptr [eax]
          mov dword ptr [0040B050h], eax
          call 00007F9644A3A7F8h
          cmp dword ptr [00409010h], 00000000h
          jne 00007F9644A3A73Eh
          push 00407CA2h
          call dword ptr [004080A0h]
          pop ecx
          call 00007F9644A3A7C9h
          push 0040900Ch
          push 00409008h
          call 00007F9644A3A7B4h
          mov eax, dword ptr [00409024h]
          mov dword ptr [ebp-28h], eax
          lea eax, dword ptr [ebp-28h]
          push eax
          push dword ptr [00409020h]
          lea eax, dword ptr [ebp-20h]
          push eax
          lea eax, dword ptr [ebp-2Ch]
          push eax
          lea eax, dword ptr [ebp-1Ch]
          push eax
          call dword ptr [004080A8h]
          push 00409004h
          push 00409000h
          call 00007F9644A3A781h
          Programming Language:
          • [EXP] VC++ 6.0 SP5 build 8804
          • [ C ] VS98 (6.0) SP6 build 8804
          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x836c0x50.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x818.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x12a1e380x1ab8
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x80000xf8.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x6cbc0x6e00False0.599857954545data6.57071866869IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          .rdata0x80000x8700xa00False0.45625data4.61882160636IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0x90000x20540x200False0.033203125data0.0203931352361IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
          .rsrc0xc0000x8180xa00False0.334375data3.23694048302IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          NameRVASizeTypeLanguageCountry
          RT_ICON0xc3e00x2e8dataEnglishUnited States
          RT_ICON0xc6c80x128GLS_BINARY_LSB_FIRSTEnglishUnited States
          RT_GROUP_ICON0xc7f00x22dataEnglishUnited States
          RT_VERSION0xc1200x2c0dataEnglishUnited States
          DLLImport
          SHELL32.dllShellExecuteExW
          MSVCRT.dll_controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __p___initenv, exit, _XcptFilter, _exit, memcpy, free, malloc, wcscmp, memcmp, memmove, printf, strlen, wcslen, wcscpy, wcscat, memset
          KERNEL32.dllCreateProcessW, GetSystemDirectoryW, lstrlenW, lstrcatW, LoadLibraryExW, GetModuleHandleW, GetProcAddress, GetVersionExW, SetFilePointer, WriteFile, ReadFile, CreateFileW, DeleteFileW, FindNextFileW, RemoveDirectoryW, FindFirstFileW, FindClose, SetConsoleCtrlHandler, GetModuleFileNameW, GetCommandLineW, GetTempPathW, GetCurrentThreadId, GetTickCount, GetCurrentProcessId, CreateDirectoryW, GetLastError, SetFileTime, SetFileAttributesW, GetExitCodeProcess, WaitForSingleObject, CloseHandle, SetCurrentDirectoryW, GetCurrentDirectoryW
          DescriptionData
          LegalCopyrightIgor Pavlov : Public domain
          InternalName7zS2.sfx
          FileVersion19.00
          CompanyNameIgor Pavlov
          ProductName7-Zip
          ProductVersion19.00
          FileDescription7z Setup SFX small
          OriginalFilename7zS2.sfx.exe
          Translation0x0409 0x04b0
          Language of compilation systemCountry where language is spokenMap
          EnglishUnited States
          No network behavior found

          Click to jump to process

          Click to jump to process

          • File
          • Registry

          Click to dive into process behavior distribution

          Target ID:0
          Start time:18:54:02
          Start date:27/01/2022
          Path:C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\usbcg2dkfw1113_2_versionsfx.exe"
          Imagebase:0x400000
          File size:19544304 bytes
          MD5 hash:56EEF90C94AE310977C87990AE122903
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low

          Target ID:1
          Start time:18:54:03
          Start date:27/01/2022
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff7f20f0000
          File size:625664 bytes
          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high

          Target ID:7
          Start time:18:54:54
          Start date:27/01/2022
          Path:C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exe
          Wow64 process (32bit):true
          Commandline:C:\Users\user\AppData\Local\Temp\7zFBAF05F0\FWUpdateTool.exe
          Imagebase:0x890000
          File size:129536 bytes
          MD5 hash:883996E63DCBE30B206A0B2C463EC676
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:.Net C# or VB.NET
          Reputation:low
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          Execution Graph

          Execution Coverage

          Dynamic/Packed Code Coverage

          Signature Coverage

          Execution Coverage:18.6%
          Dynamic/Decrypted Code Coverage:0%
          Signature Coverage:43.2%
          Total number of Nodes:199
          Total number of Limit Nodes:8
          Show Legend
          Hide Nodes/Edges
          execution_graph 2490 407b74 __set_app_type __p__fmode __p__commode 2491 407be2 2490->2491 2492 407bf7 2491->2492 2493 407beb __setusermatherr 2491->2493 2498 407c90 _controlfp 2492->2498 2493->2492 2495 407bfc _initterm __getmainargs _initterm __p___initenv 2499 401000 2495->2499 2498->2495 2500 40100d 2499->2500 2563 405553 GetVersionExW 2500->2563 2503 401037 2504 401068 GetModuleFileNameW 2503->2504 2505 40108a 2504->2505 2539 401772 exit _XcptFilter 2504->2539 2506 401092 GetCommandLineW 2505->2506 2505->2539 2507 40109d GetTempPathW 2506->2507 2509 4010df 2507->2509 2507->2539 2510 4010e7 wcslen GetCurrentThreadId GetTickCount GetCurrentProcessId 2509->2510 2509->2539 2511 401119 wcscpy wcslen 2510->2511 2513 401152 2511->2513 2514 4011a6 GetTickCount 2513->2514 2515 401187 CreateDirectoryW 2513->2515 2573 401988 FindFirstFileW 2513->2573 2514->2511 2516 4011bb 2514->2516 2517 4011f2 wcscat wcslen 2515->2517 2518 401199 GetLastError 2515->2518 2519 4011be wcscpy 2516->2519 2517->2519 2518->2514 2518->2516 2520 401219 2519->2520 2547 4011d9 2519->2547 2576 403e98 2520->2576 2528 40122b 2555 401543 2528->2555 2590 4020b9 2528->2590 2529 403eef 2 API calls 2530 4015d9 2529->2530 2531 4015e2 GetCurrentDirectoryW 2530->2531 2532 401755 2530->2532 2533 401601 SetCurrentDirectoryW 2531->2533 2612 4019b4 wcslen wcscpy FindFirstFileW 2532->2612 2537 401625 memset wcslen 2533->2537 2538 4016a8 wcscpy wcscat memset CreateProcessW 2533->2538 2542 401662 2537->2542 2543 40166b ShellExecuteExW 2537->2543 2540 401712 CloseHandle 2538->2540 2541 401709 2538->2541 2545 40171e 2540->2545 2544 401748 SetCurrentDirectoryW 2541->2544 2542->2543 2546 401686 2543->2546 2544->2532 2545->2544 2548 401722 WaitForSingleObject GetExitCodeProcess 2545->2548 2546->2545 2547->2539 2628 40186d printf 2547->2628 2549 401741 CloseHandle 2548->2549 2550 40173a 2548->2550 2549->2544 2550->2549 2551 4013e3 wcslen 2597 4017bc wcslen 2551->2597 2553 40187c CreateDirectoryW GetLastError 2559 4012d0 2553->2559 2554 4017f0 strlen 2554->2559 2555->2529 2556 401988 2 API calls 2556->2559 2559->2551 2559->2553 2559->2554 2559->2555 2559->2556 2560 4014c8 SetFileTime 2559->2560 2562 401518 GetLongPathNameW 2559->2562 2593 403a6b 2559->2593 2599 403ee7 2559->2599 2602 403f75 2559->2602 2607 403eef 2559->2607 2560->2559 2562->2559 2564 405578 2563->2564 2565 40558a GetModuleHandleW GetProcAddress 2563->2565 2564->2565 2566 4055b4 GetSystemDirectoryW 2564->2566 2565->2566 2567 4055a5 2565->2567 2568 4055ce 2566->2568 2572 401026 SetConsoleCtrlHandler 2566->2572 2567->2566 2567->2572 2569 4055d9 lstrlenW 2568->2569 2568->2572 2570 4055f1 2569->2570 2571 405635 lstrcatW LoadLibraryExW 2570->2571 2570->2572 2571->2570 2571->2572 2572->2503 2574 4019a3 FindClose 2573->2574 2575 40199f 2573->2575 2574->2575 2575->2513 2629 403ea0 CreateFileW 2576->2629 2579 401893 2584 4018a0 2579->2584 2581 401248 2581->2528 2585 403fd7 2581->2585 2582 401943 memmove 2582->2581 2582->2584 2583 40190a memcmp 2583->2584 2584->2581 2584->2582 2584->2583 2632 403f13 2584->2632 2586 403ff5 2585->2586 2587 404016 SetFilePointer 2586->2587 2588 404006 2586->2588 2587->2588 2589 40402c GetLastError 2587->2589 2588->2528 2589->2588 2637 4020e2 2590->2637 2592 4020ca 2592->2559 2594 403a9e 2593->2594 2595 403abe 2593->2595 2594->2559 2595->2594 2596 404084 3 API calls 2595->2596 2596->2594 2598 4017d0 2597->2598 2598->2559 2600 403ea0 2 API calls 2599->2600 2601 403eee 2600->2601 2601->2559 2603 403fce 2602->2603 2606 403f8a 2602->2606 2603->2559 2604 403f98 WriteFile 2605 403fc6 GetLastError 2604->2605 2604->2606 2605->2603 2606->2603 2606->2604 2608 403ef9 CloseHandle 2607->2608 2609 403f0f 2607->2609 2610 403f04 GetLastError 2608->2610 2611 403f0c 2608->2611 2609->2559 2610->2559 2611->2609 2613 401a01 wcscmp 2612->2613 2614 4019f6 GetLastError 2612->2614 2615 401a75 FindNextFileW 2613->2615 2616 401a17 wcscmp 2613->2616 2624 401ac0 2614->2624 2615->2613 2617 401a8c GetLastError 2615->2617 2616->2615 2618 401a2d wcscpy 2616->2618 2619 401a99 2617->2619 2620 401a9b FindClose 2617->2620 2621 401a55 SetFileAttributesW GetLongPathNameW 2618->2621 2622 401a3e wcscat 2618->2622 2619->2620 2620->2624 2625 401aad RemoveDirectoryW 2620->2625 2623 401a69 GetLastError 2621->2623 2626 401a53 2621->2626 2622->2626 2623->2626 2624->2547 2625->2624 2627 401ab8 GetLastError 2625->2627 2626->2615 2626->2620 2627->2624 2628->2539 2630 401227 2629->2630 2631 403ede GetLastError 2629->2631 2630->2528 2630->2579 2631->2630 2633 403f6c 2632->2633 2636 403f28 2632->2636 2633->2584 2634 403f36 ReadFile 2635 403f64 GetLastError 2634->2635 2634->2636 2635->2633 2636->2633 2636->2634 2639 40210a 2637->2639 2638 40213e 2638->2592 2639->2638 2642 40230c 2639->2642 2643 4023be 2639->2643 2642->2638 2648 40300c 2642->2648 2652 4024a4 2643->2652 2645 402401 2645->2642 2646 4023e6 2646->2645 2656 404084 2646->2656 2649 403027 2648->2649 2702 403082 2649->2702 2651 403050 2651->2638 2653 4024dd 2652->2653 2655 402549 2653->2655 2660 4027ad 2653->2660 2655->2646 2657 4040bd 2656->2657 2659 404140 2657->2659 2677 4041ac 2657->2677 2659->2646 2665 4027ca 2660->2665 2661 402b7d 2662 4027ec 2661->2662 2666 402c6f 2661->2666 2662->2655 2664 402b94 memcpy 2664->2661 2665->2661 2665->2662 2665->2664 2667 402c83 2666->2667 2670 402cab 2667->2670 2669 402c92 2669->2661 2671 402ccc 2670->2671 2672 402cc8 2670->2672 2671->2672 2673 402ce1 2671->2673 2674 402d08 2671->2674 2672->2669 2673->2672 2676 402cf5 memcpy 2673->2676 2674->2672 2675 402d1f memset 2674->2675 2675->2672 2676->2672 2679 4041d3 2677->2679 2678 4045d0 2678->2659 2679->2678 2681 4047ca memcpy 2679->2681 2683 4045ea 2679->2683 2687 4046de 2679->2687 2681->2679 2686 404606 2683->2686 2684 4046bd 2684->2679 2686->2684 2691 405a40 2686->2691 2688 4047a6 2687->2688 2690 4046fa 2687->2690 2688->2679 2690->2688 2695 4056e4 2690->2695 2694 405a6c 2691->2694 2692 405aa5 2692->2686 2693 405c82 memcpy 2693->2692 2694->2692 2694->2693 2696 40588f 2695->2696 2697 40570e 2695->2697 2696->2690 2697->2696 2698 405a40 memcpy 2697->2698 2700 4059cd memcpy 2697->2700 2698->2697 2701 4059ef 2700->2701 2701->2697 2703 4030b6 2702->2703 2705 4023be 6 API calls 2703->2705 2706 40313b 2703->2706 2711 403471 2703->2711 2704 4024a4 3 API calls 2708 4031a1 2704->2708 2705->2706 2706->2704 2706->2708 2706->2711 2709 402cab 2 API calls 2708->2709 2710 4033ed memcpy 2708->2710 2708->2711 2712 403964 2708->2712 2709->2708 2710->2708 2711->2651 2713 402cab 2 API calls 2712->2713 2714 403980 2713->2714 2714->2708 2715 404075 2716 403fd7 2 API calls 2715->2716 2717 404081 2716->2717 2718 401ad6 2719 401ada 2718->2719 2720 401add malloc 2718->2720 2725 407c78 _exit 2726 404ae9 2727 404b07 memcpy 2726->2727 2728 404afc 2726->2728 2727->2728 2721 401acd free 2722 40405f 2723 403f13 2 API calls 2722->2723 2724 40406b 2723->2724

          Callgraph

          Hide Legend
          • Executed
          • Not Executed
          • Opacity -> Relevance
          • Disassembly available
          callgraph 0 Function_00405A40 4 Function_00405D44 0->4 55 Function_00405CCA 0->55 72 Function_004073E3 0->72 1 Function_00407B40 2 Function_00403C43 3 Function_00401B44 54 Function_00405DC9 4->54 4->55 5 Function_00404B46 6 Function_00404849 7 Function_00407A4A 87 Function_0040798D 7->87 8 Function_00401F4F 108 Function_00401FA9 8->108 9 Function_00402D4F 10 Function_00404A50 11 Function_00404051 12 Function_00405553 13 Function_00403C58 14 Function_0040535C 41 Function_00405315 14->41 113 Function_004053B0 14->113 15 Function_0040405F 39 Function_00403F13 15->39 16 Function_00405661 38 Function_00407A10 16->38 88 Function_0040568E 16->88 17 Function_00404861 106 Function_004049A8 17->106 18 Function_00403964 18->8 109 Function_00402CAB 18->109 19 Function_00401867 20 Function_00401B67 66 Function_00401BD7 20->66 74 Function_00401AE6 20->74 21 Function_00403A6B 21->13 85 Function_00404084 21->85 96 Function_0040209D 21->96 22 Function_0040186D 23 Function_00404B6D 24 Function_00403C6E 33 Function_00405400 24->33 25 Function_00402C6F 25->9 25->74 25->109 26 Function_00407B74 32 Function_00401000 26->32 89 Function_00407C90 26->89 104 Function_00407CA5 26->104 27 Function_00403F75 28 Function_00404075 65 Function_00403FD7 28->65 29 Function_00407C78 30 Function_0040187C 31 Function_0040277C 32->11 32->12 32->20 32->21 32->22 32->24 32->27 32->30 34 Function_00401B05 32->34 48 Function_00404A2A 32->48 63 Function_00403BD5 32->63 32->65 75 Function_00403EE7 32->75 78 Function_00403EEF 32->78 80 Function_004017F0 32->80 86 Function_00401988 32->86 91 Function_00401893 32->91 93 Function_00403E98 32->93 114 Function_00407AB0 32->114 116 Function_004019B4 32->116 117 Function_004020B9 32->117 118 Function_004017BC 32->118 33->14 59 Function_004053CE 33->59 34->3 35 Function_00405A06 36 Function_00403C0C 37 Function_0040300C 37->2 37->36 84 Function_00403082 37->84 38->7 99 Function_004079A0 38->99 40 Function_00403C14 42 Function_00404A1C 70 Function_004049DE 42->70 43 Function_00407B20 44 Function_00405223 45 Function_00402726 45->31 46 Function_00405026 47 Function_00401C28 47->8 79 Function_00407AF0 47->79 49 Function_00404E2A 50 Function_00405A32 50->35 51 Function_00404B32 52 Function_004049C1 53 Function_004054C8 112 Function_004054AE 53->112 56 Function_004047CA 57 Function_00401ACD 58 Function_004059CD 60 Function_004056CE 60->35 61 Function_004058CE 62 Function_004026D4 95 Function_0040269A 62->95 62->108 64 Function_00401AD6 65->43 66->74 67 Function_004050D9 68 Function_004038DB 69 Function_004046DE 69->16 69->60 73 Function_004056E4 69->73 69->87 71 Function_004020E2 71->2 71->3 71->13 71->36 71->37 71->40 71->42 71->52 71->66 71->70 92 Function_00402395 71->92 71->108 119 Function_004023BE 71->119 73->0 73->35 73->58 73->61 98 Function_00403EA0 75->98 76 Function_00404AE9 77 Function_004045EA 77->0 77->38 77->50 77->87 81 Function_00402DF1 81->8 81->31 81->45 81->95 81->108 115 Function_00402FB2 81->115 82 Function_00403CF4 83 Function_004038FF 84->3 84->8 84->9 84->18 84->31 84->66 84->68 84->74 84->83 94 Function_0040389A 84->94 84->95 84->96 103 Function_004024A4 84->103 84->108 84->109 84->119 85->13 85->47 85->96 110 Function_004041AC 85->110 90 Function_00404F91 91->13 91->39 91->114 93->98 95->108 97 Function_00404A9E 100 Function_00404EA2 101 Function_004054A2 102 Function_00407CA2 103->81 105 Function_004025A6 103->105 103->108 111 Function_004027AD 103->111 105->8 105->45 105->62 105->95 105->108 106->6 107 Function_00403DA8 108->79 110->5 110->6 110->17 110->23 110->44 110->46 110->49 110->52 110->53 110->56 110->67 110->69 110->77 110->90 110->100 110->101 111->8 111->25 111->62 111->95 111->108 116->116 117->20 117->71 119->36 119->40 119->52 119->85 119->96 119->103

          Executed Functions

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 401000-401084 call 407ab0 call 405553 SetConsoleCtrlHandler call 403c6e call 404051 call 404a2a GetModuleFileNameW 11 4017b5 0->11 12 40108a-40108c 0->12 13 4017b7-4017bb 11->13 12->11 14 401092-40109b GetCommandLineW 12->14 15 40109d-4010a7 14->15 16 4010b4-4010b7 15->16 17 4010a9-4010b2 15->17 19 4010c9-4010d9 GetTempPathW 16->19 20 4010b9-4010bd 16->20 18 4010c3-4010c7 17->18 18->15 19->11 22 4010df-4010e1 19->22 20->18 21 4010bf-4010c1 20->21 21->18 21->19 22->11 23 4010e7-401116 wcslen GetCurrentThreadId GetTickCount GetCurrentProcessId 22->23 24 401119-40114f wcscpy wcslen 23->24 25 401152-40115d 24->25 26 401164 25->26 27 40115f-401162 25->27 28 401167-40116f 26->28 27->28 28->25 29 401171-401185 call 401988 28->29 32 4011a6-4011b5 GetTickCount 29->32 33 401187-401197 CreateDirectoryW 29->33 32->24 34 4011bb 32->34 35 4011f2-401217 wcscat wcslen 33->35 36 401199-4011a4 GetLastError 33->36 37 4011be-4011d7 wcscpy 34->37 35->37 36->32 36->34 38 401219-401229 call 403e98 37->38 39 4011d9-4011e2 37->39 46 401237-40124a call 401893 38->46 47 40122b-401235 38->47 40 4011e8-4011ed 39->40 41 4017ab call 40186d 39->41 40->41 45 4017b0-4017b3 41->45 45->13 53 40125c-401266 46->53 54 40124c-401253 call 403fd7 46->54 48 4012a3-4012b1 call 401b05 47->48 55 4015b7-4015dc call 401b67 call 403eef 48->55 56 4012b7-4012d5 call 4020b9 48->56 53->48 60 401258-40125a 54->60 81 4015e2-4015ff GetCurrentDirectoryW 55->81 82 401755-401770 call 4019b4 55->82 56->55 64 4012db-4012f9 56->64 60->53 63 401268-40127d 60->63 69 401288-40129d 63->69 70 40127f-401286 63->70 67 401563-401566 64->67 68 4012ff-40131b call 403bd5 64->68 71 401568-40156e 67->71 72 4015ac-4015b5 67->72 79 401555-40155c 68->79 84 401321-40136f call 403bd5 call 403a6b 68->84 69->48 70->48 75 401570-401577 71->75 76 401579-401593 call 403bd5 71->76 72->55 75->79 76->72 91 401595 76->91 79->72 87 401601-401606 81->87 88 401608 81->88 98 401772-401775 82->98 99 401777-40177a 82->99 84->72 113 401375-401378 84->113 87->88 92 40160f-40161f SetCurrentDirectoryW 87->92 88->92 95 401597-40159b 91->95 96 401625-401660 memset wcslen 92->96 97 4016a8-401707 wcscpy wcscat memset CreateProcessW 92->97 103 4015a2-4015aa 95->103 104 40159d 95->104 105 401662-401665 96->105 106 40166b-401684 ShellExecuteExW 96->106 100 401712-40171b CloseHandle 97->100 101 401709-401710 97->101 98->13 107 401783-401786 99->107 108 40177c-401781 99->108 112 40171e-401720 100->112 111 401748-40174f SetCurrentDirectoryW 101->111 103->72 103->95 104->103 105->106 114 401686-40168d 106->114 115 40169f-4016a6 106->115 109 401788-40178d 107->109 110 40178f-401792 107->110 116 4017a7-4017a9 108->116 109->116 117 401794-401799 110->117 118 40179b-4017a0 110->118 111->82 112->111 119 401722-401738 WaitForSingleObject GetExitCodeProcess 112->119 120 40137a-401383 113->120 121 4013af-4013d1 113->121 122 401697-40169d 114->122 123 40168f-401695 114->123 115->112 116->41 116->45 117->116 118->41 124 4017a2 118->124 125 401741-401742 CloseHandle 119->125 126 40173a 119->126 127 401385-401389 120->127 128 4013e3-40143d wcslen call 4017bc call 4017f0 * 2 121->128 129 4013d3-4013de call 40187c 121->129 122->112 123->115 123->122 124->116 125->111 126->125 131 4013a2-4013ad 127->131 132 40138b-40139d call 40187c 127->132 144 401453-401460 call 401988 128->144 145 40143f-401450 128->145 139 401531-40153d 129->139 131->121 131->127 132->131 139->68 141 401543 139->141 141->71 148 401545-40154c 144->148 149 401466-401476 call 403ee7 144->149 145->144 148->79 152 40147c-401499 call 403f75 149->152 153 40154e 149->153 156 4014a3-4014aa 152->156 157 40149b-4014a1 152->157 153->79 158 4014b1-4014bb 156->158 157->156 157->158 159 4014bd-4014c6 158->159 160 4014ee-4014f9 call 403eef 158->160 159->160 161 4014c8-4014e8 SetFileTime 159->161 160->72 164 4014ff-401501 160->164 161->160 165 401503-40150b 164->165 166 40155e-401561 164->166 165->139 167 40150d-401516 165->167 166->67 167->139 168 401518-40152b GetLongPathNameW 167->168 168->139
          C-Code - Quality: 87%
          			E00401000(void* __ecx, void* __eflags) {
          				FILETIME* _v8;
          				signed int _v12;
          				wchar_t* _v16;
          				signed int _v20;
          				WCHAR* _v24;
          				int _v28;
          				signed int _v32;
          				intOrPtr _v36;
          				char _v40;
          				void* _v44;
          				long _v48;
          				char _v52;
          				signed int _v56;
          				char _v60;
          				char _v64;
          				signed int _v68;
          				signed char _v72;
          				int _v76;
          				int _v80;
          				char _v84;
          				intOrPtr _v88;
          				intOrPtr _v92;
          				char _v96;
          				int _v100;
          				char _v104;
          				char _v112;
          				signed int _v116;
          				struct _PROCESS_INFORMATION _v132;
          				intOrPtr _v136;
          				FILETIME* _v140;
          				int _v144;
          				int _v148;
          				char* _v152;
          				char _v168;
          				struct _STARTUPINFOW _v236;
          				intOrPtr _v268;
          				signed int _v272;
          				intOrPtr _v276;
          				signed int _v280;
          				intOrPtr _v292;
          				intOrPtr _v300;
          				char _v364;
          				short _v1928;
          				short _v2452;
          				short _v2976;
          				short _v3560;
          				short _v5120;
          				void* __edi;
          				void* _t250;
          				long _t254;
          				short _t258;
          				long _t260;
          				signed int _t263;
          				signed int _t264;
          				void* _t271;
          				signed int _t272;
          				signed int _t278;
          				FILETIME* _t285;
          				void* _t287;
          				long _t290;
          				signed int _t303;
          				signed int _t309;
          				signed int _t314;
          				int _t316;
          				FILETIME* _t320;
          				short* _t324;
          				void* _t325;
          				signed int _t335;
          				signed char _t337;
          				int _t338;
          				int _t339;
          				signed int _t341;
          				void* _t342;
          				intOrPtr _t344;
          				signed int _t345;
          				signed int _t346;
          				signed int _t350;
          				signed int _t351;
          				signed int _t352;
          				signed int _t353;
          				long* _t359;
          				signed short* _t368;
          				signed int _t370;
          				intOrPtr _t371;
          				signed int _t373;
          				signed int _t375;
          				int _t379;
          				long _t380;
          				int _t383;
          				unsigned int _t384;
          				signed int _t385;
          				void* _t386;
          				wchar_t* _t387;
          				signed short* _t388;
          				signed int _t393;
          				signed int* _t395;
          				wchar_t* _t408;
          				unsigned int _t418;
          				signed int _t430;
          				signed int _t432;
          				signed int _t443;
          				signed int _t444;
          				intOrPtr _t455;
          				void* _t457;
          				void* _t458;
          				signed char _t461;
          				signed char _t462;
          				int _t465;
          				signed short* _t466;
          				signed int _t469;
          				unsigned int _t475;
          				int _t476;
          				int _t477;
          				short* _t478;
          				signed int _t480;
          				void* _t485;
          				void* _t486;
          
          				E00407AB0(0x13fc, __ecx);
          				_t465 = 0;
          				_t383 = 1;
          				_v8 = 0;
          				_v16 = 0;
          				_v68 = _t383;
          				_v48 = 0;
          				E00405553();
          				SetConsoleCtrlHandler(E00401867, _t383); // executed
          				_t250 = E00403C6E();
          				_v40 = E00401AD6;
          				_v36 = E00401ACD;
          				_v96 = E00401AD6;
          				_v92 = E00401ACD;
          				E00404051(_t250,  &_v112);
          				E00404A2A( &_v168, 0);
          				_v140 = 0;
          				_t254 = GetModuleFileNameW(0,  &_v2976, 0x104);
          				if(_t254 == 0 || _t254 > 0x104) {
          					L109:
          					return _t383;
          				} else {
          					_v24 = GetCommandLineW();
          					_t393 = 0;
          					while(1) {
          						_t258 =  *_v24;
          						if(_t258 != 0x22) {
          							goto L5;
          						} else {
          							_t393 = 0 | _t393 == _t465;
          						}
          						L8:
          						_v24 =  &(_v24[1]);
          						continue;
          						L5:
          						__eflags = _t258 - _t465;
          						if(_t258 == _t465) {
          							L9:
          							_t260 = GetTempPathW(0x104,  &_v1928);
          							__eflags = _t260 - _t465;
          							if(_t260 == _t465) {
          								goto L109;
          							}
          							__eflags = _t260 - 0x104;
          							if(_t260 > 0x104) {
          								goto L109;
          							} else {
          								_v32 = wcslen( &_v1928);
          								_t263 = GetCurrentThreadId();
          								_t264 = GetTickCount();
          								_t475 = (_t263 << 0x00000002 ^ _t264) << 0x0000000c ^ GetCurrentProcessId();
          								__eflags = _t475;
          								_v12 = _t465;
          								do {
          									wcscpy(_t485 + _v32 * 2 - 0x784, L"7z");
          									_t271 = _t485 + wcslen( &_v1928) * 2 - 0x784;
          									_t486 = _t486 + 0xc;
          									_t384 = _t475;
          									_v28 = 8;
          									_t395 = _t271 + 0xe;
          									do {
          										_t443 = _t384 & 0x0000000f;
          										_t384 = _t384 >> 4;
          										__eflags = _t443 - 0xa;
          										if(_t443 >= 0xa) {
          											_t444 = _t443 + 0x37;
          											__eflags = _t444;
          										} else {
          											_t444 = _t443 + 0x30;
          										}
          										 *_t395 = _t444;
          										_t395 = _t395;
          										_t33 =  &_v28;
          										 *_t33 = _v28 - 1;
          										__eflags =  *_t33;
          									} while ( *_t33 != 0);
          									 *(_t271 + 0x10) = _t465;
          									_t272 = E00401988( &_v1928);
          									__eflags = _t272;
          									_t385 = 0xb;
          									if(_t272 != 0) {
          										goto L20;
          									}
          									_t375 = CreateDirectoryW( &_v1928, _t465); // executed
          									__eflags = _t375;
          									if(_t375 != 0) {
          										wcscat( &_v1928, "\\");
          										_t379 = wcslen( &_v1928);
          										_t486 = _t486 + 0xc;
          										_v32 = _t379;
          										L22:
          										wcscpy( &_v3560,  &_v1928);
          										__eflags = _v8 - _t465;
          										if(_v8 == _t465) {
          											__eflags = E00403E98();
          											if(__eflags == 0) {
          												_v80 = _t465;
          												_v76 = _t465;
          												_t278 = E00401893( &_v104,  &_v80, __eflags); // executed
          												__eflags = _t278;
          												if(__eflags == 0) {
          													L30:
          													_v8 = _t385;
          													_v16 = "Can\'t find 7z archive";
          													L34:
          													E00401B05( &_v364);
          													__eflags = _v8 - _t465;
          													if(__eflags != 0) {
          														L76:
          														E00401B67( &_v364,  &_v40, _t465, __eflags);
          														_v36();
          														E00403EEF( &_v104);
          														__eflags = _v8 - _t465;
          														if(_v8 != _t465) {
          															L96:
          															 *(_t485 + _v32 * 2 - 0x784) = _t465;
          															E004019B4( &_v1928);
          															_t285 = _v8;
          															__eflags = _t285 - _t465;
          															if(_t285 != _t465) {
          																__eflags = _t285 - 4;
          																if(_t285 != 4) {
          																	__eflags = _t285 - 2;
          																	if(_t285 != 2) {
          																		__eflags = _t285 - 3;
          																		if(_t285 != 3) {
          																			__eflags = _v16 - _t465;
          																			if(_v16 != _t465) {
          																				L107:
          																				E0040186D();
          																				L108:
          																				_t287 = 1;
          																				return _t287;
          																			}
          																			_t408 = 0x408160;
          																			L106:
          																			__eflags = _t408 - _t465;
          																			if(_t408 == _t465) {
          																				goto L108;
          																			}
          																			goto L107;
          																		}
          																		_t408 = "CRC error";
          																		goto L106;
          																	}
          																	_t408 = "Can\'t allocate required memory";
          																	goto L106;
          																}
          																_t408 = "Decoder doesn\'t support this archive";
          																goto L106;
          															}
          															return _v48;
          														}
          														_t386 = 0;
          														_v2452 = _t465;
          														_t290 = GetCurrentDirectoryW(0x105,  &_v2452);
          														__eflags = _t290 - _t465;
          														if(_t290 == _t465) {
          															L79:
          															_v2452 = _t465;
          															L80:
          															SetCurrentDirectoryW( &_v3560); // executed
          															__eflags = _v68 - _t465;
          															if(_v68 == _t465) {
          																wcscpy( &_v5120,  &_v1928);
          																wcscat( &_v5120, _v24);
          																_t476 = 0x44;
          																memset( &_v236, _t465, _t476);
          																_v236.cb = _t476;
          																_t303 = CreateProcessW(_t465,  &_v5120, _t465, _t465, _t465, _t465, _t465, _t465,  &_v236,  &_v132); // executed
          																__eflags = _t303;
          																if(_t303 != 0) {
          																	CloseHandle(_v132.hThread);
          																	_t386 = _v132.hProcess;
          																	L91:
          																	__eflags = _t386 - _t465;
          																	if(_t386 != _t465) {
          																		WaitForSingleObject(_t386, 0xffffffff);
          																		_t309 = GetExitCodeProcess(_t386,  &_v48); // executed
          																		__eflags = _t309;
          																		if(_t309 == 0) {
          																			_v48 = 1;
          																		}
          																		CloseHandle(_t386);
          																	}
          																	L95:
          																	SetCurrentDirectoryW( &_v2452); // executed
          																	goto L96;
          																}
          																_v8 = 0xb;
          																goto L95;
          															}
          															_t477 = 0x3c;
          															memset( &(_v236.lpDesktop), _t465, _t477);
          															_v236.lpDesktop.cbSize = _t477;
          															_v236.dwXSize =  &_v1928;
          															_v236.lpTitle = 0x140;
          															_t314 = wcslen(_v24);
          															__eflags = _t314;
          															if(_t314 != 0) {
          																_v236.dwYSize = _v24;
          															}
          															_v236.dwYCountChars = 1;
          															_t316 = ShellExecuteExW( &(_v236.lpDesktop));
          															__eflags = _t316 - _t465;
          															if(_t316 == _t465) {
          																L87:
          																_v8 = 0xb;
          																goto L91;
          															} else {
          																__eflags = _v236.dwFillAttribute - 0x20;
          																if(_v236.dwFillAttribute > 0x20) {
          																	L86:
          																	_t386 = _v236.hStdError;
          																	goto L91;
          																}
          																__eflags = _v236.dwFillAttribute - _t465;
          																if(_v236.dwFillAttribute != _t465) {
          																	goto L87;
          																}
          																goto L86;
          															}
          														}
          														__eflags = _t290 - 0x104;
          														if(_t290 <= 0x104) {
          															goto L80;
          														}
          														goto L79;
          													}
          													_t320 = E004020B9( &_v364,  &_v168,  &_v40,  &_v96);
          													__eflags = _t320 - _t465;
          													_v8 = _t320;
          													if(__eflags != 0) {
          														goto L76;
          													}
          													_v56 = _v56 | 0xffffffff;
          													_v116 = _v116 | 0xffffffff;
          													__eflags = _v300 - _t465;
          													_v88 = 0x40000000;
          													_v28 = _t465;
          													_v100 = _t465;
          													_v12 = _t465;
          													if(_v300 <= _t465) {
          														L67:
          														__eflags = _v8 - _t465;
          														if(_v8 != _t465) {
          															L75:
          															_v36();
          															_t465 = 0;
          															__eflags = 0;
          															goto L76;
          														}
          														L68:
          														_t451 = _v56;
          														__eflags = _v56 - 0xffffffff;
          														if(_v56 != 0xffffffff) {
          															_t478 = _t485 + _v32 * 2 - 0x784;
          															E00403BD5( &_v364, _t451, _t478);
          															__eflags =  *_t478;
          															if( *_t478 == 0) {
          																goto L75;
          															}
          															_t324 = _t478;
          															do {
          																__eflags =  *_t324 - 0x2f;
          																if( *_t324 == 0x2f) {
          																	 *_t478 = 0x5c;
          																}
          																_t478 = _t478 + 2;
          																_t324 = _t478;
          																__eflags =  *_t478;
          															} while ( *_t478 != 0);
          															goto L75;
          														}
          														_v16 = "There is no file to execute";
          														L65:
          														_v8 = 0xb;
          														goto L75;
          													} else {
          														goto L37;
          													}
          													while(1) {
          														L37:
          														_t480 = 0;
          														_v64 = 0;
          														_v52 = 0;
          														_t325 = E00403BD5( &_v364, _v12, 0);
          														__eflags = _t325 - 0x104;
          														if(_t325 >= 0x104) {
          															goto L65;
          														}
          														_t466 = _t485 + _v32 * 2 - 0x784;
          														E00403BD5( &_v364, _v12, _t466);
          														_t335 = E00403A6B( &_v364,  &_v168, _v12,  &_v116,  &_v28,  &_v100,  &_v64,  &_v52,  &_v40,  &_v96); // executed
          														__eflags = _t335;
          														_v8 = _t335;
          														if(_t335 != 0) {
          															goto L75;
          														}
          														__eflags =  *_t466;
          														if( *_t466 == 0) {
          															L44:
          															_t455 = _v292;
          															_t337 = 0x80 >> (_v12 & 0x00000007);
          															_t418 = _v12 >> 3;
          															_v20 = _t418;
          															__eflags =  *(_t418 + _t455) & _t337;
          															_v72 = _t337;
          															if(( *(_t418 + _t455) & _t337) == 0) {
          																_t387 =  &(_t466[_t480]);
          																_t338 = wcslen(_t387);
          																_t339 = E004017BC(_t387,  &_v60);
          																_push(_v60);
          																_v76 = _t339;
          																_push(_t387 + (_t338 - _v60) * 2);
          																_t457 = 7;
          																_t341 = E004017F0(0x4080f8, _t457);
          																_push(_v76);
          																_t469 = _t341;
          																_push(_t387);
          																_t458 = 4;
          																_t342 = E004017F0(0x408114, _t458);
          																asm("sbb esi, esi");
          																_t344 = _t342 + ( ~_t480 & 0x00001000) + (_t469 << 6);
          																__eflags = _v88 - _t344;
          																if(_v88 > _t344) {
          																	_v88 = _t344;
          																	_v56 = _v12;
          																	__eflags = _t469 - 2;
          																	_t134 = _t469 != 2;
          																	__eflags = _t134;
          																	_v68 = 0 | _t134;
          																}
          																_t345 = E00401988( &_v1928);
          																__eflags = _t345;
          																if(_t345 != 0) {
          																	_v16 = "Duplicate file";
          																	goto L65;
          																} else {
          																	_t346 = E00403EE7();
          																	__eflags = _t346;
          																	if(_t346 != 0) {
          																		_v16 = "Can\'t open output file";
          																		goto L65;
          																	}
          																	_v84 = _v52;
          																	_t350 = E00403F75( &_v44, _v64 + _v28,  &_v84); // executed
          																	__eflags = _t350;
          																	if(_t350 != 0) {
          																		L52:
          																		_v16 = "Can\'t write output file";
          																		_v8 = 0xb;
          																		L53:
          																		_t351 = _v272;
          																		__eflags = _t351;
          																		if(_t351 != 0) {
          																			_t432 = _v20;
          																			_t462 = _v72;
          																			__eflags =  *(_t432 + _t351) & _t462;
          																			if(( *(_t432 + _t351) & _t462) != 0) {
          																				_t359 = _v268 + _v12 * 8;
          																				_v132.dwProcessId.dwLowDateTime =  *_t359;
          																				_v132.dwThreadId = _t359[1];
          																				SetFileTime(_v44, 0, 0,  &(_v132.dwProcessId)); // executed
          																			}
          																		}
          																		_t352 = E00403EEF( &_v44);
          																		__eflags = _v8;
          																		if(_v8 != 0) {
          																			goto L75;
          																		} else {
          																			__eflags = _t352;
          																			if(_t352 != 0) {
          																				_v8 = _t352;
          																				_t465 = 0;
          																				__eflags = 0;
          																				goto L67;
          																			}
          																			_t353 = _v280;
          																			__eflags = _t353;
          																			if(_t353 != 0) {
          																				_t430 = _v20;
          																				_t461 = _v72;
          																				__eflags =  *(_t430 + _t353) & _t461;
          																				if(( *(_t430 + _t353) & _t461) != 0) {
          																					SetFileAttributesW( &_v1928,  *(_v276 + _v12 * 4)); // executed
          																				}
          																			}
          																			L61:
          																			_v12 = _v12 + 1;
          																			__eflags = _v12 - _v300;
          																			if(_v12 < _v300) {
          																				continue;
          																			}
          																			goto L68;
          																		}
          																	}
          																	__eflags = _v84 - _v52;
          																	if(_v84 == _v52) {
          																		goto L53;
          																	}
          																	goto L52;
          																}
          															}
          															E0040187C( &_v1928);
          															goto L61;
          														}
          														_t368 = _t466;
          														_v20 = 1;
          														_t388 = _t466;
          														do {
          															__eflags =  *_t368 - 0x2f;
          															if( *_t368 == 0x2f) {
          																 *_t388 =  *_t388 & 0x00000000;
          																__eflags =  *_t388;
          																E0040187C( &_v1928);
          																_t480 = _v20;
          																 *_t388 = 0x5c;
          															}
          															_v20 = _v20 + 1;
          															_t388 =  &(_t388[1]);
          															_t368 = _t388;
          															__eflags =  *_t388;
          														} while ( *_t388 != 0);
          														goto L44;
          													}
          													goto L65;
          												}
          												_t370 = E00403FD7( &_v104,  &_v80, __eflags, _t465); // executed
          												__eflags = _t370;
          												if(_t370 == 0) {
          													_t371 = _v40();
          													__eflags = _t371 - _t465;
          													_v140 = _t371;
          													if(_t371 != _t465) {
          														_v136 = 0x40000;
          														_v152 =  &_v112;
          														_v144 = _t465;
          														_v148 = _t465;
          													} else {
          														_v8 = 2;
          													}
          													goto L34;
          												}
          												goto L30;
          											}
          											_v16 = "can not open input file";
          											_v8 = _t385;
          											goto L34;
          										}
          										_t373 = "Can\'t create temp folder";
          										__eflags = _t373;
          										if(_t373 != 0) {
          										}
          										goto L107;
          									}
          									_t380 = GetLastError();
          									__eflags = _t380 - 0xb7;
          									if(_t380 != 0xb7) {
          										break;
          									}
          									L20:
          									_v12 = _v12 + 1;
          									_t475 = _t475 + GetTickCount();
          									__eflags = _v12 - 0x64;
          								} while (_v12 < 0x64);
          								_v8 = _t385;
          								goto L22;
          							}
          						}
          						__eflags = _t258 - 0x20;
          						if(_t258 != 0x20) {
          							goto L8;
          						}
          						__eflags = _t393 - _t465;
          						if(_t393 == _t465) {
          							goto L9;
          						}
          						goto L8;
          					}
          				}
          			}
























































































































          0x00401008
          0x00401012
          0x00401014
          0x00401015
          0x00401018
          0x0040101b
          0x0040101e
          0x00401021
          0x0040102c
          0x00401032
          0x0040103a
          0x00401041
          0x00401048
          0x0040104f
          0x00401056
          0x00401063
          0x00401076
          0x0040107c
          0x00401084
          0x004017b5
          0x00000000
          0x00401092
          0x00401098
          0x0040109b
          0x0040109d
          0x004010a0
          0x004010a7
          0x00000000
          0x004010a9
          0x004010b0
          0x004010b0
          0x004010c3
          0x004010c3
          0x00000000
          0x004010b4
          0x004010b4
          0x004010b7
          0x004010c9
          0x004010d1
          0x004010d7
          0x004010d9
          0x00000000
          0x00000000
          0x004010df
          0x004010e1
          0x00000000
          0x004010e7
          0x004010f5
          0x004010f8
          0x00401103
          0x00401114
          0x00401114
          0x00401116
          0x00401119
          0x00401129
          0x0040113c
          0x00401143
          0x00401146
          0x00401148
          0x0040114f
          0x00401152
          0x00401154
          0x00401157
          0x0040115a
          0x0040115d
          0x00401164
          0x00401164
          0x0040115f
          0x0040115f
          0x0040115f
          0x00401167
          0x0040116b
          0x0040116c
          0x0040116c
          0x0040116c
          0x0040116c
          0x00401177
          0x0040117b
          0x00401182
          0x00401184
          0x00401185
          0x00000000
          0x00000000
          0x0040118f
          0x00401195
          0x00401197
          0x004011fe
          0x0040120b
          0x00401211
          0x00401214
          0x004011be
          0x004011cc
          0x004011d2
          0x004011d7
          0x00401227
          0x00401229
          0x0040123d
          0x00401240
          0x00401243
          0x00401248
          0x0040124a
          0x0040125c
          0x0040125c
          0x0040125f
          0x004012a3
          0x004012a9
          0x004012ae
          0x004012b1
          0x004015b7
          0x004015c0
          0x004015ce
          0x004015d4
          0x004015d9
          0x004015dc
          0x00401755
          0x0040175e
          0x00401766
          0x0040176b
          0x0040176e
          0x00401770
          0x00401777
          0x0040177a
          0x00401783
          0x00401786
          0x0040178f
          0x00401792
          0x0040179e
          0x004017a0
          0x004017ab
          0x004017ab
          0x004017b0
          0x004017b2
          0x00000000
          0x004017b2
          0x004017a2
          0x004017a7
          0x004017a7
          0x004017a9
          0x00000000
          0x00000000
          0x00000000
          0x004017a9
          0x00401794
          0x00000000
          0x00401794
          0x00401788
          0x00000000
          0x00401788
          0x0040177c
          0x00000000
          0x0040177c
          0x00000000
          0x00401772
          0x004015e8
          0x004015f0
          0x004015f7
          0x004015fd
          0x004015ff
          0x00401608
          0x00401608
          0x0040160f
          0x00401616
          0x0040161c
          0x0040161f
          0x004016b6
          0x004016c6
          0x004016d4
          0x004016d8
          0x004016e3
          0x004016ff
          0x00401705
          0x00401707
          0x00401715
          0x0040171b
          0x0040171e
          0x0040171e
          0x00401720
          0x00401725
          0x00401730
          0x00401736
          0x00401738
          0x0040173a
          0x0040173a
          0x00401742
          0x00401742
          0x00401748
          0x0040174f
          0x00000000
          0x0040174f
          0x00401709
          0x00000000
          0x00401709
          0x0040162d
          0x00401631
          0x0040163f
          0x00401645
          0x0040164b
          0x00401655
          0x0040165e
          0x00401660
          0x00401665
          0x00401665
          0x00401671
          0x0040167c
          0x00401682
          0x00401684
          0x0040169f
          0x0040169f
          0x00000000
          0x00401686
          0x00401686
          0x0040168d
          0x00401697
          0x00401697
          0x00000000
          0x00401697
          0x0040168f
          0x00401695
          0x00000000
          0x00000000
          0x00000000
          0x00401695
          0x00401684
          0x00401601
          0x00401606
          0x00000000
          0x00000000
          0x00000000
          0x00401606
          0x004012cb
          0x004012d0
          0x004012d2
          0x004012d5
          0x00000000
          0x00000000
          0x004012db
          0x004012df
          0x004012e3
          0x004012e9
          0x004012f0
          0x004012f3
          0x004012f6
          0x004012f9
          0x00401563
          0x00401563
          0x00401566
          0x004015ac
          0x004015b2
          0x004015b5
          0x004015b5
          0x00000000
          0x004015b5
          0x00401568
          0x00401568
          0x0040156b
          0x0040156e
          0x00401582
          0x0040158a
          0x0040158f
          0x00401593
          0x00000000
          0x00000000
          0x00401595
          0x00401597
          0x00401597
          0x0040159b
          0x0040159d
          0x0040159d
          0x004015a3
          0x004015a4
          0x004015a6
          0x004015a6
          0x00000000
          0x00401597
          0x00401570
          0x00401555
          0x00401555
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x004012ff
          0x004012ff
          0x00401302
          0x0040130b
          0x0040130e
          0x00401311
          0x00401316
          0x0040131b
          0x00000000
          0x00000000
          0x0040132d
          0x00401335
          0x00401365
          0x0040136a
          0x0040136c
          0x0040136f
          0x00000000
          0x00000000
          0x00401375
          0x00401378
          0x004013af
          0x004013b2
          0x004013c0
          0x004013c5
          0x004013c8
          0x004013cb
          0x004013ce
          0x004013d1
          0x004013e3
          0x004013e7
          0x004013f5
          0x004013fd
          0x00401400
          0x0040140b
          0x0040140e
          0x0040140f
          0x00401414
          0x0040141c
          0x0040141e
          0x00401421
          0x00401422
          0x00401429
          0x00401438
          0x0040143a
          0x0040143d
          0x0040143f
          0x00401445
          0x0040144a
          0x0040144d
          0x0040144d
          0x00401450
          0x00401450
          0x00401459
          0x0040145e
          0x00401460
          0x00401545
          0x00000000
          0x00401466
          0x0040146f
          0x00401474
          0x00401476
          0x0040154e
          0x00000000
          0x0040154e
          0x00401482
          0x00401492
          0x00401497
          0x00401499
          0x004014a3
          0x004014a3
          0x004014aa
          0x004014b1
          0x004014b1
          0x004014b9
          0x004014bb
          0x004014bd
          0x004014c0
          0x004014c3
          0x004014c6
          0x004014d1
          0x004014d6
          0x004014dc
          0x004014e8
          0x004014e8
          0x004014c6
          0x004014f1
          0x004014f6
          0x004014f9
          0x00000000
          0x004014ff
          0x004014ff
          0x00401501
          0x0040155e
          0x00401561
          0x00401561
          0x00000000
          0x00401561
          0x00401503
          0x00401509
          0x0040150b
          0x0040150d
          0x00401510
          0x00401513
          0x00401516
          0x0040152b
          0x0040152b
          0x00401516
          0x00401531
          0x00401531
          0x00401537
          0x0040153d
          0x00000000
          0x00000000
          0x00000000
          0x00401543
          0x004014f9
          0x0040149e
          0x004014a1
          0x00000000
          0x00000000
          0x00000000
          0x004014a1
          0x00401460
          0x004013d9
          0x00000000
          0x004013d9
          0x0040137a
          0x0040137c
          0x00401383
          0x00401385
          0x00401385
          0x00401389
          0x0040138b
          0x0040138b
          0x00401395
          0x0040139a
          0x0040139d
          0x0040139d
          0x004013a2
          0x004013a6
          0x004013a7
          0x004013a9
          0x004013a9
          0x00000000
          0x00401385
          0x00000000
          0x004012ff
          0x00401253
          0x00401258
          0x0040125a
          0x00401272
          0x00401275
          0x00401277
          0x0040127d
          0x0040128b
          0x00401291
          0x00401297
          0x0040129d
          0x0040127f
          0x0040127f
          0x0040127f
          0x00000000
          0x0040127d
          0x00000000
          0x0040125a
          0x0040122b
          0x00401232
          0x00000000
          0x00401232
          0x004011d9
          0x004011de
          0x004011e2
          0x004011e2
          0x00000000
          0x004011e2
          0x00401199
          0x0040119f
          0x004011a4
          0x00000000
          0x00000000
          0x004011a6
          0x004011a6
          0x004011af
          0x004011b1
          0x004011b1
          0x004011bb
          0x00000000
          0x004011bb
          0x004010e1
          0x004010b9
          0x004010bd
          0x00000000
          0x00000000
          0x004010bf
          0x004010c1
          0x00000000
          0x00000000
          0x00000000
          0x004010c1
          0x0040109d

          APIs
            • Part of subcall function 00405553: GetVersionExW.KERNEL32(?), ref: 0040556E
            • Part of subcall function 00405553: GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00405594
            • Part of subcall function 00405553: GetProcAddress.KERNEL32(00000000), ref: 0040559B
            • Part of subcall function 00405553: GetSystemDirectoryW.KERNEL32(?,00000106), ref: 004055C0
            • Part of subcall function 00405553: lstrlenW.KERNEL32(?), ref: 004055E0
            • Part of subcall function 00405553: lstrcatW.KERNEL32(?,.dll), ref: 00405641
            • Part of subcall function 00405553: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00405652
          • SetConsoleCtrlHandler.KERNELBASE(00401867,00000001,?,?,?,?,00407C57,?,?,?), ref: 0040102C
          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040107C
          • GetCommandLineW.KERNEL32 ref: 00401092
          • GetTempPathW.KERNEL32(00000104,?), ref: 004010D1
          • wcslen.MSVCRT ref: 004010EE
          • GetCurrentThreadId.KERNEL32 ref: 004010F8
          • GetTickCount.KERNEL32 ref: 00401103
          • GetCurrentProcessId.KERNEL32 ref: 0040110E
          • wcscpy.MSVCRT ref: 00401129
          • wcslen.MSVCRT ref: 00401136
          • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00407CB0,00408360,000000FF), ref: 0040118F
          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00407CB0,00408360,000000FF), ref: 00401199
          • GetTickCount.KERNEL32 ref: 004011A9
          • wcscpy.MSVCRT ref: 004011CC
          • wcscat.MSVCRT ref: 004011FE
          • wcslen.MSVCRT ref: 0040120B
          • wcslen.MSVCRT ref: 004013E7
          • SetFileTime.KERNELBASE(?,00000000,00000000,?,?,0000000B,?,00000000,?), ref: 004014E8
            • Part of subcall function 0040187C: CreateDirectoryW.KERNELBASE(?,00000000,004013DE,00000064,000000FF,?,?,?,?,?,?,?,00000000), ref: 0040187F
          • GetLongPathNameW.KERNELBASE(?,?,?,0000000B,?,00000000,?), ref: 0040152B
          • GetCurrentDirectoryW.KERNEL32(00000105,?,?,?,?,?,?,?,?,?,?,00407CB0,00408360,000000FF), ref: 004015F7
          • SetCurrentDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00407CB0,00408360,000000FF), ref: 00401616
          • memset.MSVCRT ref: 00401631
          • wcslen.MSVCRT ref: 00401655
          • ShellExecuteExW.SHELL32(?), ref: 0040167C
          • wcscpy.MSVCRT ref: 004016B6
          • wcscat.MSVCRT ref: 004016C6
          • memset.MSVCRT ref: 004016D8
          • CreateProcessW.KERNELBASE ref: 004016FF
          • CloseHandle.KERNEL32(?), ref: 00401715
          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401725
          • GetExitCodeProcess.KERNELBASE(00000000,?), ref: 00401730
          • CloseHandle.KERNEL32(?), ref: 00401742
          • SetCurrentDirectoryW.KERNELBASE(?), ref: 0040174F
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: Directory$Currentwcslen$CreateHandleProcesswcscpy$CloseCountFileModuleNamePathTickmemsetwcscat$AddressCodeCommandConsoleCtrlErrorExecuteExitHandlerLastLibraryLineLoadLongObjectProcShellSingleSystemTempThreadTimeVersionWaitlstrcatlstrlen
          • String ID: $CRC error$Can't allocate required memory$Can't create temp folder$Decoder doesn't support this archive$ERROR$Error$d
          • API String ID: 1885443176-68180839
          • Opcode ID: d69e23ba41f2422cd0feb44689c6245351841c009ae856ed79d4e37fcb6d2b57
          • Instruction ID: 2b97d10951c8a5742ebdcf81343ffd423f370d7db3832ae0208946de884d8604
          • Opcode Fuzzy Hash: d69e23ba41f2422cd0feb44689c6245351841c009ae856ed79d4e37fcb6d2b57
          • Instruction Fuzzy Hash: 5B322C71D002199BCF20DF94C984AEEB7B9EF44304F1081BBE546B72A1EB785A85CF59
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 169 4019b4-4019f4 wcslen wcscpy FindFirstFileW 170 401a01-401a15 wcscmp 169->170 171 4019f6-4019fc GetLastError 169->171 173 401a75-401a86 FindNextFileW 170->173 174 401a17-401a2b wcscmp 170->174 172 401ac2-401acc 171->172 173->170 175 401a8c-401a97 GetLastError 173->175 174->173 176 401a2d-401a3c wcscpy 174->176 177 401a99 175->177 178 401a9b-401aab FindClose 175->178 179 401a55-401a67 SetFileAttributesW GetLongPathNameW 176->179 180 401a3e-401a53 wcscat call 4019b4 176->180 177->178 183 401ac0 178->183 184 401aad-401ab6 RemoveDirectoryW 178->184 181 401a71-401a73 179->181 182 401a69 GetLastError 179->182 186 401a6f 180->186 181->173 181->178 182->186 183->172 184->183 187 401ab8-401abe GetLastError 184->187 186->181 187->183
          C-Code - Quality: 94%
          			E004019B4(wchar_t* __ecx) {
          				struct _WIN32_FIND_DATAW _v592;
          				wchar_t* _v596;
          				void* _t17;
          				int _t21;
          				int _t25;
          				int _t32;
          				long _t33;
          				long _t36;
          				wchar_t* _t49;
          				wchar_t* _t50;
          
          				_t50 = __ecx;
          				_t36 = 0;
          				_t49 = _t50 + wcslen(__ecx) * 2;
          				_v596 = "*";
          				wcscpy(_t49, ??);
          				_t17 = FindFirstFileW(_t50,  &_v592); // executed
          				 *_t49 =  *_t49 & 0;
          				_v596 = _t17;
          				if(_t17 != 0xffffffff) {
          					goto L2;
          				} else {
          					return GetLastError();
          				}
          				do {
          					L2:
          					if(wcscmp( &(_v592.cFileName), ".") != 0 && wcscmp( &(_v592.cFileName), L"..") != 0) {
          						wcscpy(_t49,  &(_v592.cFileName));
          						if((_v592.dwFileAttributes & 0x00000010) == 0) {
          							SetFileAttributesW(_t50, 0); // executed
          							_t32 = DeleteFileW(_t50); // executed
          							if(_t32 != 0) {
          								L9:
          								if(_t36 != 0) {
          									L13:
          									 *_t49 =  *_t49 & 0x00000000;
          									FindClose(_v596);
          									if(_t36 == 0) {
          										_t25 = RemoveDirectoryW(_t50); // executed
          										if(_t25 == 0) {
          											_t36 = GetLastError();
          										}
          									}
          									return _t36;
          								}
          								goto L10;
          							}
          							_t33 = GetLastError();
          							L8:
          							_t36 = _t33;
          							goto L9;
          						}
          						wcscat(_t50, "\\");
          						_t33 = E004019B4(_t50);
          						goto L8;
          					}
          					L10:
          					_t21 = FindNextFileW(_v596,  &_v592); // executed
          				} while (_t21 != 0);
          				_t36 = GetLastError();
          				if(_t36 == 0x12) {
          					_t36 = 0;
          				}
          				goto L13;
          			}













          0x004019bd
          0x004019c1
          0x004019cf
          0x004019d2
          0x004019da
          0x004019e4
          0x004019ea
          0x004019f0
          0x004019f4
          0x00000000
          0x004019f6
          0x00000000
          0x004019f6
          0x00401a01
          0x00401a01
          0x00401a15
          0x00401a33
          0x00401a3c
          0x00401a58
          0x00401a5f
          0x00401a67
          0x00401a71
          0x00401a73
          0x00401a9b
          0x00401a9f
          0x00401aa3
          0x00401aab
          0x00401aae
          0x00401ab6
          0x00401abe
          0x00401abe
          0x00401ab6
          0x00000000
          0x00401ac0
          0x00000000
          0x00401a73
          0x00401a69
          0x00401a6f
          0x00401a6f
          0x00000000
          0x00401a6f
          0x00401a44
          0x00401a4e
          0x00000000
          0x00401a4e
          0x00401a75
          0x00401a7e
          0x00401a84
          0x00401a92
          0x00401a97
          0x00401a99
          0x00401a99
          0x00000000

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: ErrorFindLast$Filewcscmpwcscpy$CloseDirectoryFirstNextRemovewcscatwcslen
          • String ID:
          • API String ID: 1103172606-0
          • Opcode ID: b85e80085b61c154d30a48925487207ecc2f3fbf555615e581930c351785453b
          • Instruction ID: 7e2c09ada6b958849b4e9a240767df9f9d4aebf77d143bffb4ec845ec13f9784
          • Opcode Fuzzy Hash: b85e80085b61c154d30a48925487207ecc2f3fbf555615e581930c351785453b
          • Instruction Fuzzy Hash: 823184313067069FE7116F60AF48A6F77A8EF45356B11043EF681F11E0EF7899098A6E
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 262 401988-40199d FindFirstFileW 263 4019a3-4019ac FindClose 262->263 264 40199f-4019a1 262->264 265 4019ad-4019b3 263->265 264->265
          C-Code - Quality: 100%
          			E00401988(WCHAR* __ecx) {
          				void* _t2;
          				void* _t4;
          				struct _WIN32_FIND_DATAW* _t7;
          
          				_t2 = FindFirstFileW(__ecx, _t7); // executed
          				if(_t2 != 0xffffffff) {
          					FindClose(_t2);
          					_t4 = 1;
          					return _t4;
          				}
          				return 0;
          			}






          0x00401994
          0x0040199d
          0x004019a4
          0x004019ac
          0x00000000
          0x004019ac
          0x00000000

          APIs
          • FindFirstFileW.KERNELBASE(?,?), ref: 00401994
          • FindClose.KERNEL32(00000000), ref: 004019A4
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: Find$CloseFileFirst
          • String ID:
          • API String ID: 2295610775-0
          • Opcode ID: cd7618256b901368bd781d9f59d420d9b58fbc3044b3ecbc238e9ae79a97d79b
          • Instruction ID: de2a6797f10ea44540dda084330034740d7993bbf8fbefed18025c510119b4d9
          • Opcode Fuzzy Hash: cd7618256b901368bd781d9f59d420d9b58fbc3044b3ecbc238e9ae79a97d79b
          • Instruction Fuzzy Hash: B5D0C7B18505006BD7105770AE5DA7A355C6744371F950E3AF561E00D0D67DC54D856A
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          C-Code - Quality: 63%
          			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi) {
          				signed int _v8;
          				intOrPtr* _v24;
          				intOrPtr _v28;
          				int _v32;
          				char** _v36;
          				int _v40;
          				void _v44;
          				char** _v48;
          				intOrPtr _v52;
          				intOrPtr* _t18;
          				intOrPtr* _t19;
          				void* _t22;
          				void _t24;
          				int _t31;
          				intOrPtr* _t32;
          				intOrPtr _t35;
          				intOrPtr _t36;
          				intOrPtr _t39;
          				intOrPtr _t48;
          
          				_push(0xffffffff);
          				_push(0x408360);
          				_push(0x407cb0);
          				_push( *[fs:0x0]);
          				 *[fs:0x0] = _t48;
          				_v28 = _t48 - 0x20;
          				_v8 = _v8 & 0x00000000;
          				__set_app_type(1);
          				 *0x40b048 =  *0x40b048 | 0xffffffff;
          				 *0x40b04c =  *0x40b04c | 0xffffffff;
          				_t18 = __p__fmode();
          				_t35 =  *0x40902c; // 0x0
          				 *_t18 = _t35;
          				_t19 = __p__commode();
          				_t36 =  *0x409028; // 0x0
          				 *_t19 = _t36;
          				 *0x40b050 = _adjust_fdiv;
          				_t22 = E00407CA5( *_adjust_fdiv);
          				_t51 =  *0x409010;
          				if( *0x409010 == 0) {
          					__setusermatherr(E00407CA2);
          				}
          				E00407C90(_t22);
          				_push(0x40900c);
          				_push(0x409008);
          				L00407C8A();
          				_t24 =  *0x409024; // 0x0
          				_v44 = _t24;
          				__getmainargs( &_v32,  &_v48,  &_v36,  *0x409020,  &_v44);
          				_push(0x409004);
          				_push(0x409000);
          				L00407C8A();
          				 *(__p___initenv()) = _v36;
          				_push(_v36);
          				_push(_v48);
          				_push(_v32);
          				_t31 = E00401000(_v36, _t51); // executed
          				_v40 = _t31;
          				exit(_t31); // executed
          				_t32 = _v24;
          				_t39 =  *((intOrPtr*)( *_t32));
          				_v52 = _t39;
          				_push(_t32);
          				_push(_t39);
          				L00407C84();
          				return _t32;
          			}






















          0x00407b77
          0x00407b79
          0x00407b7e
          0x00407b89
          0x00407b8a
          0x00407b97
          0x00407b9a
          0x00407ba0
          0x00407ba7
          0x00407bae
          0x00407bb5
          0x00407bbb
          0x00407bc1
          0x00407bc3
          0x00407bc9
          0x00407bcf
          0x00407bd8
          0x00407bdd
          0x00407be2
          0x00407be9
          0x00407bf0
          0x00407bf6
          0x00407bf7
          0x00407bfc
          0x00407c01
          0x00407c06
          0x00407c0b
          0x00407c10
          0x00407c29
          0x00407c2f
          0x00407c34
          0x00407c39
          0x00407c47
          0x00407c49
          0x00407c4c
          0x00407c4f
          0x00407c52
          0x00407c5a
          0x00407c5e
          0x00407c64
          0x00407c69
          0x00407c6b
          0x00407c6e
          0x00407c6f
          0x00407c70
          0x00407c77

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: _initterm$FilterXcpt__getmainargs__p___initenv__p__commode__p__fmode__set_app_type__setusermatherrexit
          • String ID:
          • API String ID: 167530163-0
          • Opcode ID: 49f18420dfb8adc0c77f0e02ce649e384d2936f8b03c4ff1152a1f667b670930
          • Instruction ID: afd6c000887d82baa1919e5ee554320803ed182ad0b33a081972b44a0441be48
          • Opcode Fuzzy Hash: 49f18420dfb8adc0c77f0e02ce649e384d2936f8b03c4ff1152a1f667b670930
          • Instruction Fuzzy Hash: EA314A75904204EFEB149FA0DE49B9A7BB8FB08324F10413AF551B22E1DB386804CB69
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 198 401893-4018ab call 407ab0 201 4018ae-4018cd call 403f13 198->201 204 4018d3-4018db 201->204 205 401977 201->205 204->205 207 4018e1 204->207 206 401979-40197c 205->206 208 4018e3-4018e5 207->208 209 4018eb-4018f0 207->209 208->205 208->209 210 4018f3-4018f5 209->210 211 401943-401969 memmove 210->211 212 4018f7-4018ff 210->212 211->205 215 40196b-401971 211->215 213 401901-401904 212->213 214 401906-401908 212->214 213->212 213->214 214->211 216 40190a-401923 memcmp 214->216 215->201 215->205 217 401925-40193b call 403c58 216->217 218 40193d-401941 216->218 217->218 221 40197d-401986 217->221 218->210 221->206
          C-Code - Quality: 72%
          			E00401893(intOrPtr __ecx, intOrPtr* __edx, void* __eflags) {
          				char _v8;
          				intOrPtr _v12;
          				void _v32780;
          				void* _t28;
          				intOrPtr _t31;
          				intOrPtr _t32;
          				void* _t36;
          				void* _t38;
          				intOrPtr _t39;
          				void* _t44;
          				void* _t46;
          				intOrPtr* _t47;
          				void* _t48;
          				void* _t49;
          				void* _t53;
          
          				_t39 = __ecx;
          				E00407AB0(0x8008, __ecx);
          				_v12 = _t39;
          				_t47 = __edx;
          				 *__edx = 0;
          				 *((intOrPtr*)(__edx + 4)) = 0;
          				while(1) {
          					_v8 = 0x8000;
          					_t28 = E00403F13(_v12, _t48 + 0xffffffffffff7ff8,  &_v8); // executed
          					if(_t28 != 0) {
          						break;
          					}
          					_t31 = _v8;
          					_t53 = _t31 - 0x20;
          					if(_t53 < 0 || _t53 == 0 && 0 != 0) {
          						break;
          					} else {
          						_t32 = _t31 - 0x20;
          						_t46 = 0;
          						_v8 = _t32;
          						while(_t46 <= _t32) {
          							while( *((char*)(_t48 + _t46 - 0x8008)) != 0x37) {
          								_t46 = _t46 + 1;
          								if(_t46 <= _t32) {
          									continue;
          								}
          								break;
          							}
          							if(_t46 > _t32) {
          								break;
          							}
          							_push(6);
          							_t36 = _t48 + _t46 - 0x8008;
          							_push(0x40829c);
          							_push(_t36);
          							L00407AE6();
          							_t49 = _t49 + 0xc;
          							if(_t36 != 0) {
          								L12:
          								_t32 = _v8;
          								_t46 = _t46 + 1;
          								continue;
          							}
          							_t44 = 0x14;
          							if(E00403C58(_t48 + _t46 - 0x7ffc, _t44) ==  *((intOrPtr*)(_t48 + _t46 - 0x8000))) {
          								 *_t47 =  *_t47 + _t46;
          								_t38 = 1;
          								asm("adc dword [esi+0x4], 0x0");
          								return _t38;
          							}
          							goto L12;
          						}
          						 *_t47 =  *_t47 + _t32;
          						_push(0x20);
          						_pop(0);
          						asm("adc dword [esi+0x4], 0x0");
          						memmove( &_v32780, _t48 + _t32 - 0x8008, 0);
          						_t49 = _t49 + 0xc;
          						if( *((intOrPtr*)(_t47 + 4)) > 0 ||  *_t47 > 0x400000) {
          							break;
          						} else {
          							continue;
          						}
          					}
          				}
          				return 0;
          			}


















          0x00401893
          0x0040189b
          0x004018a0
          0x004018a5
          0x004018a9
          0x004018ab
          0x004018ae
          0x004018bf
          0x004018c6
          0x004018cd
          0x00000000
          0x00000000
          0x004018d6
          0x004018d8
          0x004018db
          0x00000000
          0x004018eb
          0x004018eb
          0x004018ee
          0x004018f0
          0x004018f3
          0x004018f7
          0x00401901
          0x00401904
          0x00000000
          0x00000000
          0x00000000
          0x00401904
          0x00401908
          0x00000000
          0x00000000
          0x0040190a
          0x0040190c
          0x00401913
          0x00401918
          0x00401919
          0x0040191e
          0x00401923
          0x0040193d
          0x0040193d
          0x00401940
          0x00000000
          0x00401940
          0x0040192e
          0x0040193b
          0x0040197d
          0x00401981
          0x00401982
          0x00000000
          0x00401982
          0x00000000
          0x0040193b
          0x00401943
          0x00401945
          0x00401947
          0x00401951
          0x0040195c
          0x00401962
          0x00401969
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x00401969
          0x004018db
          0x00000000

          APIs
            • Part of subcall function 00403F13: ReadFile.KERNELBASE(?,?,00400000,?,00000000,00000000,?,0000000B,?,?,004018CB,?,00000000,00000000,?,00401248), ref: 00403F46
            • Part of subcall function 00403F13: GetLastError.KERNEL32(?,0000000B,?,?,004018CB,?,00000000,00000000,?,00401248), ref: 00403F64
          • memcmp.MSVCRT ref: 00401919
          • memmove.MSVCRT ref: 0040195C
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: ErrorFileLastReadmemcmpmemmove
          • String ID: 7
          • API String ID: 3189527546-1790921346
          • Opcode ID: b7958561dd4736319419b8ffc834a1cdf45600c3326dc28e3b0212de6f038649
          • Instruction ID: 3776563e55ca5a772eb2d72dae57dcfa4219ac950be5525b51720b050a35fb01
          • Opcode Fuzzy Hash: b7958561dd4736319419b8ffc834a1cdf45600c3326dc28e3b0212de6f038649
          • Instruction Fuzzy Hash: B2219672A0030597DB309EA5D945B9FB7E8FF80354F10847BD885F3290E6789B89CB09
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 222 403fd7-403ffe call 407b20 225 404000-404001 222->225 226 404014 222->226 227 404010-404012 225->227 228 404003-404004 225->228 229 404016-40402a SetFilePointer 226->229 232 40400d-40400e 227->232 230 404006-404009 228->230 231 40400b 228->231 233 404036-404048 229->233 234 40402c-404034 GetLastError 229->234 235 40404a-40404e 230->235 231->232 232->229 233->235 234->233 234->235
          C-Code - Quality: 77%
          			E00403FD7(void** __ecx, long* __edx, void* __eflags, intOrPtr _a4) {
          				long _v8;
          				long _v12;
          				intOrPtr _t13;
          				long _t16;
          				long _t19;
          				void* _t20;
          				void** _t23;
          				void* _t26;
          				long _t33;
          				long* _t36;
          
          				_push(__ecx);
          				_push(__ecx);
          				_t36 = __edx;
          				_t23 = __ecx;
          				_t33 =  *__edx;
          				_t26 = 0x20;
          				_v12 = _t33;
          				_v8 = E00407B20(_t33, _t26, __edx[1]);
          				_t13 = _a4;
          				if(_t13 == 0) {
          					goto L8;
          				} else {
          					_t20 = _t13 - 1;
          					if(_t20 == 0) {
          						_push(1);
          						goto L5;
          					} else {
          						if(_t20 == 1) {
          							_push(2);
          							L5:
          							_pop(0);
          							L8:
          							_t16 = SetFilePointer( *_t23, _t33,  &_v8, 0); // executed
          							_v12 = _t16;
          							if(_t16 != 0xffffffff) {
          								L10:
          								asm("cdq");
          								 *_t36 = _v12;
          								_t36[1] = _v8;
          								_t19 = 0;
          							} else {
          								_t19 = GetLastError();
          								if(_t19 == 0) {
          									goto L10;
          								}
          							}
          						} else {
          							_t19 = 0x57;
          						}
          					}
          				}
          				return _t19;
          			}













          0x00403fda
          0x00403fdb
          0x00403fde
          0x00403fe1
          0x00403fe5
          0x00403fea
          0x00403fed
          0x00403ff5
          0x00403ffb
          0x00403ffe
          0x00000000
          0x00404000
          0x00404000
          0x00404001
          0x00404010
          0x00000000
          0x00404003
          0x00404004
          0x0040400b
          0x0040400d
          0x0040400d
          0x00404016
          0x0040401e
          0x00404027
          0x0040402a
          0x00404036
          0x0040403e
          0x00404041
          0x00404045
          0x00404048
          0x0040402c
          0x0040402c
          0x00404034
          0x00000000
          0x00000000
          0x00404034
          0x00404006
          0x00404008
          0x00404008
          0x00404004
          0x00404001
          0x0040404e

          APIs
          • SetFilePointer.KERNELBASE(?,00000000,?,00000000,00000000,00000000,0000000B,?,?,?,00401258,00000000), ref: 0040401E
          • GetLastError.KERNEL32(?,00401258,00000000,?,?,?,?,?,?,?,?,?,00407CB0,00408360,000000FF), ref: 0040402C
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: ErrorFileLastPointer
          • String ID:
          • API String ID: 2976181284-0
          • Opcode ID: 8f061858a963bf2dc427b33849d10ee8bdcafe9a83eb0b5b61ab6995ae1f676b
          • Instruction ID: bd704f45b9d62dcf68a75278fddc49854175addc99cfd3408314b380d85ebdb8
          • Opcode Fuzzy Hash: 8f061858a963bf2dc427b33849d10ee8bdcafe9a83eb0b5b61ab6995ae1f676b
          • Instruction Fuzzy Hash: 4801C0B1600204BFD724CF68D845A6BB7A8EBC4350F20883BF306F72D0D674AD409A64
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 247 403f75-403f88 248 403f8a 247->248 249 403fce 247->249 251 403f8d-403f94 248->251 250 403fd0-403fd4 249->250 252 403f96 251->252 253 403f98-403fba WriteFile 251->253 252->253 254 403fc6-403fcc GetLastError 253->254 255 403fbc-403fbe 253->255 254->250 255->249 256 403fc0-403fc2 255->256 256->249 257 403fc4 256->257 257->251
          C-Code - Quality: 95%
          			E00403F75(void** __ecx, void* __edx, long _a4) {
          				void* _v8;
          				long _t10;
          				long _t11;
          				int _t12;
          				void** _t14;
          				long _t18;
          				long _t21;
          				signed int* _t24;
          
          				_push(__ecx);
          				_t24 = _a4;
          				_v8 = __edx;
          				_t14 = __ecx;
          				_t21 =  *_t24;
          				if(_t21 == 0) {
          					L9:
          					_t10 = 0;
          				} else {
          					 *_t24 =  *_t24 & 0x00000000;
          					while(1) {
          						_t11 = 0x400000;
          						if(_t21 <= 0x400000) {
          							_t11 = _t21;
          						}
          						_a4 = _a4 & 0x00000000;
          						_t12 = WriteFile( *_t14, _v8, _t11,  &_a4, 0); // executed
          						_t18 = _a4;
          						_v8 = _v8 + _t18;
          						 *_t24 =  *_t24 + _t18;
          						_t21 = _t21 - _t18;
          						if(_t12 == 0) {
          							break;
          						}
          						if(_t18 == 0 || _t21 <= 0) {
          							goto L9;
          						} else {
          							continue;
          						}
          						goto L10;
          					}
          					_t10 = GetLastError();
          				}
          				L10:
          				return _t10;
          			}











          0x00403f78
          0x00403f7b
          0x00403f7f
          0x00403f82
          0x00403f84
          0x00403f88
          0x00403fce
          0x00403fce
          0x00403f8a
          0x00403f8a
          0x00403f8d
          0x00403f8d
          0x00403f94
          0x00403f96
          0x00403f96
          0x00403f9d
          0x00403fa8
          0x00403fae
          0x00403fb1
          0x00403fb4
          0x00403fb6
          0x00403fba
          0x00000000
          0x00000000
          0x00403fbe
          0x00000000
          0x00403fc4
          0x00000000
          0x00403fc4
          0x00000000
          0x00403fbe
          0x00403fc6
          0x00403fc6
          0x00403fd0
          0x00403fd4

          APIs
          • WriteFile.KERNELBASE(?,?,00400000,?,00000000,00000000,00000000,0000000B,?,?,00401497,?,0000000B,?,00000000,?), ref: 00403FA8
          • GetLastError.KERNEL32(?,00401497,?,0000000B,?,00000000,?), ref: 00403FC6
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: ErrorFileLastWrite
          • String ID:
          • API String ID: 442123175-0
          • Opcode ID: ef52206b39ca597cfb90135402357cb9205d2b77a695a5cd07e3ee9b714e1f53
          • Instruction ID: df6156cc16c0bc530af2a2cd232a26aa88dcbdd9ce26652be93133cd2d4b7d4a
          • Opcode Fuzzy Hash: ef52206b39ca597cfb90135402357cb9205d2b77a695a5cd07e3ee9b714e1f53
          • Instruction Fuzzy Hash: 05016276A20206AFDB148F59DA047AA7BB9DF54756F11403EF945A2280D6749E008758
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 236 403f13-403f26 237 403f28 236->237 238 403f6c 236->238 239 403f2b-403f32 237->239 240 403f6e-403f72 238->240 241 403f34 239->241 242 403f36-403f58 ReadFile 239->242 241->242 243 403f64-403f6a GetLastError 242->243 244 403f5a-403f5c 242->244 243->240 244->238 245 403f5e-403f60 244->245 245->238 246 403f62 245->246 246->239
          C-Code - Quality: 95%
          			E00403F13(void** __ecx, void* __edx, long _a4) {
          				void* _v8;
          				long _t10;
          				long _t11;
          				int _t12;
          				void** _t14;
          				long _t18;
          				long _t21;
          				signed int* _t24;
          
          				_push(__ecx);
          				_t24 = _a4;
          				_v8 = __edx;
          				_t14 = __ecx;
          				_t21 =  *_t24;
          				if(_t21 == 0) {
          					L9:
          					_t10 = 0;
          				} else {
          					 *_t24 =  *_t24 & 0x00000000;
          					while(1) {
          						_t11 = 0x400000;
          						if(_t21 <= 0x400000) {
          							_t11 = _t21;
          						}
          						_a4 = _a4 & 0x00000000;
          						_t12 = ReadFile( *_t14, _v8, _t11,  &_a4, 0); // executed
          						_t18 = _a4;
          						_v8 = _v8 + _t18;
          						 *_t24 =  *_t24 + _t18;
          						_t21 = _t21 - _t18;
          						if(_t12 == 0) {
          							break;
          						}
          						if(_t18 == 0 || _t21 <= 0) {
          							goto L9;
          						} else {
          							continue;
          						}
          						goto L10;
          					}
          					_t10 = GetLastError();
          				}
          				L10:
          				return _t10;
          			}











          0x00403f16
          0x00403f19
          0x00403f1d
          0x00403f20
          0x00403f22
          0x00403f26
          0x00403f6c
          0x00403f6c
          0x00403f28
          0x00403f28
          0x00403f2b
          0x00403f2b
          0x00403f32
          0x00403f34
          0x00403f34
          0x00403f3b
          0x00403f46
          0x00403f4c
          0x00403f4f
          0x00403f52
          0x00403f54
          0x00403f58
          0x00000000
          0x00000000
          0x00403f5c
          0x00000000
          0x00403f62
          0x00000000
          0x00403f62
          0x00000000
          0x00403f5c
          0x00403f64
          0x00403f64
          0x00403f6e
          0x00403f72

          APIs
          • ReadFile.KERNELBASE(?,?,00400000,?,00000000,00000000,?,0000000B,?,?,004018CB,?,00000000,00000000,?,00401248), ref: 00403F46
          • GetLastError.KERNEL32(?,0000000B,?,?,004018CB,?,00000000,00000000,?,00401248), ref: 00403F64
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: ErrorFileLastRead
          • String ID:
          • API String ID: 1948546556-0
          • Opcode ID: f9ea82db3295baee096a7b6132001702a306fe0d7ed58bd834147c9541c412ba
          • Instruction ID: dda05a6c3e7aba5663eeae9e40fdcdb53360f2618dd5f69a148108f3383b12c2
          • Opcode Fuzzy Hash: f9ea82db3295baee096a7b6132001702a306fe0d7ed58bd834147c9541c412ba
          • Instruction Fuzzy Hash: 2A018676A10206BFDB148F6DD9407AABBBDDF48362F21403EE985E3280D7749F448758
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 258 403ea0-403ed8 CreateFileW 259 403eda-403edc 258->259 260 403ede GetLastError 258->260 261 403ee4 259->261 260->261
          C-Code - Quality: 72%
          			E00403EA0(void** __ecx, WCHAR* __edx, signed int _a4) {
          				void* _t6;
          				void** _t15;
          
          				_t2 = _a4;
          				_t15 = __ecx;
          				asm("sbb ecx, ecx");
          				asm("sbb eax, eax");
          				_t6 = CreateFileW(__edx, ( ~_a4 & 0xc0000000) + 0x80000000, 1, 0,  ~_t2 + 3, 0x80, 0); // executed
          				 *_t15 = _t6;
          				if(_t6 == 0xffffffff) {
          					return GetLastError();
          				}
          				return 0;
          			}





          0x00403ea0
          0x00403ea5
          0x00403eb2
          0x00403eb9
          0x00403ecc
          0x00403ed2
          0x00403ed8
          0x00000000
          0x00403ede
          0x00000000

          APIs
          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000080,00000000,00000000,00403E9F,00000000,00401227), ref: 00403ECC
          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00407CB0,00408360,000000FF), ref: 00403EDE
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: CreateErrorFileLast
          • String ID:
          • API String ID: 1214770103-0
          • Opcode ID: cfe9b5afa13def5748a102262a71a19f7cbd0a00b5a439513187f3302e692a15
          • Instruction ID: 2ebc67d4b778009d8bb9fcfd12af60c3eea3b4c45e9c8e26ed92c3b041495ef4
          • Opcode Fuzzy Hash: cfe9b5afa13def5748a102262a71a19f7cbd0a00b5a439513187f3302e692a15
          • Instruction Fuzzy Hash: EBE026B23A02116FF3184B38CD06F7A6288C704B21F210B3EBA42E62C0D9BC9C004668
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 266 40187c-401887 CreateDirectoryW 267 401889-40188b 266->267 268 40188c-401892 GetLastError 266->268
          C-Code - Quality: 100%
          			E0040187C(WCHAR* __ecx) {
          				int _t1;
          
          				_t1 = CreateDirectoryW(__ecx, 0); // executed
          				if(_t1 == 0) {
          					return GetLastError();
          				} else {
          					return 0;
          				}
          			}




          0x0040187f
          0x00401887
          0x00401892
          0x00401889
          0x0040188b
          0x0040188b

          APIs
          • CreateDirectoryW.KERNELBASE(?,00000000,004013DE,00000064,000000FF,?,?,?,?,?,?,?,00000000), ref: 0040187F
          • GetLastError.KERNEL32 ref: 0040188C
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: CreateDirectoryErrorLast
          • String ID:
          • API String ID: 1375471231-0
          • Opcode ID: 71e8f8511ce012157a54129ca80005a8ad815caa11c68d5952bbbcb3d73debd2
          • Instruction ID: 00699778d3127a1d646272344d4ece5ac559e3ee0b59e0fd6b246b21367f69d8
          • Opcode Fuzzy Hash: 71e8f8511ce012157a54129ca80005a8ad815caa11c68d5952bbbcb3d73debd2
          • Instruction Fuzzy Hash: 89B092B03507016EDE642B315F0871725546B40742F014878A541F10A4EF38C014852C
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 269 401ad6-401ad8 270 401ada-401adc 269->270 271 401add-401ae5 malloc 269->271
          C-Code - Quality: 100%
          			E00401AD6(int __edx) {
          				void* _t1;
          
          				if(__edx != 0) {
          					_t1 = malloc(__edx); // executed
          					return _t1;
          				} else {
          					return 0;
          				}
          			}




          0x00401ad8
          0x00401ade
          0x00401ae5
          0x00401ada
          0x00401adc
          0x00401adc

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: malloc
          • String ID:
          • API String ID: 2803490479-0
          • Opcode ID: a91e8d0386fcd6b61fc4870d30870473fa9bb008252b4260977bce7e4222e718
          • Instruction ID: 0a2420411fc1d29f5b0751dfbec98324480b3cb3ebfb0dae053d681e3bbe10a8
          • Opcode Fuzzy Hash: a91e8d0386fcd6b61fc4870d30870473fa9bb008252b4260977bce7e4222e718
          • Instruction Fuzzy Hash: 91B0129461340041CA4407311E440932122E2E0203720C8BDB003A00D4EF3480103418
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 272 401acd-401ad5 free
          C-Code - Quality: 100%
          			E00401ACD(void* __eax, void* __edx) {
          				void* _t1;
          
          				_t1 = __eax;
          				free(__edx); // executed
          				return _t1;
          			}




          0x00401acd
          0x00401ace
          0x00401ad5

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: free
          • String ID:
          • API String ID: 1294909896-0
          • Opcode ID: 62d4157d80746584e2c4b4d2cf94aed8c1fefbe72067afd345d8641e9d4fe03c
          • Instruction ID: df7587e5048c60de87937c494dc7feb24a74b1112377ef41fa77a1ee22e040f3
          • Opcode Fuzzy Hash: 62d4157d80746584e2c4b4d2cf94aed8c1fefbe72067afd345d8641e9d4fe03c
          • Instruction Fuzzy Hash:
          Uniqueness

          Uniqueness Score: -1.00%

          Non-executed Functions

          C-Code - Quality: 84%
          			E00405553() {
          				struct _OSVERSIONINFOW _v280;
          				short _v1000;
          				_Unknown_base(*)()* _t23;
          				signed int _t25;
          				signed char _t27;
          				struct HINSTANCE__* _t31;
          				signed short* _t32;
          				signed char _t35;
          				void* _t38;
          				intOrPtr* _t40;
          				void* _t41;
          
          				_v280.dwOSVersionInfoSize = 0x114;
          				if(GetVersionExW( &_v280) == 0 || _v280.dwMajorVersion != 6 || _v280.dwMinorVersion != 0) {
          					_t23 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetDefaultDllDirectories");
          					if(_t23 == 0) {
          						goto L5;
          					} else {
          						_t25 =  *_t23(0xc00);
          						if(_t25 == 0) {
          							goto L5;
          						}
          					}
          				} else {
          					L5:
          					_t25 = GetSystemDirectoryW( &_v1000, 0x106);
          					if(_t25 != 0 && _t25 <= 0x104) {
          						_t25 = lstrlenW( &_v1000);
          						if( *((short*)(_t41 + _t25 * 2 - 0x3e6)) != 0x5c) {
          							 *((short*)(_t41 + _t25 * 2 - 0x3e4)) = 0x5c;
          							_t25 = _t25 + 1;
          						}
          						_t40 =  *0x4082c8; // 0x4082cc
          						if( *_t40 != 0) {
          							_t38 = _t25 + _t25;
          							do {
          								_t27 =  *_t40;
          								_t40 = _t40 + 1;
          								 *(_t41 + _t38 - 0x3e4) = _t27 & 0x000000ff;
          								if(_t27 == 0) {
          									goto L14;
          								}
          								_t32 = _t41 + _t38 - 0x3e2;
          								do {
          									_t35 =  *_t40;
          									_t40 = _t40 + 1;
          									 *_t32 = _t35 & 0x000000ff;
          									_t32 =  &(_t32[1]);
          								} while (_t35 != 0);
          								L14:
          								lstrcatW( &_v1000, L".dll");
          								_t31 = LoadLibraryExW( &_v1000, 0, 8);
          							} while ( *_t40 != 0);
          							return _t31;
          						}
          					}
          				}
          				return _t25;
          			}














          0x00405564
          0x00405576
          0x0040559b
          0x004055a3
          0x00000000
          0x004055a5
          0x004055aa
          0x004055ae
          0x00000000
          0x00000000
          0x004055ae
          0x004055b4
          0x004055b4
          0x004055c0
          0x004055c8
          0x004055e0
          0x004055ef
          0x004055f1
          0x004055fb
          0x004055fb
          0x004055fc
          0x00405605
          0x00405608
          0x0040560b
          0x0040560b
          0x0040560d
          0x00405614
          0x0040561c
          0x00000000
          0x00000000
          0x0040561e
          0x00405625
          0x00405625
          0x00405627
          0x0040562c
          0x00405630
          0x00405631
          0x00405635
          0x00405641
          0x00405652
          0x00405658
          0x00000000
          0x0040565d
          0x00405605
          0x004055c8
          0x00405660

          APIs
          • GetVersionExW.KERNEL32(?), ref: 0040556E
          • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00405594
          • GetProcAddress.KERNEL32(00000000), ref: 0040559B
          • GetSystemDirectoryW.KERNEL32(?,00000106), ref: 004055C0
          • lstrlenW.KERNEL32(?), ref: 004055E0
          • lstrcatW.KERNEL32(?,.dll), ref: 00405641
          • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00405652
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemVersionlstrcatlstrlen
          • String ID: .dll$SetDefaultDllDirectories$\$\$kernel32.dll
          • API String ID: 532070074-471922092
          • Opcode ID: d4baf4b3ff6616d987a30ff2953312681160e7621407c31db529472247c52950
          • Instruction ID: aaa7cc5abc2fb8cb219db84ea76f592ea9bf33b93396803eda6f18f8056faca7
          • Opcode Fuzzy Hash: d4baf4b3ff6616d987a30ff2953312681160e7621407c31db529472247c52950
          • Instruction Fuzzy Hash: 91219F315006599BDF329F64DE48BDB37ACEB54705F0009BAD585F21D0DBB98A89CF28
          Uniqueness

          Uniqueness Score: -1.00%

          C-Code - Quality: 97%
          			E00405DC9(signed char* __ecx, intOrPtr __edx, intOrPtr _a4) {
          				signed int _v8;
          				unsigned int _v12;
          				signed char* _v16;
          				char _v20;
          				signed int _v24;
          				signed char _v28;
          				signed int _v32;
          				signed int _v36;
          				signed char _v40;
          				signed int _v44;
          				signed int _v48;
          				signed int _v52;
          				signed char _v56;
          				signed int _v60;
          				signed char _v64;
          				signed int _v68;
          				signed char _v72;
          				signed char _v76;
          				signed char _v80;
          				signed char _v84;
          				intOrPtr _v88;
          				signed int _v92;
          				signed int _v96;
          				signed int _v100;
          				signed int _t1067;
          				signed int _t1081;
          				signed int _t1082;
          				signed short* _t1083;
          				unsigned int _t1087;
          				signed short* _t1091;
          				unsigned int _t1095;
          				signed short* _t1099;
          				unsigned int _t1100;
          				signed short* _t1103;
          				unsigned int _t1108;
          				signed char _t1110;
          				signed short* _t1114;
          				signed int _t1116;
          				void* _t1117;
          				signed char* _t1125;
          				signed char* _t1134;
          				char* _t1137;
          				signed int _t1138;
          				void* _t1141;
          				unsigned int _t1142;
          				signed char _t1148;
          				signed char _t1151;
          				signed int _t1155;
          				signed int _t1158;
          				unsigned int _t1164;
          				unsigned int _t1167;
          				unsigned int _t1170;
          				unsigned int _t1173;
          				signed short* _t1179;
          				unsigned int _t1180;
          				signed int _t1183;
          				signed int _t1185;
          				signed int _t1187;
          				unsigned int _t1190;
          				signed short* _t1196;
          				unsigned int _t1199;
          				signed short* _t1210;
          				unsigned int _t1211;
          				signed char _t1213;
          				signed int _t1235;
          				signed int _t1238;
          				unsigned int _t1241;
          				signed int _t1245;
          				signed short* _t1247;
          				unsigned int _t1251;
          				intOrPtr _t1255;
          				signed short* _t1257;
          				unsigned int _t1261;
          				intOrPtr _t1265;
          				signed short* _t1267;
          				unsigned int _t1271;
          				intOrPtr _t1275;
          				signed short* _t1277;
          				unsigned int _t1281;
          				intOrPtr _t1285;
          				signed short* _t1287;
          				unsigned int _t1291;
          				intOrPtr _t1295;
          				signed short* _t1297;
          				unsigned int _t1301;
          				unsigned int _t1311;
          				char _t1314;
          				short* _t1366;
          				unsigned int _t1371;
          				signed char* _t1377;
          				unsigned int _t1387;
          				signed short* _t1390;
          				unsigned int _t1400;
          				unsigned int _t1406;
          				signed int _t1409;
          				unsigned int _t1414;
          				signed int _t1418;
          				signed int _t1431;
          				signed int _t1432;
          				signed int _t1433;
          				signed int _t1434;
          				signed int _t1435;
          				signed int _t1436;
          				signed int _t1437;
          				signed int _t1438;
          				signed int _t1442;
          				signed int _t1446;
          				signed char _t1454;
          				signed int _t1456;
          				unsigned int _t1459;
          				void* _t1462;
          				intOrPtr _t1463;
          				unsigned int _t1467;
          				intOrPtr _t1471;
          				intOrPtr _t1472;
          				unsigned int _t1476;
          				intOrPtr _t1480;
          				intOrPtr _t1481;
          				unsigned int _t1485;
          				intOrPtr _t1489;
          				intOrPtr _t1490;
          				unsigned int _t1494;
          				intOrPtr _t1498;
          				intOrPtr _t1499;
          				unsigned int _t1503;
          				intOrPtr _t1507;
          				intOrPtr _t1508;
          				unsigned int _t1512;
          				intOrPtr _t1516;
          				intOrPtr _t1517;
          				signed short* _t1518;
          				unsigned int _t1578;
          				void* _t1581;
          				signed int _t1582;
          				unsigned int _t1586;
          				signed int _t1590;
          				signed int _t1591;
          				unsigned int _t1595;
          				signed int _t1599;
          				signed int _t1600;
          				unsigned int _t1604;
          				signed int _t1608;
          				signed int _t1609;
          				unsigned int _t1613;
          				signed int _t1617;
          				unsigned int _t1620;
          				signed int _t1624;
          				signed int _t1625;
          				unsigned int _t1632;
          				unsigned int _t1639;
          				unsigned int _t1646;
          				unsigned int _t1653;
          				signed int _t1687;
          				unsigned int _t1747;
          				void* _t1749;
          				signed int _t1750;
          				unsigned int _t1754;
          				signed int _t1758;
          				signed int _t1759;
          				signed short* _t1760;
          				unsigned int _t1782;
          				void* _t1784;
          				signed int _t1785;
          				unsigned int _t1789;
          				signed int _t1793;
          				unsigned int _t1796;
          				unsigned int _t1835;
          				unsigned int _t1838;
          				unsigned int _t1841;
          				signed int _t1846;
          				signed int _t1851;
          				signed int _t1853;
          				signed int _t1856;
          				signed int _t1869;
          				signed int _t1872;
          				signed int _t1875;
          				signed int _t1878;
          				signed int _t1879;
          				signed short* _t1880;
          				signed int _t1883;
          				void* _t1884;
          				signed short* _t1885;
          				signed short* _t1886;
          				signed short* _t1887;
          				signed int _t1898;
          				signed int _t1907;
          				signed int _t1910;
          				signed int _t1913;
          				signed int _t1916;
          				signed int _t1927;
          				unsigned int _t1930;
          				signed int _t1933;
          				unsigned int _t1936;
          				signed int _t1943;
          				signed int _t1955;
          				unsigned int _t1958;
          				signed int _t1961;
          				signed int _t1962;
          				signed short* _t1963;
          				signed int _t1964;
          				signed int _t1967;
          				signed int _t1996;
          				unsigned int _t1999;
          				signed int _t2003;
          				signed int _t2015;
          				signed int _t2027;
          				signed int _t2034;
          				signed int _t2042;
          				signed int _t2050;
          				signed int _t2058;
          				signed int _t2066;
          				signed short* _t2073;
          				intOrPtr _t2105;
          				intOrPtr _t2108;
          				intOrPtr _t2111;
          				intOrPtr _t2114;
          				intOrPtr _t2117;
          				intOrPtr _t2120;
          				signed int _t2123;
          				intOrPtr _t2130;
          				intOrPtr _t2133;
          				intOrPtr _t2136;
          				intOrPtr _t2139;
          				intOrPtr _t2142;
          				intOrPtr _t2145;
          				signed int _t2154;
          				unsigned int _t2155;
          				unsigned int _t2156;
          				unsigned int _t2157;
          				unsigned int _t2158;
          				unsigned int _t2159;
          				unsigned int _t2160;
          				unsigned int _t2161;
          				unsigned int _t2162;
          				unsigned int _t2163;
          				unsigned int _t2164;
          				unsigned int _t2165;
          				unsigned int _t2166;
          				unsigned int _t2167;
          				unsigned int _t2168;
          				unsigned int _t2169;
          				unsigned int _t2170;
          				unsigned int _t2171;
          				unsigned int _t2172;
          				unsigned int _t2173;
          				unsigned int _t2174;
          				unsigned int _t2175;
          				unsigned int _t2176;
          				unsigned int _t2177;
          				unsigned int _t2178;
          				unsigned int _t2179;
          				unsigned int _t2180;
          				unsigned int _t2181;
          				unsigned int _t2182;
          				unsigned int _t2183;
          				unsigned int _t2184;
          				unsigned int _t2185;
          				unsigned int _t2186;
          				unsigned int _t2187;
          				unsigned int _t2188;
          				unsigned int _t2189;
          				unsigned int _t2190;
          				unsigned int _t2191;
          				unsigned int _t2192;
          
          				_t1377 = __ecx;
          				_v40 = __ecx[0xc];
          				_v28 = __ecx[0x40];
          				_v56 = __ecx[0x30];
          				_v72 = __ecx[0x34];
          				_v76 = __ecx[0x38];
          				_v80 = __ecx[0x3c];
          				_t1067 = 1;
          				_v88 = __edx;
          				_t2154 =  *__ecx & 0x000000ff;
          				_v100 = _t2154;
          				_v92 = (_t1067 << __ecx[2]) - 1;
          				_t2155 = __ecx[0x20];
          				_v48 = __ecx[0x18];
          				_v60 = _v60 & 0x00000000;
          				_v96 = (0x100 << __ecx[1]) - (0x100 >> _t2154);
          				_v64 = __ecx[0x10];
          				_v68 = __ecx[0x14];
          				_v52 = __ecx[0x28];
          				_v84 = __ecx[0x2c];
          				_v16 = __ecx[0x1c];
          				_v8 = __ecx[0x24];
          				while(1) {
          					_t37 =  &_v28; // 0x405c36
          					_t1081 = (_v52 & _v92) << 4;
          					_v36 = _t1081;
          					_t1082 = _t1081 +  *_t37;
          					_v32 = _t1082;
          					_t1083 = _v40 + _t1082 * 2 - 0x200;
          					_v24 = _t1083;
          					_v12 =  *_t1083 & 0x0000ffff;
          					if(_t2155 < 0x1000000) {
          						_t2155 = _t2155 << 8;
          						_v16 =  &(_v16[1]);
          						_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          					}
          					_t1087 = (_t2155 >> 0xb) * _v12;
          					_v44 = _t1087;
          					if(_v8 >= _t1087) {
          						_v8 = _v8 - _t1087;
          						_t2156 = _t2155 - _t1087;
          						 *_v24 = _v12 - (_v12 >> 5);
          						_t471 =  &_v28; // 0x405c36
          						_t1091 = _v40 + 0x20 +  *_t471 * 2;
          						_v24 = _t1091;
          						_v12 =  *_t1091 & 0x0000ffff;
          						if(_t2156 < 0x1000000) {
          							_t2156 = _t2156 << 8;
          							_v16 =  &(_v16[1]);
          							_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          						}
          						_t1095 = (_t2156 >> 0xb) * _v12;
          						if(_v8 >= _t1095) {
          							_v8 = _v8 - _t1095;
          							_t2157 = _t2156 - _t1095;
          							 *_v24 = _v12 - (_v12 >> 5);
          							_t495 =  &_v28; // 0x405c36
          							_t1099 = _v40 + 0x38 +  *_t495 * 2;
          							_v24 = _t1099;
          							_t1100 =  *_t1099 & 0x0000ffff;
          							_v12 = _t1100;
          							if(_t2157 < 0x1000000) {
          								_t2157 = _t2157 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								_t1100 = _v12;
          							}
          							_t1835 = (_t2157 >> 0xb) * _t1100;
          							_v44 = _t1835;
          							if(_v8 >= _t1835) {
          								_v8 = _v8 - _t1835;
          								_t2158 = _t2157 - _t1835;
          								 *_v24 = _t1100 - (_t1100 >> 5);
          								_t542 =  &_v28; // 0x405c36
          								_t1103 = _v40 + 0x50 +  *_t542 * 2;
          								_v24 = _t1103;
          								_t1387 =  *_t1103 & 0x0000ffff;
          								if(_t2158 < 0x1000000) {
          									_t2158 = _t2158 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          									_t1103 = _v24;
          								}
          								_t1838 = (_t2158 >> 0xb) * _t1387;
          								if(_v8 >= _t1838) {
          									_v8 = _v8 - _t1838;
          									_t2159 = _t2158 - _t1838;
          									 *_v24 = _t1387 - (_t1387 >> 5);
          									_t559 =  &_v28; // 0x405c36
          									_t1390 = _v40 + 0x68 +  *_t559 * 2;
          									_v24 = _t1390;
          									_t1108 =  *_t1390 & 0x0000ffff;
          									if(_t2159 < 0x1000000) {
          										_t2159 = _t2159 << 8;
          										_v16 =  &(_v16[1]);
          										_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          										_t1390 = _v24;
          									}
          									_t1841 = (_t2159 >> 0xb) * _t1108;
          									if(_v8 >= _t1841) {
          										_v8 = _v8 - _t1841;
          										_t2160 = _t2159 - _t1841;
          										 *_v24 = _t1108 - (_t1108 >> 5);
          										_t1110 = _v80;
          										_v80 = _v76;
          									} else {
          										_t2160 = _t1841;
          										_t1110 = _v76;
          										 *_t1390 = (0x800 - _t1108 >> 5) + _t1108;
          									}
          									_v76 = _v72;
          								} else {
          									_t2160 = _t1838;
          									 *_t1103 = (0x800 - _t1387 >> 5) + _t1387;
          									_t1110 = _v72;
          								}
          								_v56 = _t1110;
          								_v72 = _v56;
          								goto L117;
          							} else {
          								_t2177 = _t1835;
          								 *_v24 = (0x800 - _t1100 >> 5) + _t1100;
          								_t1210 = _v40 + _v32 * 2 - 0xc00;
          								_t1996 = _t2177;
          								_v24 = _t1210;
          								_t1211 =  *_t1210 & 0x0000ffff;
          								_v12 = _t1211;
          								if(_t1996 < 0x1000000) {
          									_t2177 = _t1996 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          									_t1211 = _v12;
          								}
          								_t1999 = (_t2177 >> 0xb) * _t1211;
          								if(_v8 >= _t1999) {
          									_v8 = _v8 - _t1999;
          									_t2160 = _t2177 - _t1999;
          									_t1110 = _t1211 - (_t1211 >> 5);
          									 *_v24 = _t1110;
          									L117:
          									asm("sbb eax, eax");
          									_v28 = (_t1110 & 0x000000fd) + 0xb;
          									_t1114 = _v40 + 0xfffff600;
          									goto L118;
          								} else {
          									_t2162 = _t1999;
          									_t2003 = (0x800 - _t1211 >> 5) + _t1211;
          									 *_v24 = _t2003;
          									_t1213 = _v64;
          									asm("sbb edx, edx");
          									 *((char*)(_t1418 + _t1213)) =  *((intOrPtr*)((_t2003 & _v68) - _v56 + _t1418 + _t1213));
          									_t1418 = _t1418 + 1;
          									_v52 = _v52 + 1;
          									_v48 = _t1418;
          									asm("sbb eax, eax");
          									_v28 = (_t1213 & 0x000000fe) + 0xb;
          									goto L247;
          								}
          							}
          						} else {
          							_t2160 = _t1095;
          							_v28 = _v28 + 0xc;
          							 *_v24 = (0x800 - _v12 >> 5) + _v12;
          							_t1114 = _v40 + 0xfffffa00;
          							L118:
          							_v12 =  *_t1114 & 0x0000ffff;
          							if(_t2160 < 0x1000000) {
          								_t2160 = _t2160 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1400 = (_t2160 >> 0xb) * _v12;
          							_v44 = _t1400;
          							if(_v8 >= _t1400) {
          								_v8 = _v8 - _t1400;
          								_t2161 = _t2160 - _t1400;
          								 *_t1114 = _v12 - (_v12 >> 5);
          								_v12 = _t1114[8] & 0x0000ffff;
          								if(_t2161 < 0x1000000) {
          									_t2161 = _t2161 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								}
          								_t1406 = (_t2161 >> 0xb) * _v12;
          								_v44 = _t1406;
          								if(_v8 >= _t1406) {
          									_v8 = _v8 - _t1406;
          									_t2162 = _t2161 - _t1406;
          									_t1846 = 1;
          									_t1114[8] = _v12 - (_v12 >> 5);
          									do {
          										_t1409 = _t1846 + _t1846;
          										_v32 = _t1409;
          										_v12 =  *(_t1409 +  &(_t1114[0x100])) & 0x0000ffff;
          										if(_t2162 < 0x1000000) {
          											_t2162 = _t2162 << 8;
          											_v16 =  &(_v16[1]);
          											_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          										}
          										_t1414 = (_t2162 >> 0xb) * _v12;
          										if(_v8 >= _t1414) {
          											_v8 = _v8 - _t1414;
          											_t2162 = _t2162 - _t1414;
          											 *((short*)( &(_t1114[0x100]) + _v32)) = _v12 - (_v12 >> 5);
          											_t1846 = _v32 + 1;
          										} else {
          											_t2162 = _t1414;
          											 *((short*)( &(_t1114[0x100]) + _v32)) = (0x800 - _v12 >> 5) + _v12;
          											_t1846 = _v32;
          										}
          									} while (_t1846 < 0x100);
          									_t1851 = _t1846 - 0xf0;
          								} else {
          									_t2171 = _t1406;
          									_t1927 = _t2171;
          									_t1114[8] = (0x800 - _v12 >> 5) + _v12;
          									_t1187 = _t1114 + 0x10 + _v36 * 2;
          									_v60 = _t1187;
          									_t1747 =  *(_t1187 + 2) & 0x0000ffff;
          									if(_t1927 < 0x1000000) {
          										_t2171 = _t1927 << 8;
          										_v16 =  &(_v16[1]);
          										_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          										_t1187 = _v60;
          									}
          									_t1930 = (_t2171 >> 0xb) * _t1747;
          									if(_v8 >= _t1930) {
          										_v8 = _v8 - _t1930;
          										_t2172 = _t2171 - _t1930;
          										_t1187 = _v60;
          										_push(3);
          										 *(_t1187 + 2) = _t1747 - (_t1747 >> 5);
          									} else {
          										_t2172 = _t1930;
          										_push(2);
          										 *(_t1187 + 2) = (0x800 - _t1747 >> 5) + _t1747;
          									}
          									_pop(_t1749);
          									_t1750 = _t1749 + _t1749;
          									_v32 = _t1750;
          									_v12 =  *(_t1750 + _t1187) & 0x0000ffff;
          									if(_t2172 < 0x1000000) {
          										_t2172 = _t2172 << 8;
          										_v16 =  &(_v16[1]);
          										_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          									}
          									_t1754 = (_t2172 >> 0xb) * _v12;
          									if(_v8 >= _t1754) {
          										_v8 = _v8 - _t1754;
          										_t2173 = _t2172 - _t1754;
          										_t1933 = _v32;
          										 *((short*)(_t1933 + _t1187)) = _v12 - (_v12 >> 5);
          										_t1758 = _t1933 + 1;
          									} else {
          										_t2173 = _t1754;
          										_t1943 = _v32;
          										 *((short*)(_t1943 + _t1187)) = (0x800 - _v12 >> 5) + _v12;
          										_t1758 = _t1943;
          									}
          									_t1759 = _t1758 + _t1758;
          									_v32 = _t1759;
          									_t1760 = _t1759 + _t1187;
          									_v60 = _t1760;
          									_t1190 =  *_t1760 & 0x0000ffff;
          									if(_t2173 < 0x1000000) {
          										_t2173 = _t2173 << 8;
          										_v16 =  &(_v16[1]);
          										_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          										_t1760 = _v60;
          									}
          									_t1936 = (_t2173 >> 0xb) * _t1190;
          									if(_v8 >= _t1936) {
          										_v8 = _v8 - _t1936;
          										_t2162 = _t2173 - _t1936;
          										 *_v60 = _t1190 - (_t1190 >> 5);
          										_t1851 = _v32 + 1;
          									} else {
          										_t2162 = _t1936;
          										 *_t1760 = (0x800 - _t1190 >> 5) + _t1190;
          										_t1851 = _v32;
          									}
          								}
          								goto L163;
          							} else {
          								_t2174 = _t1400;
          								_t1955 = _t2174;
          								 *_t1114 = (0x800 - _v12 >> 5) + _v12;
          								_t1196 =  &(_t1114[_v36]);
          								_v60 = _t1196;
          								_t1782 = _t1196[1] & 0x0000ffff;
          								if(_t1955 < 0x1000000) {
          									_t2174 = _t1955 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          									_t1196 = _v60;
          								}
          								_t1958 = (_t2174 >> 0xb) * _t1782;
          								if(_v8 >= _t1958) {
          									_v8 = _v8 - _t1958;
          									_t2175 = _t2174 - _t1958;
          									_t1196 = _v60;
          									_push(3);
          									_t1196[1] = _t1782 - (_t1782 >> 5);
          								} else {
          									_t2175 = _t1958;
          									_push(2);
          									_t1196[1] = (0x800 - _t1782 >> 5) + _t1782;
          								}
          								_pop(_t1784);
          								_t1785 = _t1784 + _t1784;
          								_v32 = _t1785;
          								_v12 =  *(_t1785 + _t1196) & 0x0000ffff;
          								if(_t2175 < 0x1000000) {
          									_t2175 = _t2175 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								}
          								_t1789 = (_t2175 >> 0xb) * _v12;
          								if(_v8 >= _t1789) {
          									_v8 = _v8 - _t1789;
          									_t2176 = _t2175 - _t1789;
          									_t1961 = _v32;
          									 *((short*)(_t1961 + _t1196)) = _v12 - (_v12 >> 5);
          									_t1793 = _t1961 + 1;
          								} else {
          									_t2176 = _t1789;
          									_t1967 = _v32;
          									 *((short*)(_t1967 + _t1196)) = (0x800 - _v12 >> 5) + _v12;
          									_t1793 = _t1967;
          								}
          								_t1962 = _t1793 + _t1793;
          								_v32 = _t1962;
          								_t1963 = _t1962 + _t1196;
          								_v60 = _t1963;
          								_t1199 =  *_t1963 & 0x0000ffff;
          								if(_t2176 < 0x1000000) {
          									_t1963 = _v60;
          									_t2176 = _t2176 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								}
          								_t1796 = (_t2176 >> 0xb) * _t1199;
          								if(_v8 >= _t1796) {
          									_v8 = _v8 - _t1796;
          									_t2162 = _t2176 - _t1796;
          									 *_v60 = _t1199 - (_t1199 >> 5);
          									_t1964 = _v32 + 1;
          								} else {
          									_t2162 = _t1796;
          									 *_t1963 = (0x800 - _t1199 >> 5) + _t1199;
          									_t1964 = _v32;
          								}
          								_t1851 = _t1964 - 8;
          								L163:
          								_v60 = _t1851;
          								if(_v28 < 0xc) {
          									L236:
          									_t1418 = _v48;
          									_t1853 = _t1851 + 2;
          									_t1116 = _v88 - _t1418;
          									_v60 = _t1853;
          									if(_t1116 == 0) {
          										 *(_t1377 + 0x18) = _t1418;
          										L255:
          										_t1117 = 1;
          										return _t1117;
          									}
          									if(_t1116 < _t1853) {
          										_t1853 = _t1116;
          									}
          									_v44 = _t1853;
          									asm("sbb eax, eax");
          									_v52 = _v52 + _t1853;
          									_v60 = _v60 - _t1853;
          									_v48 = (_t1116 & _v68) - _v56 + _t1418;
          									if(_t1853 > _v68 - _v48) {
          										do {
          											 *((char*)(_t1418 + _v64)) =  *((intOrPtr*)(_v48 + _v64));
          											_t1418 = _t1418 + 1;
          											_v48 = _v48 + 1;
          											if(_v48 == _v68) {
          												_v48 = _v48 & 0x00000000;
          											}
          											_t1026 =  &_v44;
          											 *_t1026 = _v44 - 1;
          										} while ( *_t1026 != 0);
          										L246:
          										_v48 = _t1418;
          										goto L247;
          									} else {
          										_t1137 = _v64 + _t1418;
          										_v36 = _v48 - _t1418;
          										_t1418 = _t1418 + _v44;
          										_v32 = _v44 + _t1137;
          										_v48 = _t1418;
          										do {
          											 *_t1137 =  *((intOrPtr*)(_v36 + _t1137));
          											_t1137 = _t1137 + 1;
          										} while (_t1137 != _v32);
          										L247:
          										if(_t1418 >= _v88 || _v16 >= _a4) {
          											L251:
          											if(_t2162 >= 0x1000000) {
          												_t1125 = _v16;
          												_t1856 = _v8;
          											} else {
          												_t1134 = _v16;
          												_t2162 = _t2162 << 8;
          												_t1856 = _v8 << 0x00000008 |  *_t1134 & 0x000000ff;
          												_t1125 =  &(_t1134[1]);
          											}
          											 *(_t1377 + 0x1c) = _t1125;
          											 *((intOrPtr*)(_t1377 + 0x44)) = _v60;
          											 *((intOrPtr*)(_t1377 + 0x28)) = _v52;
          											 *(_t1377 + 0x30) = _v56;
          											 *(_t1377 + 0x34) = _v72;
          											 *(_t1377 + 0x38) = _v76;
          											 *(_t1377 + 0x3c) = _v80;
          											 *(_t1377 + 0x40) = _v28;
          											 *(_t1377 + 0x20) = _t2162;
          											 *(_t1377 + 0x24) = _t1856;
          											 *(_t1377 + 0x18) = _t1418;
          											return 0;
          										} else {
          											continue;
          										}
          									}
          								}
          								if(_t1851 >= 4) {
          									_t1138 = 3;
          								} else {
          									_t1138 = _t1851;
          								}
          								_t1141 = (_t1138 + 1 << 7) + _v40;
          								_v12 =  *(_t1141 + 2) & 0x0000ffff;
          								if(_t2162 < 0x1000000) {
          									_t2162 = _t2162 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								}
          								_t1578 = (_t2162 >> 0xb) * _v12;
          								if(_v8 >= _t1578) {
          									_v8 = _v8 - _t1578;
          									_t2163 = _t2162 - _t1578;
          									_push(3);
          									 *(_t1141 + 2) = _v12 - (_v12 >> 5);
          								} else {
          									_t2163 = _t1578;
          									_push(2);
          									 *(_t1141 + 2) = (0x800 - _v12 >> 5) + _v12;
          								}
          								_pop(_t1581);
          								_t1582 = _t1581 + _t1581;
          								_v24 = _t1582;
          								_v12 =  *(_t1582 + _t1141) & 0x0000ffff;
          								if(_t2163 < 0x1000000) {
          									_t2163 = _t2163 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								}
          								_t1586 = (_t2163 >> 0xb) * _v12;
          								if(_v8 >= _t1586) {
          									_v8 = _v8 - _t1586;
          									_t2164 = _t2163 - _t1586;
          									_t1869 = _v24;
          									 *((short*)(_t1869 + _t1141)) = _v12 - (_v12 >> 5);
          									_t1590 = _t1869 + 1;
          								} else {
          									_t2164 = _t1586;
          									_t1916 = _v24;
          									 *((short*)(_t1916 + _t1141)) = (0x800 - _v12 >> 5) + _v12;
          									_t1590 = _t1916;
          								}
          								_t1591 = _t1590 + _t1590;
          								_v24 = _t1591;
          								_v12 =  *(_t1591 + _t1141) & 0x0000ffff;
          								if(_t2164 < 0x1000000) {
          									_t2164 = _t2164 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								}
          								_t1595 = (_t2164 >> 0xb) * _v12;
          								if(_v8 >= _t1595) {
          									_v8 = _v8 - _t1595;
          									_t2165 = _t2164 - _t1595;
          									_t1872 = _v24;
          									 *((short*)(_t1872 + _t1141)) = _v12 - (_v12 >> 5);
          									_t1599 = _t1872 + 1;
          								} else {
          									_t2165 = _t1595;
          									_t1913 = _v24;
          									 *((short*)(_t1913 + _t1141)) = (0x800 - _v12 >> 5) + _v12;
          									_t1599 = _t1913;
          								}
          								_t1600 = _t1599 + _t1599;
          								_v24 = _t1600;
          								_v12 =  *(_t1600 + _t1141) & 0x0000ffff;
          								if(_t2165 < 0x1000000) {
          									_t2165 = _t2165 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								}
          								_t1604 = (_t2165 >> 0xb) * _v12;
          								if(_v8 >= _t1604) {
          									_v8 = _v8 - _t1604;
          									_t2166 = _t2165 - _t1604;
          									_t1875 = _v24;
          									 *((short*)(_t1875 + _t1141)) = _v12 - (_v12 >> 5);
          									_t1608 = _t1875 + 1;
          								} else {
          									_t2166 = _t1604;
          									_t1910 = _v24;
          									 *((short*)(_t1910 + _t1141)) = (0x800 - _v12 >> 5) + _v12;
          									_t1608 = _t1910;
          								}
          								_t1609 = _t1608 + _t1608;
          								_v24 = _t1609;
          								_v12 =  *(_t1609 + _t1141) & 0x0000ffff;
          								if(_t2166 < 0x1000000) {
          									_t2166 = _t2166 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								}
          								_t1613 = (_t2166 >> 0xb) * _v12;
          								if(_v8 >= _t1613) {
          									_v8 = _v8 - _t1613;
          									_t2167 = _t2166 - _t1613;
          									_t1878 = _v24;
          									 *((short*)(_t1878 + _t1141)) = _v12 - (_v12 >> 5);
          									_t1617 = _t1878 + 1;
          								} else {
          									_t2167 = _t1613;
          									_t1907 = _v24;
          									 *((short*)(_t1907 + _t1141)) = (0x800 - _v12 >> 5) + _v12;
          									_t1617 = _t1907;
          								}
          								_t1879 = _t1617 + _t1617;
          								_v24 = _t1879;
          								_t1880 = _t1879 + _t1141;
          								_v32 = _t1880;
          								_t1142 =  *_t1880 & 0x0000ffff;
          								if(_t2167 < 0x1000000) {
          									_t1880 = _v32;
          									_t2167 = _t2167 << 8;
          									_v16 =  &(_v16[1]);
          									_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								}
          								_t1620 = (_t2167 >> 0xb) * _t1142;
          								if(_v8 >= _t1620) {
          									_v8 = _v8 - _t1620;
          									_t2162 = _t2167 - _t1620;
          									 *_v32 = _t1142 - (_t1142 >> 5);
          									_t1624 = _v24 + 1;
          								} else {
          									_t2162 = _t1620;
          									 *_t1880 = (0x800 - _t1142 >> 5) + _t1142;
          									_t1624 = _v24;
          								}
          								_t1625 = _t1624 - 0x40;
          								if(_t1625 < 4) {
          									L232:
          									_v80 = _v76;
          									_v76 = _v72;
          									_v72 = _v56;
          									_t986 = _t1625 + 1; // 0x9
          									_t1148 = _t986;
          									_v56 = _t1148;
          									asm("sbb eax, eax");
          									_v28 = (_t1148 & 0x000000fd) + 0xa;
          									_t1151 = _v84;
          									if(_t1151 == 0) {
          										_t1151 = _v52;
          									}
          									if(_t1625 >= _t1151) {
          										 *(_t1377 + 0x18) = _v48;
          										goto L255;
          									} else {
          										_t1851 = _v60;
          										goto L236;
          									}
          								} else {
          									_t1883 = (_t1625 >> 1) - 1;
          									_t1155 = _t1625 & 0x00000001 | 0x00000002;
          									_v24 = _t1883;
          									_v36 = _t1155;
          									if(_t1625 >= 0xe) {
          										_t1884 = _t1883 - 4;
          										do {
          											if(_t2162 < 0x1000000) {
          												_t2162 = _t2162 << 8;
          												_v16 =  &(_v16[1]);
          												_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          											}
          											_t2162 = _t2162 >> 1;
          											_v8 = _v8 - _t2162;
          											_t1158 =  ~(_v8 >> 0x1f);
          											_v8 = _v8 + (_t1158 & _t2162);
          											_t1884 = _t1884 - 1;
          											_v36 = _t1158 + 1 + _v36 * 2;
          										} while (_t1884 != 0);
          										_v36 = _v36 << 4;
          										_t1164 =  *(_v40 + 2) & 0x0000ffff;
          										if(_t2162 < 0x1000000) {
          											_t2162 = _t2162 << 8;
          											_v16 =  &(_v16[1]);
          											_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          										}
          										_t1632 = (_t2162 >> 0xb) * _t1164;
          										if(_v8 >= _t1632) {
          											_v8 = _v8 - _t1632;
          											_t2168 = _t2162 - _t1632;
          											_v44 = 3;
          											 *(_v40 + 2) = _t1164 - (_t1164 >> 5);
          										} else {
          											_t2168 = _t1632;
          											_v44 = 2;
          											 *(_v40 + 2) = (0x800 - _t1164 >> 5) + _t1164;
          										}
          										_t1885 = _v40 + _v44 * 2;
          										_v32 = _t1885;
          										_t1167 =  *_t1885 & 0x0000ffff;
          										if(_t2168 < 0x1000000) {
          											_t1885 = _v32;
          											_t2168 = _t2168 << 8;
          											_v16 =  &(_v16[1]);
          											_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          										}
          										_t1639 = (_t2168 >> 0xb) * _t1167;
          										if(_v8 >= _t1639) {
          											_v8 = _v8 - _t1639;
          											_t2169 = _t2168 - _t1639;
          											_v44 = _v44 + 4;
          											 *_v32 = _t1167 - (_t1167 >> 5);
          										} else {
          											_t2169 = _t1639;
          											_v44 = _v44 + 2;
          											 *_t1885 = (0x800 - _t1167 >> 5) + _t1167;
          										}
          										_t1886 = _v40 + _v44 * 2;
          										_v32 = _t1886;
          										_t1170 =  *_t1886 & 0x0000ffff;
          										if(_t2169 < 0x1000000) {
          											_t1886 = _v32;
          											_t2169 = _t2169 << 8;
          											_v16 =  &(_v16[1]);
          											_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          										}
          										_t1646 = (_t2169 >> 0xb) * _t1170;
          										if(_v8 >= _t1646) {
          											_v8 = _v8 - _t1646;
          											_t2170 = _t2169 - _t1646;
          											_v44 = _v44 + 8;
          											 *_v32 = _t1170 - (_t1170 >> 5);
          										} else {
          											_t2170 = _t1646;
          											_v44 = _v44 + 4;
          											 *_t1886 = (0x800 - _t1170 >> 5) + _t1170;
          										}
          										_t1887 = _v40 + _v44 * 2;
          										_v32 = _t1887;
          										_t1173 =  *_t1887 & 0x0000ffff;
          										if(_t2170 < 0x1000000) {
          											_t1887 = _v32;
          											_t2170 = _t2170 << 8;
          											_v16 =  &(_v16[1]);
          											_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          										}
          										_t1653 = (_t2170 >> 0xb) * _t1173;
          										if(_v8 >= _t1653) {
          											_v8 = _v8 - _t1653;
          											_t2162 = _t2170 - _t1653;
          											 *_v32 = _t1173 - (_t1173 >> 5);
          										} else {
          											_t2162 = _t1653;
          											_v44 = _v44 - 8;
          											 *_t1887 = (0x800 - _t1173 >> 5) + _t1173;
          										}
          										_t1625 = _v36 | _v44;
          										if(_t1625 == 0xffffffff) {
          											_v28 = _v28 - 0xc;
          											_t1418 = _v48;
          											_v60 = 0x112;
          											goto L251;
          										} else {
          											goto L232;
          										}
          									}
          									_v44 = 1;
          									_t1687 = (_t1155 << _t1883) + 1;
          									_v36 = _t1687;
          									do {
          										_t1179 = _v40 + _t1687 * 2 - 0xd00;
          										_v32 = _t1179;
          										_t1180 =  *_t1179 & 0x0000ffff;
          										if(_t2162 < 0x1000000) {
          											_t2162 = _t2162 << 8;
          											_v16 =  &(_v16[1]);
          											_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          											_t1687 = _v36;
          										}
          										_t1898 = (_t2162 >> 0xb) * _t1180;
          										if(_v8 >= _t1898) {
          											_v8 = _v8 - _t1898;
          											_t2162 = _t2162 - _t1898;
          											 *_v32 = _t1180 - (_t1180 >> 5);
          											_t1183 = _v44 + _v44;
          											_t1687 = _v36 + _t1183;
          											_v44 = _t1183;
          											_v36 = _t1687;
          										} else {
          											_t2162 = _t1898;
          											 *_v32 = (0x800 - _t1180 >> 5) + _t1180;
          											_t1185 = _v44;
          											_t1687 = _t1687 + _t1185;
          											_v36 = _t1687;
          											_v44 = _t1185 + _t1185;
          										}
          										_t886 =  &_v24;
          										 *_t886 = _v24 - 1;
          									} while ( *_t886 != 0);
          									_t1625 = _t1687 - _v44;
          									goto L232;
          								}
          							}
          						}
          					}
          					_t2178 = _t1087;
          					_t2015 = _v24;
          					 *_t2015 = (0x800 - _v12 >> 5) + _v12;
          					_t1235 = _v40 + 0x280;
          					_v24 = _t1235;
          					if(_v52 != 0 || _v84 != 0) {
          						if(_t1418 == 0) {
          							_t1418 = _v68;
          						}
          						_t2015 = (( *(_t1418 + _v64 - 1) & 0x000000ff) + (_v52 << 0x00000008) & _v96) << _v100;
          						_t1418 = _t2015 + _t2015 * 2;
          						_t1235 = _t1235 + _t1418 * 2;
          						_v24 = _t1235;
          						goto L9;
          					} else {
          						L9:
          						_v52 = _v52 + 1;
          						if(_v28 >= 7) {
          							asm("sbb ecx, ecx");
          							_v28 = _v28 - (_t1418 & 0xfffffffd) + 6;
          							asm("sbb edx, edx");
          							_t1431 = ( *((_t2015 & _v68) - _v56 + _v48 + _v64) & 0x000000ff) << 1;
          							_v36 = _t1431;
          							_t1432 = _t1431 & 0x00000100;
          							_v12 =  *(_t1235 + 0x202 + _t1432 * 2) & 0x0000ffff;
          							_t1238 = _v44;
          							if(_t1238 < 0x1000000) {
          								_t2178 = _t1238 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1241 = (_t2178 >> 0xb) * _v12;
          							if(_v8 >= _t1241) {
          								_v8 = _v8 - _t1241;
          								_t2179 = _t2178 - _t1241;
          								_v20 = 3;
          								 *((short*)(_v24 + 0x202 + _t1432 * 2)) = _v12 - (_v12 >> 5);
          							} else {
          								_t2179 = _t1241;
          								_v20 = 2;
          								_t1366 = _v24 + 0x202 + _t1432 * 2;
          								_t1432 = _t1432 ^ 0x00000100;
          								 *_t1366 = (0x800 - _v12 >> 5) + _v12;
          							}
          							_t2027 = _t1432;
          							_t1245 = _v36 + _v36;
          							_v44 = _t2027;
          							_t1433 = _t1432 & _t1245;
          							_v36 = _t1245;
          							_t1247 = _v24 + (_t2027 + _t1433 + _v20) * 2;
          							_v32 = _t1247;
          							_v12 =  *_t1247 & 0x0000ffff;
          							if(_t2179 < 0x1000000) {
          								_t2179 = _t2179 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1251 = (_t2179 >> 0xb) * _v12;
          							if(_v8 >= _t1251) {
          								_v8 = _v8 - _t1251;
          								_t2180 = _t2179 - _t1251;
          								 *_v32 = _v12 - (_v12 >> 5);
          								_t1255 = _v20 + _v20 + 1;
          								_v20 = _t1255;
          							} else {
          								_t2180 = _t1251;
          								 *_v32 = (0x800 - _v12 >> 5) + _v12;
          								_t1255 = _v20 + _v20;
          								_t1433 = _t1433 ^ _v44;
          								_v20 = _t1255;
          							}
          							_v44 = _t1433;
          							_t2034 = _v36 + _v36;
          							_v36 = _t2034;
          							_t1434 = _t1433 & _t2034;
          							_t1257 = _v24 + (_v44 + _t1434 + _t1255) * 2;
          							_v32 = _t1257;
          							_v12 =  *_t1257 & 0x0000ffff;
          							if(_t2180 < 0x1000000) {
          								_t2180 = _t2180 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1261 = (_t2180 >> 0xb) * _v12;
          							if(_v8 >= _t1261) {
          								_v8 = _v8 - _t1261;
          								_t2181 = _t2180 - _t1261;
          								 *_v32 = _v12 - (_v12 >> 5);
          								_t1265 = _v20 + _v20 + 1;
          								_v20 = _t1265;
          							} else {
          								_t2181 = _t1261;
          								 *_v32 = (0x800 - _v12 >> 5) + _v12;
          								_t1265 = _v20 + _v20;
          								_t1434 = _t1434 ^ _v44;
          								_v20 = _t1265;
          							}
          							_v44 = _t1434;
          							_t2042 = _v36 + _v36;
          							_v36 = _t2042;
          							_t1435 = _t1434 & _t2042;
          							_t1267 = _v24 + (_v44 + _t1435 + _t1265) * 2;
          							_v32 = _t1267;
          							_v12 =  *_t1267 & 0x0000ffff;
          							if(_t2181 < 0x1000000) {
          								_t2181 = _t2181 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1271 = (_t2181 >> 0xb) * _v12;
          							if(_v8 >= _t1271) {
          								_v8 = _v8 - _t1271;
          								_t2182 = _t2181 - _t1271;
          								 *_v32 = _v12 - (_v12 >> 5);
          								_t1275 = _v20 + _v20 + 1;
          								_v20 = _t1275;
          							} else {
          								_t2182 = _t1271;
          								 *_v32 = (0x800 - _v12 >> 5) + _v12;
          								_t1275 = _v20 + _v20;
          								_t1435 = _t1435 ^ _v44;
          								_v20 = _t1275;
          							}
          							_v44 = _t1435;
          							_t2050 = _v36 + _v36;
          							_v36 = _t2050;
          							_t1436 = _t1435 & _t2050;
          							_t1277 = _v24 + (_v44 + _t1436 + _t1275) * 2;
          							_v32 = _t1277;
          							_v12 =  *_t1277 & 0x0000ffff;
          							if(_t2182 < 0x1000000) {
          								_t2182 = _t2182 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1281 = (_t2182 >> 0xb) * _v12;
          							if(_v8 >= _t1281) {
          								_v8 = _v8 - _t1281;
          								_t2183 = _t2182 - _t1281;
          								 *_v32 = _v12 - (_v12 >> 5);
          								_t1285 = _v20 + _v20 + 1;
          								_v20 = _t1285;
          							} else {
          								_t2183 = _t1281;
          								 *_v32 = (0x800 - _v12 >> 5) + _v12;
          								_t1285 = _v20 + _v20;
          								_t1436 = _t1436 ^ _v44;
          								_v20 = _t1285;
          							}
          							_v44 = _t1436;
          							_t2058 = _v36 + _v36;
          							_v36 = _t2058;
          							_t1437 = _t1436 & _t2058;
          							_t1287 = _v24 + (_v44 + _t1437 + _t1285) * 2;
          							_v32 = _t1287;
          							_v12 =  *_t1287 & 0x0000ffff;
          							if(_t2183 < 0x1000000) {
          								_t2183 = _t2183 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1291 = (_t2183 >> 0xb) * _v12;
          							if(_v8 >= _t1291) {
          								_v8 = _v8 - _t1291;
          								_t2184 = _t2183 - _t1291;
          								 *_v32 = _v12 - (_v12 >> 5);
          								_t1295 = _v20 + _v20 + 1;
          								_v20 = _t1295;
          							} else {
          								_t2184 = _t1291;
          								 *_v32 = (0x800 - _v12 >> 5) + _v12;
          								_t1295 = _v20 + _v20;
          								_t1437 = _t1437 ^ _v44;
          								_v20 = _t1295;
          							}
          							_v44 = _t1437;
          							_t2066 = _v36 + _v36;
          							_v36 = _t2066;
          							_t1438 = _t1437 & _t2066;
          							_t1297 = _v24 + (_v44 + _t1438 + _t1295) * 2;
          							_v32 = _t1297;
          							_v12 =  *_t1297 & 0x0000ffff;
          							if(_t2184 < 0x1000000) {
          								_t2184 = _t2184 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1301 = (_t2184 >> 0xb) * _v12;
          							if(_v8 >= _t1301) {
          								_v8 = _v8 - _t1301;
          								_t2185 = _t2184 - _t1301;
          								 *_v32 = _v12 - (_v12 >> 5);
          								_v20 = _v20 + _v20 + 1;
          							} else {
          								_t2185 = _t1301;
          								 *_v32 = (0x800 - _v12 >> 5) + _v12;
          								_t1438 = _t1438 ^ _v44;
          								_v20 = _v20 + _v20;
          							}
          							_t2073 = _v24 + ((_v36 + _v36 & _t1438) + _t1438 + _v20) * 2;
          							_v32 = _t2073;
          							_t1311 =  *_t2073 & 0x0000ffff;
          							if(_t2185 < 0x1000000) {
          								_t2073 = _v32;
          								_t2185 = _t2185 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1442 = (_t2185 >> 0xb) * _t1311;
          							if(_v8 >= _t1442) {
          								_v8 = _v8 - _t1442;
          								_t2162 = _t2185 - _t1442;
          								 *_v32 = _t1311 - (_t1311 >> 5);
          								_t1314 = _v20 + _v20 + 1;
          							} else {
          								_t2162 = _t1442;
          								 *_t2073 = (0x800 - _t1311 >> 5) + _t1311;
          								_t1314 = _v20 + _v20;
          							}
          						} else {
          							if(_v28 >= 4) {
          								_t1454 = 3;
          							} else {
          								_t1454 = _v28;
          							}
          							_v28 = _v28 - _t1454;
          							_v12 =  *(_t1235 + 2) & 0x0000ffff;
          							_t1456 = _v44;
          							if(_t1456 < 0x1000000) {
          								_t2178 = _t1456 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1459 = (_t2178 >> 0xb) * _v12;
          							if(_v8 >= _t1459) {
          								_v8 = _v8 - _t1459;
          								_t2186 = _t2178 - _t1459;
          								_push(3);
          								 *(_t1235 + 2) = _v12 - (_v12 >> 5);
          							} else {
          								_t2186 = _t1459;
          								_push(2);
          								 *(_t1235 + 2) = (0x800 - _v12 >> 5) + _v12;
          							}
          							_pop(_t1462);
          							_t1463 = _t1462 + _t1462;
          							_v20 = _t1463;
          							_v12 =  *(_t1463 + _t1235) & 0x0000ffff;
          							if(_t2186 < 0x1000000) {
          								_t2186 = _t2186 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1467 = (_t2186 >> 0xb) * _v12;
          							if(_v8 >= _t1467) {
          								_v8 = _v8 - _t1467;
          								_t2187 = _t2186 - _t1467;
          								_t2105 = _v20;
          								 *((short*)(_t2105 + _t1235)) = _v12 - (_v12 >> 5);
          								_t1471 = _t2105 + 1;
          							} else {
          								_t2187 = _t1467;
          								_t2145 = _v20;
          								 *((short*)(_t2145 + _t1235)) = (0x800 - _v12 >> 5) + _v12;
          								_t1471 = _t2145;
          							}
          							_t1472 = _t1471 + _t1471;
          							_v20 = _t1472;
          							_v12 =  *(_t1472 + _t1235) & 0x0000ffff;
          							if(_t2187 < 0x1000000) {
          								_t2187 = _t2187 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1476 = (_t2187 >> 0xb) * _v12;
          							if(_v8 >= _t1476) {
          								_v8 = _v8 - _t1476;
          								_t2188 = _t2187 - _t1476;
          								_t2108 = _v20;
          								 *((short*)(_t2108 + _t1235)) = _v12 - (_v12 >> 5);
          								_t1480 = _t2108 + 1;
          							} else {
          								_t2188 = _t1476;
          								_t2142 = _v20;
          								 *((short*)(_t2142 + _t1235)) = (0x800 - _v12 >> 5) + _v12;
          								_t1480 = _t2142;
          							}
          							_t1481 = _t1480 + _t1480;
          							_v20 = _t1481;
          							_v12 =  *(_t1481 + _t1235) & 0x0000ffff;
          							if(_t2188 < 0x1000000) {
          								_t2188 = _t2188 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1485 = (_t2188 >> 0xb) * _v12;
          							if(_v8 >= _t1485) {
          								_v8 = _v8 - _t1485;
          								_t2189 = _t2188 - _t1485;
          								_t2111 = _v20;
          								 *((short*)(_t2111 + _t1235)) = _v12 - (_v12 >> 5);
          								_t1489 = _t2111 + 1;
          							} else {
          								_t2189 = _t1485;
          								_t2139 = _v20;
          								 *((short*)(_t2139 + _t1235)) = (0x800 - _v12 >> 5) + _v12;
          								_t1489 = _t2139;
          							}
          							_t1490 = _t1489 + _t1489;
          							_v20 = _t1490;
          							_v12 =  *(_t1490 + _t1235) & 0x0000ffff;
          							if(_t2189 < 0x1000000) {
          								_t2189 = _t2189 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1494 = (_t2189 >> 0xb) * _v12;
          							if(_v8 >= _t1494) {
          								_v8 = _v8 - _t1494;
          								_t2190 = _t2189 - _t1494;
          								_t2114 = _v20;
          								 *((short*)(_t2114 + _t1235)) = _v12 - (_v12 >> 5);
          								_t1498 = _t2114 + 1;
          							} else {
          								_t2190 = _t1494;
          								_t2136 = _v20;
          								 *((short*)(_t2136 + _t1235)) = (0x800 - _v12 >> 5) + _v12;
          								_t1498 = _t2136;
          							}
          							_t1499 = _t1498 + _t1498;
          							_v20 = _t1499;
          							_v12 =  *(_t1499 + _t1235) & 0x0000ffff;
          							if(_t2190 < 0x1000000) {
          								_t2190 = _t2190 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1503 = (_t2190 >> 0xb) * _v12;
          							if(_v8 >= _t1503) {
          								_v8 = _v8 - _t1503;
          								_t2191 = _t2190 - _t1503;
          								_t2117 = _v20;
          								 *((short*)(_t2117 + _t1235)) = _v12 - (_v12 >> 5);
          								_t1507 = _t2117 + 1;
          							} else {
          								_t2191 = _t1503;
          								_t2133 = _v20;
          								 *((short*)(_t2133 + _t1235)) = (0x800 - _v12 >> 5) + _v12;
          								_t1507 = _t2133;
          							}
          							_t1508 = _t1507 + _t1507;
          							_v20 = _t1508;
          							_v12 =  *(_t1508 + _t1235) & 0x0000ffff;
          							if(_t2191 < 0x1000000) {
          								_t2191 = _t2191 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          							}
          							_t1512 = (_t2191 >> 0xb) * _v12;
          							if(_v8 >= _t1512) {
          								_v8 = _v8 - _t1512;
          								_t2192 = _t2191 - _t1512;
          								_t2120 = _v20;
          								 *((short*)(_t2120 + _t1235)) = _v12 - (_v12 >> 5);
          								_t1516 = _t2120 + 1;
          							} else {
          								_t2192 = _t1512;
          								_t2130 = _v20;
          								 *((short*)(_t2130 + _t1235)) = (0x800 - _v12 >> 5) + _v12;
          								_t1516 = _t2130;
          							}
          							_t1517 = _t1516 + _t1516;
          							_v20 = _t1517;
          							_t1518 = _t1517 + _t1235;
          							_v44 = _t1518;
          							_t1371 =  *_t1518 & 0x0000ffff;
          							if(_t2192 < 0x1000000) {
          								_t2192 = _t2192 << 8;
          								_v16 =  &(_v16[1]);
          								_v8 = _v8 << 0x00000008 |  *_v16 & 0x000000ff;
          								_t1518 = _v44;
          							}
          							_t2123 = (_t2192 >> 0xb) * _t1371;
          							if(_v8 >= _t2123) {
          								_v8 = _v8 - _t2123;
          								_t2162 = _t2192 - _t2123;
          								 *_v44 = _t1371 - (_t1371 >> 5);
          								_t1314 = _v20 + 1;
          							} else {
          								_t2162 = _t2123;
          								_t1314 = _v20;
          								 *_t1518 = (0x800 - _t1371 >> 5) + _t1371;
          							}
          						}
          						_t1446 = _v48;
          						 *((char*)(_t1446 + _v64)) = _t1314;
          						_t1418 = _t1446 + 1;
          						goto L246;
          					}
          				}
          			}











































































































































































































































































          0x00405dd0
          0x00405dda
          0x00405de0
          0x00405de6
          0x00405dec
          0x00405df2
          0x00405dfa
          0x00405dfd
          0x00405dfe
          0x00405e01
          0x00405e0e
          0x00405e17
          0x00405e20
          0x00405e28
          0x00405e2d
          0x00405e31
          0x00405e37
          0x00405e3d
          0x00405e43
          0x00405e49
          0x00405e4f
          0x00405e55
          0x00405e58
          0x00405e5b
          0x00405e61
          0x00405e64
          0x00405e67
          0x00405e6c
          0x00405e71
          0x00405e78
          0x00405e7e
          0x00405e81
          0x00405e91
          0x00405e94
          0x00405e97
          0x00405e97
          0x00405e9f
          0x00405ea6
          0x00405ea9
          0x004066f9
          0x004066fc
          0x0040670d
          0x00406713
          0x00406716
          0x0040671a
          0x00406720
          0x00406723
          0x00406733
          0x00406736
          0x00406739
          0x00406739
          0x00406741
          0x00406748
          0x00406771
          0x00406774
          0x00406785
          0x0040678b
          0x0040678e
          0x00406792
          0x00406795
          0x00406798
          0x0040679b
          0x004067ab
          0x004067ae
          0x004067b1
          0x004067b4
          0x004067b4
          0x004067bc
          0x004067c2
          0x004067c5
          0x00406881
          0x0040688c
          0x0040688e
          0x00406891
          0x00406899
          0x0040689d
          0x004068a0
          0x004068a3
          0x004068b3
          0x004068b6
          0x004068b9
          0x004068bc
          0x004068bc
          0x004068c4
          0x004068ca
          0x004068e7
          0x004068f2
          0x004068f4
          0x004068f7
          0x004068ff
          0x00406903
          0x00406906
          0x00406909
          0x00406919
          0x0040691c
          0x0040691f
          0x00406922
          0x00406922
          0x0040692a
          0x00406930
          0x00406948
          0x00406950
          0x00406957
          0x0040695d
          0x00406960
          0x00406932
          0x00406932
          0x00406940
          0x00406943
          0x00406943
          0x00406966
          0x004068cc
          0x004068cc
          0x004068da
          0x004068dd
          0x004068dd
          0x0040696c
          0x0040696f
          0x00000000
          0x004067cb
          0x004067cb
          0x004067dc
          0x004067e5
          0x004067ec
          0x004067ee
          0x004067f3
          0x004067f6
          0x004067f9
          0x00406801
          0x0040680e
          0x00406811
          0x00406814
          0x00406814
          0x0040681c
          0x00406822
          0x00406868
          0x00406870
          0x00406872
          0x00406877
          0x00406972
          0x00406976
          0x0040697d
          0x00406983
          0x00000000
          0x00406824
          0x00406824
          0x00406830
          0x00406838
          0x0040683b
          0x0040683e
          0x0040684b
          0x0040684e
          0x0040684f
          0x00406856
          0x00406859
          0x00406860
          0x00000000
          0x00406860
          0x00406822
          0x0040674a
          0x0040674a
          0x00406754
          0x00406761
          0x00406767
          0x00406988
          0x0040698d
          0x00406990
          0x004069a0
          0x004069a3
          0x004069a6
          0x004069a6
          0x004069ae
          0x004069b5
          0x004069b8
          0x00406b11
          0x00406b14
          0x00406b22
          0x00406b29
          0x00406b2c
          0x00406b3c
          0x00406b3f
          0x00406b42
          0x00406b42
          0x00406b4a
          0x00406b51
          0x00406b54
          0x00406cae
          0x00406cb1
          0x00406cbf
          0x00406cc0
          0x00406cc4
          0x00406cc4
          0x00406cc9
          0x00406cd6
          0x00406cd9
          0x00406ce9
          0x00406cec
          0x00406cef
          0x00406cef
          0x00406cf7
          0x00406cfe
          0x00406d22
          0x00406d25
          0x00406d3b
          0x00406d41
          0x00406d00
          0x00406d05
          0x00406d1a
          0x00406d1d
          0x00406d1d
          0x00406d44
          0x00406d50
          0x00406b5a
          0x00406b5a
          0x00406b64
          0x00406b6e
          0x00406b75
          0x00406b79
          0x00406b7c
          0x00406b80
          0x00406b88
          0x00406b95
          0x00406b98
          0x00406b9b
          0x00406b9b
          0x00406ba3
          0x00406ba9
          0x00406bc1
          0x00406bc9
          0x00406bcd
          0x00406bd0
          0x00406bd2
          0x00406bab
          0x00406bab
          0x00406bb4
          0x00406bbb
          0x00406bbb
          0x00406bd6
          0x00406bd7
          0x00406bdb
          0x00406be2
          0x00406be5
          0x00406bf5
          0x00406bf8
          0x00406bfb
          0x00406bfb
          0x00406c03
          0x00406c0a
          0x00406c27
          0x00406c2a
          0x00406c36
          0x00406c39
          0x00406c3f
          0x00406c0c
          0x00406c0c
          0x00406c0e
          0x00406c1f
          0x00406c23
          0x00406c23
          0x00406c40
          0x00406c42
          0x00406c45
          0x00406c49
          0x00406c4c
          0x00406c4f
          0x00406c5f
          0x00406c62
          0x00406c65
          0x00406c68
          0x00406c68
          0x00406c70
          0x00406c76
          0x00406c91
          0x00406c99
          0x00406ca0
          0x00406ca6
          0x00406c78
          0x00406c78
          0x00406c86
          0x00406c89
          0x00406c89
          0x00406c76
          0x00000000
          0x004069be
          0x004069be
          0x004069c8
          0x004069d2
          0x004069d8
          0x004069db
          0x004069de
          0x004069e2
          0x004069ea
          0x004069f7
          0x004069fa
          0x004069fd
          0x004069fd
          0x00406a05
          0x00406a0b
          0x00406a23
          0x00406a2b
          0x00406a2f
          0x00406a32
          0x00406a34
          0x00406a0d
          0x00406a0d
          0x00406a16
          0x00406a1d
          0x00406a1d
          0x00406a38
          0x00406a39
          0x00406a3d
          0x00406a44
          0x00406a47
          0x00406a57
          0x00406a5a
          0x00406a5d
          0x00406a5d
          0x00406a65
          0x00406a6c
          0x00406a89
          0x00406a8c
          0x00406a98
          0x00406a9b
          0x00406aa1
          0x00406a6e
          0x00406a6e
          0x00406a70
          0x00406a81
          0x00406a85
          0x00406a85
          0x00406aa2
          0x00406aa5
          0x00406aa8
          0x00406aac
          0x00406aaf
          0x00406ab2
          0x00406ac2
          0x00406ac5
          0x00406ac8
          0x00406acb
          0x00406acb
          0x00406ad3
          0x00406ad9
          0x00406af1
          0x00406af4
          0x00406b00
          0x00406b06
          0x00406adb
          0x00406adb
          0x00406ae9
          0x00406aec
          0x00406aec
          0x00406b09
          0x00406d56
          0x00406d5a
          0x00406d5d
          0x004072cb
          0x004072ce
          0x004072d2
          0x004072d3
          0x004072d5
          0x004072d8
          0x00407396
          0x00407399
          0x0040739b
          0x00000000
          0x0040739b
          0x004072e0
          0x004072e2
          0x004072e2
          0x004072e7
          0x004072ea
          0x004072ec
          0x004072f2
          0x004072fa
          0x00407305
          0x00407332
          0x0040733b
          0x0040733e
          0x0040733f
          0x00407348
          0x0040734a
          0x0040734a
          0x0040734e
          0x0040734e
          0x0040734e
          0x00407353
          0x00407353
          0x00000000
          0x00407307
          0x0040730f
          0x00407311
          0x00407319
          0x0040731c
          0x0040731f
          0x00407322
          0x00407328
          0x0040732a
          0x0040732b
          0x00407356
          0x00407359
          0x00407376
          0x00407378
          0x0040739e
          0x004073a1
          0x0040737a
          0x0040737a
          0x00407386
          0x00407389
          0x0040738b
          0x0040738b
          0x004073a4
          0x004073aa
          0x004073b0
          0x004073b6
          0x004073bc
          0x004073c2
          0x004073c8
          0x004073ce
          0x004073d1
          0x004073d4
          0x004073d7
          0x00000000
          0x00407363
          0x00000000
          0x00407363
          0x00407359
          0x00407305
          0x00406d66
          0x00406d6e
          0x00406d68
          0x00406d68
          0x00406d68
          0x00406d73
          0x00406d7c
          0x00406d7f
          0x00406d8f
          0x00406d92
          0x00406d95
          0x00406d95
          0x00406d9d
          0x00406da4
          0x00406dbe
          0x00406dc1
          0x00406dc6
          0x00406dcf
          0x00406da6
          0x00406da6
          0x00406db0
          0x00406db8
          0x00406db8
          0x00406dd3
          0x00406dd4
          0x00406dd8
          0x00406ddf
          0x00406de2
          0x00406df2
          0x00406df5
          0x00406df8
          0x00406df8
          0x00406e00
          0x00406e07
          0x00406e24
          0x00406e27
          0x00406e33
          0x00406e36
          0x00406e3c
          0x00406e09
          0x00406e09
          0x00406e0b
          0x00406e1c
          0x00406e20
          0x00406e20
          0x00406e3d
          0x00406e41
          0x00406e48
          0x00406e4b
          0x00406e5b
          0x00406e5e
          0x00406e61
          0x00406e61
          0x00406e69
          0x00406e70
          0x00406e8d
          0x00406e90
          0x00406e9c
          0x00406e9f
          0x00406ea5
          0x00406e72
          0x00406e72
          0x00406e74
          0x00406e85
          0x00406e89
          0x00406e89
          0x00406ea6
          0x00406eaa
          0x00406eb1
          0x00406eb4
          0x00406ec4
          0x00406ec7
          0x00406eca
          0x00406eca
          0x00406ed2
          0x00406ed9
          0x00406ef6
          0x00406ef9
          0x00406f05
          0x00406f08
          0x00406f0e
          0x00406edb
          0x00406edb
          0x00406edd
          0x00406eee
          0x00406ef2
          0x00406ef2
          0x00406f0f
          0x00406f13
          0x00406f1a
          0x00406f1d
          0x00406f2d
          0x00406f30
          0x00406f33
          0x00406f33
          0x00406f3b
          0x00406f42
          0x00406f5f
          0x00406f62
          0x00406f6e
          0x00406f71
          0x00406f77
          0x00406f44
          0x00406f44
          0x00406f46
          0x00406f57
          0x00406f5b
          0x00406f5b
          0x00406f78
          0x00406f7b
          0x00406f7e
          0x00406f82
          0x00406f85
          0x00406f88
          0x00406f98
          0x00406f9b
          0x00406f9e
          0x00406fa1
          0x00406fa1
          0x00406fa9
          0x00406faf
          0x00406fc7
          0x00406fca
          0x00406fd6
          0x00406fdc
          0x00406fb1
          0x00406fb1
          0x00406fbf
          0x00406fc2
          0x00406fc2
          0x00406fdf
          0x00406fe5
          0x00407290
          0x00407297
          0x0040729d
          0x004072a3
          0x004072a6
          0x004072a6
          0x004072a9
          0x004072ac
          0x004072b3
          0x004072b6
          0x004072bb
          0x004072bd
          0x004072bd
          0x004072c2
          0x00407391
          0x00000000
          0x004072c8
          0x004072c8
          0x00000000
          0x004072c8
          0x00406feb
          0x00406ff4
          0x00406ff5
          0x00406ffa
          0x00406ffd
          0x00407000
          0x004070a8
          0x004070ab
          0x004070ad
          0x004070bd
          0x004070c0
          0x004070c3
          0x004070c3
          0x004070c6
          0x004070c8
          0x004070d4
          0x004070dc
          0x004070df
          0x004070e0
          0x004070e0
          0x004070e8
          0x004070ec
          0x004070f2
          0x00407102
          0x00407105
          0x00407108
          0x00407108
          0x00407110
          0x00407116
          0x00407136
          0x00407139
          0x0040713d
          0x0040714c
          0x00407118
          0x00407118
          0x00407121
          0x00407130
          0x00407130
          0x00407158
          0x0040715b
          0x0040715e
          0x00407161
          0x00407171
          0x00407174
          0x00407177
          0x0040717a
          0x0040717a
          0x00407182
          0x00407188
          0x004071a1
          0x004071a4
          0x004071b0
          0x004071b4
          0x0040718a
          0x0040718a
          0x00407198
          0x0040719c
          0x0040719c
          0x004071bf
          0x004071c2
          0x004071c5
          0x004071c8
          0x004071d8
          0x004071db
          0x004071de
          0x004071e1
          0x004071e1
          0x004071e9
          0x004071ef
          0x00407208
          0x0040720b
          0x00407217
          0x0040721b
          0x004071f1
          0x004071f1
          0x004071ff
          0x00407203
          0x00407203
          0x00407226
          0x00407229
          0x0040722c
          0x0040722f
          0x0040723f
          0x00407242
          0x00407245
          0x00407248
          0x00407248
          0x00407250
          0x00407256
          0x0040726f
          0x00407272
          0x0040727e
          0x00407258
          0x00407258
          0x00407266
          0x0040726a
          0x0040726a
          0x00407284
          0x0040728a
          0x00407368
          0x0040736c
          0x0040736f
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x0040728a
          0x00407008
          0x00407012
          0x00407014
          0x00407017
          0x0040701c
          0x00407023
          0x00407026
          0x00407029
          0x00407039
          0x0040703c
          0x0040703f
          0x00407042
          0x00407042
          0x0040704a
          0x00407050
          0x00407077
          0x00407082
          0x00407084
          0x0040708d
          0x0040708f
          0x00407091
          0x00407094
          0x00407052
          0x00407052
          0x00407063
          0x00407066
          0x00407069
          0x0040706d
          0x00407070
          0x00407070
          0x00407097
          0x00407097
          0x00407097
          0x004070a0
          0x00000000
          0x004070a0
          0x00406fe5
          0x004069b8
          0x00406748
          0x00405eaf
          0x00405eb1
          0x00405ec2
          0x00405ec8
          0x00405ed1
          0x00405ed4
          0x00405ede
          0x00405ee0
          0x00405ee0
          0x00405ef9
          0x00405efb
          0x00405efe
          0x00405f01
          0x00000000
          0x00405f04
          0x00405f04
          0x00405f04
          0x00405f0b
          0x0040626b
          0x00406273
          0x0040627c
          0x0040628d
          0x0040628f
          0x00406292
          0x004062a2
          0x004062a5
          0x004062aa
          0x004062b5
          0x004062bf
          0x004062c2
          0x004062c2
          0x004062ca
          0x004062d1
          0x004062ff
          0x00406302
          0x00406307
          0x0040631f
          0x004062d3
          0x004062d8
          0x004062e0
          0x004062ed
          0x004062f4
          0x004062fa
          0x004062fa
          0x00406325
          0x00406327
          0x00406329
          0x0040632c
          0x0040632e
          0x0040633b
          0x0040633e
          0x00406344
          0x00406347
          0x00406357
          0x0040635a
          0x0040635d
          0x0040635d
          0x00406365
          0x0040636c
          0x00406391
          0x00406394
          0x004063a3
          0x004063a9
          0x004063ad
          0x0040636e
          0x0040636e
          0x00406381
          0x00406387
          0x00406389
          0x0040638c
          0x0040638c
          0x004063b3
          0x004063b6
          0x004063b8
          0x004063bb
          0x004063c9
          0x004063cc
          0x004063d2
          0x004063d5
          0x004063e5
          0x004063e8
          0x004063eb
          0x004063eb
          0x004063f3
          0x004063fa
          0x0040641f
          0x00406422
          0x00406431
          0x00406437
          0x0040643b
          0x004063fc
          0x004063fc
          0x0040640f
          0x00406415
          0x00406417
          0x0040641a
          0x0040641a
          0x00406441
          0x00406444
          0x00406446
          0x00406449
          0x00406457
          0x0040645a
          0x00406460
          0x00406463
          0x00406473
          0x00406476
          0x00406479
          0x00406479
          0x00406481
          0x00406488
          0x004064ad
          0x004064b0
          0x004064bf
          0x004064c5
          0x004064c9
          0x0040648a
          0x0040648a
          0x0040649d
          0x004064a3
          0x004064a5
          0x004064a8
          0x004064a8
          0x004064cf
          0x004064d2
          0x004064d4
          0x004064d7
          0x004064e5
          0x004064e8
          0x004064ee
          0x004064f1
          0x00406501
          0x00406504
          0x00406507
          0x00406507
          0x0040650f
          0x00406516
          0x0040653b
          0x0040653e
          0x0040654d
          0x00406553
          0x00406557
          0x00406518
          0x00406518
          0x0040652b
          0x00406531
          0x00406533
          0x00406536
          0x00406536
          0x0040655d
          0x00406560
          0x00406562
          0x00406565
          0x00406573
          0x00406576
          0x0040657c
          0x0040657f
          0x0040658f
          0x00406592
          0x00406595
          0x00406595
          0x0040659d
          0x004065a4
          0x004065c9
          0x004065cc
          0x004065db
          0x004065e1
          0x004065e5
          0x004065a6
          0x004065a6
          0x004065b9
          0x004065bf
          0x004065c1
          0x004065c4
          0x004065c4
          0x004065eb
          0x004065ee
          0x004065f0
          0x004065f3
          0x00406601
          0x00406604
          0x0040660a
          0x0040660d
          0x0040661d
          0x00406620
          0x00406623
          0x00406623
          0x0040662b
          0x00406632
          0x00406657
          0x0040665a
          0x00406669
          0x00406673
          0x00406634
          0x00406634
          0x00406647
          0x0040664f
          0x00406652
          0x00406652
          0x00406687
          0x0040668a
          0x0040668d
          0x00406690
          0x004066a0
          0x004066a3
          0x004066a6
          0x004066a9
          0x004066a9
          0x004066b1
          0x004066b7
          0x004066d1
          0x004066d4
          0x004066e0
          0x004066e6
          0x004066b9
          0x004066b9
          0x004066ca
          0x004066cd
          0x004066cd
          0x00405f11
          0x00405f15
          0x00405f1e
          0x00405f17
          0x00405f17
          0x00405f17
          0x00405f1f
          0x00405f26
          0x00405f29
          0x00405f2e
          0x00405f39
          0x00405f43
          0x00405f46
          0x00405f46
          0x00405f4e
          0x00405f55
          0x00405f6f
          0x00405f72
          0x00405f77
          0x00405f80
          0x00405f57
          0x00405f57
          0x00405f61
          0x00405f69
          0x00405f69
          0x00405f84
          0x00405f85
          0x00405f89
          0x00405f90
          0x00405f93
          0x00405fa3
          0x00405fa6
          0x00405fa9
          0x00405fa9
          0x00405fb1
          0x00405fb8
          0x00405fd5
          0x00405fd8
          0x00405fe4
          0x00405fe7
          0x00405fed
          0x00405fba
          0x00405fba
          0x00405fbc
          0x00405fcd
          0x00405fd1
          0x00405fd1
          0x00405fee
          0x00405ff2
          0x00405ff9
          0x00405ffc
          0x0040600c
          0x0040600f
          0x00406012
          0x00406012
          0x0040601a
          0x00406021
          0x0040603e
          0x00406041
          0x0040604d
          0x00406050
          0x00406056
          0x00406023
          0x00406023
          0x00406025
          0x00406036
          0x0040603a
          0x0040603a
          0x00406057
          0x0040605b
          0x00406062
          0x00406065
          0x00406075
          0x00406078
          0x0040607b
          0x0040607b
          0x00406083
          0x0040608a
          0x004060a7
          0x004060aa
          0x004060b6
          0x004060b9
          0x004060bf
          0x0040608c
          0x0040608c
          0x0040608e
          0x0040609f
          0x004060a3
          0x004060a3
          0x004060c0
          0x004060c4
          0x004060cb
          0x004060ce
          0x004060de
          0x004060e1
          0x004060e4
          0x004060e4
          0x004060ec
          0x004060f3
          0x00406110
          0x00406113
          0x0040611f
          0x00406122
          0x00406128
          0x004060f5
          0x004060f5
          0x004060f7
          0x00406108
          0x0040610c
          0x0040610c
          0x00406129
          0x0040612d
          0x00406134
          0x00406137
          0x00406147
          0x0040614a
          0x0040614d
          0x0040614d
          0x00406155
          0x0040615c
          0x00406179
          0x0040617c
          0x00406188
          0x0040618b
          0x00406191
          0x0040615e
          0x0040615e
          0x00406160
          0x00406171
          0x00406175
          0x00406175
          0x00406192
          0x00406196
          0x0040619d
          0x004061a0
          0x004061b0
          0x004061b3
          0x004061b6
          0x004061b6
          0x004061be
          0x004061c5
          0x004061e2
          0x004061e5
          0x004061f1
          0x004061f4
          0x004061fa
          0x004061c7
          0x004061c7
          0x004061c9
          0x004061da
          0x004061de
          0x004061de
          0x004061fb
          0x004061fd
          0x00406200
          0x00406204
          0x00406207
          0x0040620a
          0x0040621a
          0x0040621d
          0x00406220
          0x00406223
          0x00406223
          0x0040622b
          0x00406231
          0x0040624e
          0x00406259
          0x0040625b
          0x00406261
          0x00406233
          0x00406233
          0x00406241
          0x00406244
          0x00406244
          0x00406231
          0x004066ea
          0x004066f0
          0x004066f3
          0x00000000
          0x004066f3
          0x00405ed4

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID:
          • String ID: 6\@$6\@
          • API String ID: 0-436481360
          • Opcode ID: 5e3568fc1fcd93741cef635555f1507372c456b51c0ccc4f244ae7e3e53fd7ff
          • Instruction ID: 6d8771cc925c0df50cbb4fab0bb61ad41f2263bae396823d739e1cb43514e0db
          • Opcode Fuzzy Hash: 5e3568fc1fcd93741cef635555f1507372c456b51c0ccc4f244ae7e3e53fd7ff
          • Instruction Fuzzy Hash: D3032771E04119DFCB08CFA9C5905ADFBB2FF89301F2582AED856BB384E6345A41DB94
          Uniqueness

          Uniqueness Score: -1.00%

          C-Code - Quality: 70%
          			E00403082(void* __ecx, signed int** __edx, signed int _a4, intOrPtr _a8, signed int _a11, intOrPtr* _a12, unsigned int _a15, int _a16, signed int _a19, intOrPtr _a20, signed int _a23) {
          				unsigned int _v8;
          				unsigned int _v12;
          				signed int _v16;
          				unsigned int _v20;
          				signed int _v24;
          				signed int _v28;
          				unsigned int _v32;
          				unsigned int _v36;
          				unsigned int _v40;
          				unsigned int _v44;
          				signed int _v48;
          				signed int _v52;
          				signed int _v56;
          				char _v60;
          				unsigned int _v64;
          				void* _v68;
          				unsigned int _v72;
          				char _v76;
          				unsigned int _v80;
          				unsigned int _v84;
          				unsigned int _v88;
          				char _v92;
          				intOrPtr _v100;
          				intOrPtr _v140;
          				char _v144;
          				signed int _t365;
          				void* _t369;
          				signed int _t378;
          				signed int _t379;
          				signed int _t380;
          				signed int _t382;
          				signed int _t384;
          				signed int _t385;
          				signed int _t386;
          				signed int _t389;
          				signed int _t391;
          				signed int _t393;
          				unsigned int _t398;
          				unsigned int _t400;
          				signed char* _t401;
          				signed int _t404;
          				unsigned int _t405;
          				signed int _t408;
          				signed int _t409;
          				signed char _t410;
          				signed char _t413;
          				signed int _t414;
          				signed int _t415;
          				void* _t416;
          				signed char _t417;
          				signed int _t418;
          				signed char _t421;
          				signed int _t423;
          				signed int _t427;
          				signed int _t428;
          				signed int _t430;
          				unsigned int _t432;
          				signed int* _t435;
          				signed int* _t436;
          				signed int _t437;
          				intOrPtr* _t438;
          				signed int _t441;
          				void* _t442;
          				int _t444;
          				signed int _t449;
          				signed int* _t451;
          				signed int _t453;
          				intOrPtr* _t454;
          				intOrPtr* _t469;
          				signed int _t470;
          				intOrPtr _t471;
          				intOrPtr* _t472;
          				signed int _t484;
          				intOrPtr _t497;
          				unsigned int _t498;
          				intOrPtr* _t521;
          				unsigned int _t522;
          				signed int _t527;
          				signed int _t528;
          				signed int _t531;
          				signed int _t534;
          				signed int _t535;
          				signed int _t543;
          				void* _t544;
          				signed int _t546;
          				signed int** _t555;
          				signed int _t576;
          				signed int _t581;
          				signed int _t582;
          				signed int _t584;
          				signed char _t586;
          				signed int _t587;
          				signed char _t590;
          				signed char _t596;
          				signed char _t598;
          				char _t602;
          				signed int _t612;
          				signed int** _t624;
          				signed int _t626;
          				void* _t627;
          				void* _t628;
          
          				_t624 = __edx;
          				_t627 = __ecx;
          				_v76 = 0;
          				_v72 = 0;
          				_v68 = 0;
          				_v64 = 0;
          				_v84 = 0;
          				_v80 = 0;
          				_v88 = 0;
          				_v92 = 0;
          				_t365 = E00401FA9(__edx,  &_v12);
          				if(_t365 != 0) {
          					L153:
          					return _t365;
          				}
          				if(_v12 != 2 || _v8 != 0) {
          					L8:
          					__eflags = _v12 - 3;
          					if(_v12 != 3) {
          						L12:
          						__eflags = _v12 - 4;
          						if(_v12 != 4) {
          							L16:
          							__eflags = _v12 | _v8;
          							if((_v12 | _v8) == 0) {
          								L150:
          								return 0;
          							}
          							__eflags = _v12 - 5;
          							if(_v12 != 5) {
          								L149:
          								_push(0x10);
          								L152:
          								_pop(_t369);
          								return _t369;
          							}
          							__eflags = _v8;
          							if(_v8 != 0) {
          								goto L149;
          							}
          							_a4 = 0;
          							_v32 = 0;
          							_v48 = 0;
          							_v52 = 0;
          							_t365 = E00401F4F(_t624,  &_a4);
          							__eflags = _t365;
          							if(_t365 != 0) {
          								goto L153;
          							}
          							 *(_t627 + 0x40) = _a4;
          							_t365 = E00401FA9(_t624,  &_v28);
          							__eflags = _t365;
          							if(_t365 == 0) {
          								_t469 = _a16;
          								while(1) {
          									__eflags = _v28 | _v24;
          									if((_v28 | _v24) == 0) {
          										break;
          									}
          									_t365 = E00401FA9(_t624,  &_v60);
          									__eflags = _t365;
          									if(_t365 != 0) {
          										goto L153;
          									}
          									_t428 = _t624[1];
          									__eflags = _v56;
          									_t602 = _v60;
          									if(__eflags > 0) {
          										goto L149;
          									}
          									if(__eflags < 0) {
          										L27:
          										__eflags = _v24;
          										if(_v24 > 0) {
          											L29:
          											 *_t624 =  *_t624 + _t602;
          											_t624[1] = _t428 - _t602;
          											L67:
          											_t430 = E00401FA9(_t624,  &_v28);
          											__eflags = _t430;
          											if(_t430 == 0) {
          												continue;
          											}
          											return _t430;
          										}
          										_t527 = _v28;
          										__eflags = _t527 - 0x100;
          										if(_t527 < 0x100) {
          											_t528 = _t527 - 0xe;
          											__eflags = _t528;
          											if(_t528 == 0) {
          												_t365 = E004038DB(_t624, _a4,  &_v48);
          												__eflags = _t365;
          												if(_t365 != 0) {
          													goto L153;
          												}
          												_t432 = E0040277C(_v48, _a4);
          												_t130 =  &_v52;
          												 *_t130 = _v52 & 0x00000000;
          												__eflags =  *_t130;
          												_v32 = _t432;
          												goto L67;
          											}
          											_t531 = _t528 - 1;
          											__eflags = _t531;
          											if(_t531 == 0) {
          												_t365 = E004038DB(_t624, _v32,  &_v52);
          												L47:
          												__eflags = _t365;
          												if(_t365 != 0) {
          													goto L153;
          												}
          												goto L67;
          											}
          											_t534 = _t531;
          											__eflags = _t534;
          											if(_t534 == 0) {
          												__eflags = _t428;
          												if(_t428 == 0) {
          													goto L149;
          												}
          												_t624[1] = _t428 - 1;
          												_t435 =  *_t624;
          												_t535 =  *_t435;
          												_t436 =  &(_t435[0]);
          												__eflags = _t535;
          												_a23 = _t535;
          												 *_t624 = _t436;
          												if(_t535 != 0) {
          													_t93 =  &_v40; // 0x403050
          													_t365 = E00401F4F(_t624, _t93);
          													__eflags = _t365;
          													if(_t365 != 0) {
          														goto L153;
          													}
          													_t95 =  &_v40; // 0x403050
          													_t437 =  *_t95;
          													__eflags = _t437 -  *_a12;
          													if(_t437 >=  *_a12) {
          														goto L149;
          													}
          													_t438 = _a8 + _t437 * 8;
          													_v44 =  *_t438;
          													_a16 =  *((intOrPtr*)(_t438 + 4));
          													L55:
          													__eflags = _a16 & 0x00000001;
          													if((_a16 & 0x00000001) != 0) {
          														goto L149;
          													}
          													_t441 =  *_t469();
          													__eflags = _t441;
          													 *(_t627 + 0x74) = _t441;
          													if(_t441 == 0) {
          														L151:
          														_push(2);
          														goto L152;
          													}
          													__eflags = _a16;
          													if(_a16 != 0) {
          														_t442 =  *_t469();
          														__eflags = _t442;
          														 *(_t627 + 0x78) = _t442;
          														if(_t442 == 0) {
          															goto L151;
          														}
          														memcpy(_t442, _v44, _a16);
          														_t628 = _t628 + 0xc;
          														L61:
          														_t365 = E004038FF( *(_t627 + 0x78), _a16, _a4,  *(_t627 + 0x74));
          														__eflags = _t365;
          														if(_t365 != 0) {
          															goto L153;
          														}
          														__eflags = _a23 - _t365;
          														if(_a23 == _t365) {
          															_t444 = _a16;
          															_t624[1] = _t624[1] - _t444;
          															 *_t624 =  *_t624 + _t444;
          														}
          														goto L67;
          													}
          													 *(_t627 + 0x78) =  *(_t627 + 0x78) & 0x00000000;
          													goto L61;
          												}
          												_v44 = _t436;
          												_a16 = _t602 - 1;
          												goto L55;
          											}
          											_t543 = _t534 - 1;
          											__eflags = _t543;
          											if(__eflags == 0) {
          												_push(_t469);
          												_t612 = _a4;
          												_t544 = _t627 + 0x64;
          												_push( *_a12);
          												_push(_a8);
          												_push(_t624);
          												L46:
          												_t365 = E00403964(_t544, _t612, __eflags);
          												goto L47;
          											}
          											_t546 = _t543;
          											__eflags = _t546;
          											if(__eflags == 0) {
          												_push(_t469);
          												_t612 = _a4;
          												_t544 = _t627 + 0x5c;
          												_push( *_a12);
          												_push(_a8);
          												_push(_t624);
          												goto L46;
          											}
          											__eflags = _t546 != 1;
          											if(_t546 != 1) {
          												goto L29;
          											}
          											E00401AE6(_t627 + 0x54, _t469);
          											_t365 = E00402CAB(_t624, _a4, _t627 + 0x54, _t469);
          											__eflags = _t365;
          											if(_t365 != 0) {
          												goto L153;
          											}
          											_t449 = _t624[1];
          											__eflags = _t449;
          											if(_t449 == 0) {
          												goto L149;
          											}
          											_t624[1] = _t449 - 1;
          											_t451 =  *_t624;
          											__eflags =  *_t451;
          											 *_t624 =  &(_t451[0]);
          											if( *_t451 != 0) {
          												_t365 = E00401F4F(_t624,  &_v36);
          												__eflags = _t365;
          												if(_t365 != 0) {
          													goto L153;
          												}
          												_t453 = _v36;
          												__eflags = _t453 -  *_a12;
          												if(_t453 >=  *_a12) {
          													goto L149;
          												}
          												_t454 = _a8 + _t453 * 8;
          												_v12 =  *_t454;
          												_v8 =  *((intOrPtr*)(_t454 + 4));
          												_t555 =  &_v12;
          												L43:
          												_t365 = E00402D4F(_t555, _a4, _t627 + 0x54, _t469);
          												goto L47;
          											}
          											_t555 = _t624;
          											goto L43;
          										}
          										goto L29;
          									}
          									__eflags = _t602 - _t428;
          									if(_t602 > _t428) {
          										goto L149;
          									}
          									goto L27;
          								}
          								__eflags = _a4 - _v32 - _v92;
          								if(_a4 - _v32 != _v92) {
          									goto L149;
          								} else {
          									goto L70;
          								}
          								while(1) {
          									L70:
          									_t365 = E00401FA9(_t624,  &_v28);
          									__eflags = _t365;
          									if(_t365 != 0) {
          										goto L153;
          									}
          									__eflags = _v28 | _v24;
          									if((_v28 | _v24) == 0) {
          										_a19 = _a19 & 0x00000000;
          										_a23 = _a23 & 0x00000000;
          										_a11 = _a11 & 0x00000000;
          										_v44 = 0;
          										_v16 = 0;
          										_v40 = 0;
          										_v36 = 0;
          										_v12 = 0;
          										_v8 = 0;
          										_v32 = 0;
          										_v20 = 0;
          										_a15 = 0x80;
          										_t378 =  *_t469();
          										__eflags = _t378;
          										 *(_t627 + 0x6c) = _t378;
          										if(_t378 == 0) {
          											goto L151;
          										}
          										_t379 =  *(_t627 + 0x40);
          										__eflags = _t379;
          										if(_t379 != 0) {
          											_t380 =  *_t469();
          											__eflags = _t380;
          											 *(_t627 + 0x70) = _t380;
          											if(_t380 == 0) {
          												goto L151;
          											}
          											L78:
          											_t382 =  *_t469();
          											__eflags = _t382;
          											 *(_t627 + 0x44) = _t382;
          											if(_t382 == 0) {
          												goto L151;
          											}
          											_t576 =  *(_t627 + 0x40) + 7;
          											__eflags = _t576 & 0xfffffff8;
          											if((_t576 & 0xfffffff8) != 0) {
          												_t384 =  *_t469();
          												__eflags = _t384;
          												 *(_t627 + 0x48) = _t384;
          												if(_t384 == 0) {
          													goto L151;
          												}
          												L82:
          												_t365 = E0040389A(_t627 + 0x4c,  *(_t627 + 0x40), _t469);
          												__eflags = _t365;
          												if(_t365 != 0) {
          													goto L153;
          												}
          												__eflags = _v64;
          												if(_v64 != 0) {
          													_t521 = _v68;
          													_v64 = _v64 - 1;
          													_t423 =  *_t521;
          													_t522 = _t521 + 1;
          													__eflags = _t423;
          													_a19 = _t423;
          													_v68 = _t522;
          													if(_t423 == 0) {
          														_v32 = _t522;
          														_t427 = (_v88 + 7 >> 3) + _t522;
          														__eflags = _t427;
          														_v20 = _t427;
          													} else {
          														_v20 = _t522;
          													}
          												}
          												_t626 = 0;
          												__eflags = _a4;
          												if(_a4 <= 0) {
          													_t470 = _v12;
          													goto L140;
          												} else {
          													_t470 = _v12;
          													do {
          														__eflags = _a15;
          														if(_a15 == 0) {
          															_t191 = _t626 - 1; // -1
          															_a23 = _a23 & 0x00000000;
          															_t398 = _t191 >> 3;
          															_a15 = 0x80;
          															 *((char*)( *(_t627 + 0x48) + _t398)) = _a23;
          															_t198 =  &_a11;
          															 *_t198 = _a11 & 0x00000000;
          															__eflags =  *_t198;
          															 *((char*)(_t398 +  *((intOrPtr*)(_t627 + 0x4c)))) = _a11;
          														}
          														_t389 =  *(_t627 + 0x44);
          														 *(_t389 + _t626 * 8) = _t470;
          														 *((intOrPtr*)(_t389 + 4 + _t626 * 8)) = _v8;
          														 *( *((intOrPtr*)(_t627 + 0x50)) + _t626 * 4) =  *( *((intOrPtr*)(_t627 + 0x50)) + _t626 * 4) & 0x00000000;
          														_t391 = _v48;
          														__eflags = _t391;
          														if(_t391 == 0) {
          															L100:
          															__eflags = _v40;
          															if(_v40 != 0) {
          																goto L109;
          															} else {
          																goto L101;
          															}
          															while(1) {
          																L101:
          																_t414 = _v16;
          																__eflags = _t414 -  *((intOrPtr*)(_t627 + 4));
          																if(_t414 >=  *((intOrPtr*)(_t627 + 4))) {
          																	goto L149;
          																}
          																 *( *(_t627 + 0x6c) + _t414 * 4) = _t626;
          																__eflags = _v84;
          																_v36 = 1;
          																if(_v84 == 0) {
          																	L104:
          																	_t415 = _v36;
          																	__eflags = _t415;
          																	_v40 = _t415;
          																	if(_t415 != 0) {
          																		goto L109;
          																	}
          																	_t587 = _v16;
          																	_t416 = E0040209D(_t627, _t587);
          																	_t470 = _t470 + _t416;
          																	asm("adc [ebp-0x4], edx");
          																	__eflags = _v8 - _t587;
          																	if(__eflags < 0) {
          																		goto L149;
          																	}
          																	if(__eflags > 0) {
          																		L108:
          																		_v16 = _v16 + 1;
          																		continue;
          																	}
          																	__eflags = _t470 - _t416;
          																	if(_t470 < _t416) {
          																		goto L149;
          																	}
          																	goto L108;
          																}
          																_t365 = E00401F4F( &_v84,  &_v36);
          																__eflags = _t365;
          																if(_t365 != 0) {
          																	goto L153;
          																}
          																goto L104;
          															}
          															goto L149;
          														} else {
          															_t590 = 0x80 >> (_t626 & 0x00000007);
          															_t417 =  *((intOrPtr*)((_t626 >> 3) + _t391));
          															__eflags = _t417 & _t590;
          															if((_t417 & _t590) == 0) {
          																goto L100;
          															}
          															_t418 = _v52;
          															__eflags = _t418;
          															if(_t418 == 0) {
          																_t229 =  &_a23;
          																 *_t229 = _a23 | _a15;
          																__eflags =  *_t229;
          															} else {
          																_t596 = 0x80 >> (_v44 & 0x00000007);
          																_t421 =  *((intOrPtr*)((_v44 >> 3) + _t418));
          																__eflags = _t421 & _t596;
          																if((_t421 & _t596) == 0) {
          																	_t224 =  &_a23;
          																	 *_t224 = _a23 | _a15;
          																	__eflags =  *_t224;
          																}
          																_v44 = _v44 + 1;
          															}
          															__eflags = _v40;
          															if(_v40 != 0) {
          																L109:
          																 *( *(_t627 + 0x70) + _t626 * 4) = _v16;
          																_t393 = _v48;
          																__eflags = _t393;
          																if(_t393 == 0) {
          																	L111:
          																	_t261 =  &_v40;
          																	 *_t261 = _v40 - 1;
          																	__eflags =  *_t261;
          																	if( *_t261 != 0) {
          																		_t365 = E00401FA9( &_v76,  &_v60);
          																		__eflags = _t365;
          																		if(_t365 != 0) {
          																			goto L153;
          																		}
          																		_t470 = _t470 + _v60;
          																		asm("adc [ebp-0x4], eax");
          																		__eflags = _v8 - _v56;
          																		if(__eflags < 0) {
          																			goto L149;
          																		}
          																		if(__eflags > 0) {
          																			L132:
          																			__eflags = _a19;
          																			if(_a19 != 0) {
          																				L135:
          																				_v20 = _v20 + 4;
          																				 *( *((intOrPtr*)(_t627 + 0x50)) + _t626 * 4) =  *_v20;
          																				_t329 =  &_a11;
          																				 *_t329 = _a11 | _a15;
          																				__eflags =  *_t329;
          																				goto L136;
          																			}
          																			__eflags = _v32;
          																			if(_v32 == 0) {
          																				goto L136;
          																			}
          																			_t401 = _v32;
          																			__eflags =  *_t401 & 0x00000080;
          																			if(( *_t401 & 0x00000080) == 0) {
          																				goto L136;
          																			}
          																			goto L135;
          																		}
          																		__eflags = _t470 - _v60;
          																		if(_t470 < _v60) {
          																			goto L149;
          																		}
          																		goto L132;
          																	}
          																	_t581 = _v16;
          																	_v28 = E0040209D(_t627, _t581);
          																	_v24 = _t581;
          																	_t582 =  *(_t627 + 0x44);
          																	_t404 =  *( *(_t627 + 0x6c) + _v16 * 4);
          																	_t497 =  *((intOrPtr*)(_t582 + _t404 * 8));
          																	_t471 = _t470 - _t497;
          																	_t405 =  *((intOrPtr*)(_t582 + 4 + _t404 * 8));
          																	asm("sbb edx, eax");
          																	_v100 = _t471;
          																	__eflags = _v24 - _v8;
          																	if(__eflags < 0) {
          																		goto L149;
          																	}
          																	_t584 = _v28;
          																	if(__eflags > 0) {
          																		L115:
          																		_t498 = _t497 + _t584;
          																		asm("adc eax, [ebp-0x14]");
          																		_v12 = _t498;
          																		__eflags = _t405 - _v24;
          																		_v8 = _t405;
          																		if(__eflags < 0) {
          																			goto L149;
          																		}
          																		if(__eflags > 0) {
          																			L118:
          																			__eflags = _v36 - 1;
          																			if(_v36 != 1) {
          																				L122:
          																				__eflags = _a19;
          																				if(_a19 != 0) {
          																					L125:
          																					_t301 =  &_v20;
          																					 *_t301 = _v20 + 4;
          																					__eflags =  *_t301;
          																					 *( *((intOrPtr*)(_t627 + 0x50)) + _t626 * 4) =  *_v20;
          																					L126:
          																					_t306 =  &_a11;
          																					 *_t306 = _a11 | _a15;
          																					__eflags =  *_t306;
          																					L127:
          																					_v16 = _v16 + 1;
          																					_t470 = _v12;
          																					goto L136;
          																				}
          																				_t408 = _v32;
          																				__eflags = _t408;
          																				if(_t408 == 0) {
          																					goto L127;
          																				}
          																				__eflags =  *_t408 & 0x00000080;
          																				if(( *_t408 & 0x00000080) == 0) {
          																					goto L127;
          																				}
          																				goto L125;
          																			}
          																			_t409 =  *(_t627 + 0xc);
          																			__eflags = _t409;
          																			if(_t409 == 0) {
          																				goto L122;
          																			}
          																			_t598 = 0x80 >> (_t626 & 0x00000007);
          																			_t410 =  *((intOrPtr*)((_t626 >> 3) + _t409));
          																			__eflags = _t410 & _t598;
          																			if((_t410 & _t598) == 0) {
          																				goto L122;
          																			}
          																			 *( *((intOrPtr*)(_t627 + 0x50)) + _t626 * 4) =  *( *((intOrPtr*)(_t627 + 0x10)) + _v16 * 4);
          																			goto L126;
          																		}
          																		__eflags = _t498 - _t584;
          																		if(_t498 < _t584) {
          																			goto L149;
          																		}
          																		goto L118;
          																	}
          																	__eflags = _t584 - _t471;
          																	if(_t584 < _t471) {
          																		goto L149;
          																	}
          																	goto L115;
          																}
          																_t586 = 0x80 >> (_t626 & 0x00000007);
          																_t413 =  *((intOrPtr*)((_t626 >> 3) + _t393));
          																__eflags = _t413 & _t586;
          																if((_t413 & _t586) != 0) {
          																	goto L136;
          																}
          																goto L111;
          															} else {
          																 *( *(_t627 + 0x70) + _t626 * 4) =  *( *(_t627 + 0x70) + _t626 * 4) | 0xffffffff;
          																goto L136;
          															}
          														}
          														L136:
          														_a15 = _a15 >> 1;
          														_t626 = _t626 + 1;
          														__eflags = _t626 - _a4;
          													} while (_t626 < _a4);
          													__eflags = _a15 - 0x80;
          													if(_a15 != 0x80) {
          														_t337 = _t626 - 1; // 0x4
          														_t400 = _t337 >> 3;
          														 *((char*)( *(_t627 + 0x48) + _t400)) = _a23;
          														 *((char*)(_t400 +  *((intOrPtr*)(_t627 + 0x4c)))) = _a11;
          													}
          													L140:
          													_t385 =  *(_t627 + 0x44);
          													__eflags = _v40;
          													 *(_t385 + _t626 * 8) = _t470;
          													 *((intOrPtr*)(_t385 + 4 + _t626 * 8)) = _v8;
          													if(_v40 != 0) {
          														goto L149;
          													}
          													_t484 =  *(_t627 + 0x6c);
          													_t386 = _v16;
          													while(1) {
          														 *(_t484 + _t386 * 4) = _t626;
          														__eflags = _t386 -  *((intOrPtr*)(_t627 + 4));
          														if(_t386 >=  *((intOrPtr*)(_t627 + 4))) {
          															break;
          														}
          														__eflags = _v84;
          														if(_v84 == 0) {
          															goto L149;
          														}
          														_t365 = E00401F4F( &_v84,  &_v36);
          														__eflags = _t365;
          														if(_t365 != 0) {
          															goto L153;
          														}
          														__eflags = _v36 - _t365;
          														if(_v36 != _t365) {
          															goto L149;
          														}
          														_t484 =  *(_t627 + 0x6c);
          														_t386 = _v16 + 1;
          														_v16 = _t386;
          													}
          													__eflags = _v84;
          													if(_v84 == 0) {
          														goto L150;
          													}
          													__eflags = _v80;
          													if(_v80 == 0) {
          														goto L150;
          													}
          													goto L149;
          												}
          											}
          											 *(_t627 + 0x48) = 0;
          											goto L82;
          										}
          										 *(_t627 + 0x70) = 0;
          										goto L78;
          									}
          									_t365 = E0040269A(_t624);
          									__eflags = _t365;
          									if(_t365 != 0) {
          										goto L153;
          									}
          								}
          							}
          							goto L153;
          						}
          						__eflags = _v8;
          						if(_v8 != 0) {
          							goto L16;
          						}
          						_t472 = _t627 + 0x38;
          						_t365 = E004024A4(_t627, _t624, 0x40000000, _a8,  *_a12, _t472,  &_v92, _a16);
          						__eflags = _t365;
          						if(_t365 != 0) {
          							goto L153;
          						}
          						 *_t472 =  *_t472 +  *((intOrPtr*)(_t627 + 0x30));
          						asm("adc [ebx+0x4], ecx");
          						_t365 = E00401FA9(_t624,  &_v12);
          						__eflags = _t365;
          						if(_t365 != 0) {
          							goto L153;
          						}
          						goto L16;
          					}
          					__eflags = _v8;
          					if(_v8 != 0) {
          						goto L12;
          					}
          					E00401B44( &_v144);
          					_a4 = E004023BE(_a4, _t624, _a8, 8,  *((intOrPtr*)(_t627 + 0x30)),  *((intOrPtr*)(_t627 + 0x34)),  &_v144, _a20);
          					 *_a12 = _v140;
          					E00401BD7( &_v144, _a20, __eflags);
          					_t365 = _a4;
          					__eflags = _t365;
          					if(_t365 != 0) {
          						goto L153;
          					}
          					_t365 = E00401FA9(_t624,  &_v12);
          					__eflags = _t365;
          					if(_t365 != 0) {
          						goto L153;
          					}
          					goto L12;
          				} else {
          					while(1) {
          						_t365 = E00401FA9(_t624,  &_v28);
          						if(_t365 != 0) {
          							goto L153;
          						}
          						if((_v28 | _v24) == 0) {
          							_t365 = E00401FA9(_t624,  &_v12);
          							__eflags = _t365;
          							if(_t365 != 0) {
          								goto L153;
          							}
          							goto L8;
          						}
          						_t365 = E0040269A(_t624);
          						if(_t365 != 0) {
          							goto L153;
          						} else {
          							continue;
          						}
          					}
          					goto L153;
          				}
          			}








































































































          0x0040308e
          0x00403090
          0x00403099
          0x0040309c
          0x0040309f
          0x004030a2
          0x004030a5
          0x004030a8
          0x004030ab
          0x004030ae
          0x004030b1
          0x004030b8
          0x00403897
          0x00403897
          0x00403897
          0x004030c2
          0x00403106
          0x00403106
          0x0040310a
          0x00403174
          0x00403174
          0x00403178
          0x004031c6
          0x004031c9
          0x004031cc
          0x0040388c
          0x00000000
          0x0040388c
          0x004031d2
          0x004031d6
          0x00403888
          0x00403888
          0x00403892
          0x00403892
          0x00000000
          0x00403892
          0x004031de
          0x004031e1
          0x00000000
          0x00000000
          0x004031ec
          0x004031ef
          0x004031f2
          0x004031f5
          0x004031f8
          0x004031fd
          0x004031ff
          0x00000000
          0x00000000
          0x0040320d
          0x00403210
          0x00403215
          0x00403217
          0x0040321d
          0x00403220
          0x00403223
          0x00403226
          0x00000000
          0x00000000
          0x00403231
          0x00403236
          0x00403238
          0x00000000
          0x00000000
          0x00403241
          0x00403246
          0x00403248
          0x0040324b
          0x00000000
          0x00000000
          0x00403251
          0x0040325b
          0x0040325b
          0x0040325f
          0x0040326c
          0x0040326e
          0x00403270
          0x0040345f
          0x00403464
          0x00403469
          0x0040346b
          0x00000000
          0x00000000
          0x00000000
          0x0040346b
          0x00403261
          0x00403264
          0x0040326a
          0x00403278
          0x00403278
          0x0040327b
          0x00403440
          0x00403445
          0x00403447
          0x00000000
          0x00000000
          0x00403453
          0x00403458
          0x00403458
          0x00403458
          0x0040345c
          0x00000000
          0x0040345c
          0x00403281
          0x00403281
          0x00403282
          0x0040342d
          0x0040334b
          0x0040334b
          0x0040334d
          0x00000000
          0x00000000
          0x00000000
          0x00403353
          0x00403289
          0x00403289
          0x0040328a
          0x00403358
          0x0040335a
          0x00000000
          0x00000000
          0x00403361
          0x00403364
          0x00403366
          0x00403368
          0x00403369
          0x0040336b
          0x0040336e
          0x00403370
          0x0040337b
          0x00403380
          0x00403385
          0x00403387
          0x00000000
          0x00000000
          0x00403390
          0x00403390
          0x00403393
          0x00403395
          0x00000000
          0x00000000
          0x0040339e
          0x004033a6
          0x004033a9
          0x004033ac
          0x004033ac
          0x004033b0
          0x00000000
          0x00000000
          0x004033c2
          0x004033c4
          0x004033c6
          0x004033c9
          0x00403890
          0x00403890
          0x00000000
          0x00403890
          0x004033cf
          0x004033d3
          0x004033e0
          0x004033e2
          0x004033e4
          0x004033e7
          0x00000000
          0x00000000
          0x004033f4
          0x004033f9
          0x004033fc
          0x00403408
          0x0040340d
          0x0040340f
          0x00000000
          0x00000000
          0x00403415
          0x00403418
          0x0040341a
          0x0040341d
          0x00403420
          0x00403420
          0x00000000
          0x00403418
          0x004033d5
          0x00000000
          0x004033d5
          0x00403373
          0x00403376
          0x00000000
          0x00403376
          0x00403290
          0x00403290
          0x00403291
          0x00403339
          0x0040333a
          0x0040333d
          0x00403340
          0x00403342
          0x00403345
          0x00403346
          0x00403346
          0x00000000
          0x00403346
          0x00403298
          0x00403298
          0x00403299
          0x00403327
          0x00403328
          0x0040332b
          0x0040332e
          0x00403330
          0x00403333
          0x00000000
          0x00403333
          0x0040329f
          0x004032a0
          0x00000000
          0x00000000
          0x004032a7
          0x004032b6
          0x004032bb
          0x004032bd
          0x00000000
          0x00000000
          0x004032c3
          0x004032c6
          0x004032c8
          0x00000000
          0x00000000
          0x004032cf
          0x004032d2
          0x004032d7
          0x004032d9
          0x004032db
          0x004032e6
          0x004032eb
          0x004032ed
          0x00000000
          0x00000000
          0x004032f6
          0x004032f9
          0x004032fb
          0x00000000
          0x00000000
          0x00403304
          0x00403309
          0x0040330f
          0x00403312
          0x00403315
          0x0040331d
          0x00000000
          0x0040331d
          0x004032dd
          0x00000000
          0x004032dd
          0x00000000
          0x0040326a
          0x00403253
          0x00403255
          0x00000000
          0x00000000
          0x00000000
          0x00403255
          0x0040347c
          0x0040347f
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x00403485
          0x00403485
          0x0040348a
          0x0040348f
          0x00403491
          0x00000000
          0x00000000
          0x0040349a
          0x0040349d
          0x004034b3
          0x004034b7
          0x004034bb
          0x004034ca
          0x004034cd
          0x004034d0
          0x004034d3
          0x004034d6
          0x004034d9
          0x004034dc
          0x004034df
          0x004034e2
          0x004034e6
          0x004034e8
          0x004034ea
          0x004034ed
          0x00000000
          0x00000000
          0x004034f3
          0x004034f6
          0x004034f8
          0x00403506
          0x00403508
          0x0040350a
          0x0040350d
          0x00000000
          0x00000000
          0x00403513
          0x0040351f
          0x00403521
          0x00403523
          0x00403526
          0x00000000
          0x00000000
          0x0040352f
          0x00403532
          0x00403538
          0x00403544
          0x00403546
          0x00403548
          0x0040354b
          0x00000000
          0x00000000
          0x00403551
          0x00403558
          0x0040355d
          0x0040355f
          0x00000000
          0x00000000
          0x00403565
          0x00403568
          0x0040356a
          0x0040356d
          0x00403570
          0x00403572
          0x00403573
          0x00403575
          0x00403578
          0x0040357b
          0x00403585
          0x0040358e
          0x0040358e
          0x00403590
          0x0040357d
          0x0040357d
          0x0040357d
          0x0040357b
          0x00403593
          0x00403595
          0x00403598
          0x00403832
          0x00000000
          0x0040359e
          0x004035a1
          0x004035a7
          0x004035a7
          0x004035ab
          0x004035b3
          0x004035b6
          0x004035ba
          0x004035bd
          0x004035c1
          0x004035ca
          0x004035ca
          0x004035ca
          0x004035ce
          0x004035ce
          0x004035d1
          0x004035d7
          0x004035da
          0x004035e1
          0x004035e5
          0x004035e8
          0x004035ea
          0x00403648
          0x00403648
          0x0040364c
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x0040364e
          0x0040364e
          0x0040364e
          0x00403651
          0x00403654
          0x00000000
          0x00000000
          0x0040365d
          0x00403660
          0x00403664
          0x0040366b
          0x00403680
          0x00403680
          0x00403683
          0x00403685
          0x00403688
          0x00000000
          0x00000000
          0x0040368a
          0x0040368f
          0x00403694
          0x00403696
          0x00403699
          0x0040369c
          0x00000000
          0x00000000
          0x004036a2
          0x004036ac
          0x004036ac
          0x00000000
          0x004036ac
          0x004036a4
          0x004036a6
          0x00000000
          0x00000000
          0x00000000
          0x004036a6
          0x00403673
          0x00403678
          0x0040367a
          0x00000000
          0x00000000
          0x00000000
          0x0040367a
          0x00000000
          0x004035ec
          0x004035f6
          0x004035fd
          0x00403600
          0x00403602
          0x00000000
          0x00000000
          0x00403604
          0x00403607
          0x00403609
          0x00403633
          0x00403633
          0x00403633
          0x0040360b
          0x00403616
          0x0040361e
          0x00403621
          0x00403623
          0x00403628
          0x00403628
          0x00403628
          0x00403628
          0x0040362b
          0x0040362b
          0x00403636
          0x0040363a
          0x004036b1
          0x004036b7
          0x004036ba
          0x004036bd
          0x004036bf
          0x004036dd
          0x004036dd
          0x004036dd
          0x004036dd
          0x004036e0
          0x004037b2
          0x004037b7
          0x004037b9
          0x00000000
          0x00000000
          0x004037bf
          0x004037c5
          0x004037c8
          0x004037cb
          0x00000000
          0x00000000
          0x004037d1
          0x004037dc
          0x004037dc
          0x004037e0
          0x004037f0
          0x004037f6
          0x004037fc
          0x00403802
          0x00403802
          0x00403802
          0x00000000
          0x00403802
          0x004037e2
          0x004037e6
          0x00000000
          0x00000000
          0x004037e8
          0x004037eb
          0x004037ee
          0x00000000
          0x00000000
          0x00000000
          0x004037ee
          0x004037d3
          0x004037d6
          0x00000000
          0x00000000
          0x00000000
          0x004037d6
          0x004036e6
          0x004036f3
          0x004036f9
          0x004036fc
          0x004036ff
          0x00403702
          0x00403705
          0x00403707
          0x0040370e
          0x00403710
          0x00403713
          0x00403716
          0x00000000
          0x00000000
          0x0040371c
          0x0040371f
          0x00403729
          0x00403729
          0x0040372b
          0x0040372e
          0x00403731
          0x00403734
          0x00403737
          0x00000000
          0x00000000
          0x0040373d
          0x00403747
          0x00403747
          0x0040374b
          0x0040377d
          0x0040377d
          0x00403781
          0x0040378f
          0x00403795
          0x00403795
          0x00403795
          0x0040379b
          0x0040379e
          0x004037a1
          0x004037a1
          0x004037a1
          0x004037a4
          0x004037a4
          0x004037a7
          0x00000000
          0x004037a7
          0x00403783
          0x00403786
          0x00403788
          0x00000000
          0x00000000
          0x0040378a
          0x0040378d
          0x00000000
          0x00000000
          0x00000000
          0x0040378d
          0x0040374d
          0x00403750
          0x00403752
          0x00000000
          0x00000000
          0x0040375e
          0x00403765
          0x00403768
          0x0040376a
          0x00000000
          0x00000000
          0x00403778
          0x00000000
          0x00403778
          0x0040373f
          0x00403741
          0x00000000
          0x00000000
          0x00000000
          0x00403741
          0x00403721
          0x00403723
          0x00000000
          0x00000000
          0x00000000
          0x00403723
          0x004036cb
          0x004036d2
          0x004036d5
          0x004036d7
          0x00000000
          0x00000000
          0x00000000
          0x0040363c
          0x0040363f
          0x00000000
          0x0040363f
          0x0040363a
          0x00403805
          0x00403805
          0x00403808
          0x00403809
          0x00403809
          0x00403812
          0x00403816
          0x0040381e
          0x00403821
          0x00403824
          0x0040382d
          0x0040382d
          0x00403835
          0x00403835
          0x0040383b
          0x0040383f
          0x00403842
          0x00403846
          0x00000000
          0x00000000
          0x00403848
          0x0040384b
          0x0040384e
          0x0040384e
          0x00403851
          0x00403854
          0x00000000
          0x00000000
          0x00403856
          0x0040385a
          0x00000000
          0x00000000
          0x00403862
          0x00403867
          0x00403869
          0x00000000
          0x00000000
          0x0040386b
          0x0040386e
          0x00000000
          0x00000000
          0x00403873
          0x00403876
          0x00403877
          0x00403877
          0x0040387c
          0x00403880
          0x00000000
          0x00000000
          0x00403882
          0x00403886
          0x00000000
          0x00000000
          0x00000000
          0x00403886
          0x00403598
          0x0040353a
          0x00000000
          0x0040353a
          0x004034fa
          0x00000000
          0x004034fa
          0x004034a1
          0x004034a6
          0x004034a8
          0x00000000
          0x00000000
          0x004034ae
          0x00403485
          0x00000000
          0x00403217
          0x0040317a
          0x0040317e
          0x00000000
          0x00000000
          0x00403186
          0x0040319c
          0x004031a1
          0x004031a3
          0x00000000
          0x00000000
          0x004031af
          0x004031b4
          0x004031b9
          0x004031be
          0x004031c0
          0x00000000
          0x00000000
          0x00000000
          0x004031c0
          0x0040310c
          0x0040310f
          0x00000000
          0x00000000
          0x00403117
          0x00403141
          0x0040314a
          0x00403152
          0x00403157
          0x0040315a
          0x0040315c
          0x00000000
          0x00000000
          0x00403167
          0x0040316c
          0x0040316e
          0x00000000
          0x00000000
          0x00000000
          0x004030c9
          0x004030c9
          0x004030ce
          0x004030d5
          0x00000000
          0x00000000
          0x004030e1
          0x004030f9
          0x004030fe
          0x00403100
          0x00000000
          0x00000000
          0x00000000
          0x00403100
          0x004030e5
          0x004030ec
          0x00000000
          0x004030f2
          0x00000000
          0x004030f2
          0x004030ec
          0x00000000
          0x004030c9

          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID: memcpy
          • String ID: P0@
          • API String ID: 3510742995-4081754932
          • Opcode ID: 1582e1f818ffe33f28a6339c45a1cf0e6b576f961fd25741d92e30ef07b5c510
          • Instruction ID: e276acef549beb584bc99bfb80054d3237023eb48a85920523d3691ba1f5140d
          • Opcode Fuzzy Hash: 1582e1f818ffe33f28a6339c45a1cf0e6b576f961fd25741d92e30ef07b5c510
          • Instruction Fuzzy Hash: 9F525D75A0020A9FCF25DF94C480AAEBBFABF45305F14847FE842A7391D778AA45CB54
          Uniqueness

          Uniqueness Score: -1.00%

          C-Code - Quality: 100%
          			E004073E3(signed char* __ecx, signed char* __edx, signed char* _a4) {
          				signed int _v8;
          				signed char* _v12;
          				intOrPtr _v16;
          				signed int _v20;
          				signed int _v24;
          				signed int _v28;
          				signed int _v32;
          				signed char* _t246;
          				signed int _t252;
          				signed int _t253;
          				signed int _t254;
          				unsigned int _t257;
          				signed char* _t258;
          				signed int _t259;
          				unsigned int _t266;
          				signed char* _t267;
          				signed int _t269;
          				signed int _t272;
          				signed int _t280;
          				signed char* _t282;
          				signed char* _t284;
          				signed char* _t291;
          				signed char* _t293;
          				signed char* _t295;
          				void* _t300;
          				signed int _t304;
          				signed char* _t305;
          				intOrPtr _t307;
          				void* _t308;
          				signed int _t318;
          				signed int _t319;
          				unsigned int _t323;
          				signed int _t326;
          				signed int _t329;
          				signed int _t332;
          				signed int _t333;
          				signed short* _t334;
          				signed short* _t335;
          				void* _t338;
          				signed char _t341;
          				void* _t342;
          				signed int _t344;
          				signed char _t360;
          				signed char _t367;
          				signed int _t368;
          				signed int _t369;
          				unsigned int _t374;
          				signed char* _t376;
          				void* _t378;
          				void* _t379;
          				signed char* _t380;
          				signed int _t384;
          				intOrPtr _t390;
          				signed char* _t404;
          				signed char* _t410;
          				signed char* _t412;
          				signed int _t415;
          				signed char _t420;
          				signed int _t421;
          				signed int _t427;
          				signed int _t432;
          				signed int _t435;
          				unsigned int _t438;
          				void* _t439;
          				void* _t440;
          				void* _t441;
          				void* _t443;
          				void* _t444;
          				signed int _t445;
          				signed int _t449;
          				signed char _t463;
          				signed int _t464;
          				signed int _t468;
          				signed int _t469;
          				signed int _t470;
          				signed int _t471;
          				signed int _t472;
          				signed int _t473;
          				signed int _t474;
          				unsigned int _t475;
          				unsigned int _t476;
          
          				_t246 = __ecx;
          				_v12 = __edx;
          				_v8 =  *((intOrPtr*)(__ecx + 0x24));
          				_a4 =  &(__edx[_a4]);
          				_t384 = 1;
          				_t432 =  *(__ecx + 0x40);
          				_t307 =  *((intOrPtr*)(__ecx + 0xc));
          				_t468 =  *(__ecx + 0x20);
          				_v16 = _t307;
          				_t318 = (_t384 <<  *(__ecx + 2)) + 0x0fffffff << 0x00000004 &  *(__ecx + 0x28) << 0x00000004;
          				_v24 = _t318;
          				_t319 = _t318 + _t432;
          				_v32 = _t319;
          				_t308 = 0x1000000;
          				_v20 =  *(_t307 + _t319 * 2 - 0x200) & 0x0000ffff;
          				if(_t468 >= 0x1000000) {
          					L3:
          					_t323 = (_t468 >> 0xb) * _v20;
          					if(_v8 >= _t323) {
          						_v8 = _v8 - _t323;
          						_t390 = _v16;
          						_t469 = _t468 - _t323;
          						if(_t469 >= _t308) {
          							L34:
          							_t326 = (_t469 >> 0xb) * ( *(_t390 + 0x20 + _t432 * 2) & 0x0000ffff);
          							if(_v8 >= _t326) {
          								_v8 = _v8 - _t326;
          								_t470 = _t469 - _t326;
          								_v28 = 3;
          								if(_t470 >= _t308) {
          									L39:
          									_t329 = (_t470 >> 0xb) * ( *(_t390 + 0x38 + _t432 * 2) & 0x0000ffff);
          									if(_v8 >= _t329) {
          										_v8 = _v8 - _t329;
          										_t471 = _t470 - _t329;
          										if(_t471 >= _t308) {
          											L50:
          											_t332 = (_t471 >> 0xb) * ( *(_t390 + 0x50 + _t432 * 2) & 0x0000ffff);
          											if(_v8 >= _t332) {
          												_v8 = _v8 - _t332;
          												_t472 = _t471 - _t332;
          												_t333 =  *(_t390 + 0x68 + _t432 * 2) & 0x0000ffff;
          												if(_t472 >= _t308) {
          													L55:
          													_t252 = (_t472 >> 0xb) * _t333;
          													if(_v8 >= _t252) {
          														L57:
          														_t473 = _t472 - _t252;
          														_v8 = _v8 - _t252;
          														L58:
          														_v32 = 0xc;
          														_t334 = _t390 - 0xa00;
          														L59:
          														_t253 =  *_t334 & 0x0000ffff;
          														if(_t473 >= _t308) {
          															L62:
          															_t435 = (_t473 >> 0xb) * _t253;
          															if(_v8 >= _t435) {
          																_v8 = _v8 - _t435;
          																_t474 = _t473 - _t435;
          																_t254 = _t334[8] & 0x0000ffff;
          																if(_t474 >= _t308) {
          																	L67:
          																	_t438 = (_t474 >> 0xb) * _t254;
          																	if(_v8 >= _t438) {
          																		_v8 = _v8 - _t438;
          																		_t475 = _t474 - _t438;
          																		_t335 =  &(_t334[0x100]);
          																		_v24 = 0x10;
          																		_v20 = 0x100;
          																	} else {
          																		_t475 = _t438;
          																		_t335 = _t334 + 0x10 + _v24 * 2;
          																		_t280 = 8;
          																		_v24 = _t280;
          																		_v20 = _t280;
          																	}
          																	L70:
          																	_t439 = 1;
          																	do {
          																		_t440 = _t439 + _t439;
          																		if(_t475 >= _t308) {
          																			goto L74;
          																		}
          																		_t258 = _v12;
          																		if(_t258 >= _a4) {
          																			L108:
          																			_t259 = 0;
          																			L110:
          																			return _t259;
          																		}
          																		_t475 = _t475 << 8;
          																		_v12 =  &(_v12[1]);
          																		_v8 = _v8 << 0x00000008 |  *_t258 & 0x000000ff;
          																		L74:
          																		_t257 = (_t475 >> 0xb) * ( *(_t440 + _t335) & 0x0000ffff);
          																		if(_v8 >= _t257) {
          																			_v8 = _v8 - _t257;
          																			_t475 = _t475 - _t257;
          																			_t439 = _t440 + 1;
          																		} else {
          																			_t475 = _t257;
          																		}
          																	} while (_t439 < _v20);
          																	_t441 = _t439 + _v24 - _v20;
          																	if(_v32 >= 4) {
          																		L106:
          																		if(_t475 >= _t308 || _v12 < _a4) {
          																			_t259 = _v28;
          																			goto L110;
          																		} else {
          																			goto L108;
          																		}
          																	}
          																	if(_t441 >= 3) {
          																		_t441 = 3;
          																	}
          																	_t198 = _t441 + 1; // 0x4
          																	_t338 = (_t198 << 7) + _v16;
          																	_t443 = 1;
          																	do {
          																		_t444 = _t443 + _t443;
          																		if(_t475 >= _t308) {
          																			goto L85;
          																		}
          																		_t267 = _v12;
          																		if(_t267 >= _a4) {
          																			goto L108;
          																		}
          																		_t475 = _t475 << 8;
          																		_v12 =  &(_v12[1]);
          																		_v8 = _v8 << 0x00000008 |  *_t267 & 0x000000ff;
          																		L85:
          																		_t266 = (_t475 >> 0xb) * ( *(_t444 + _t338) & 0x0000ffff);
          																		if(_v8 >= _t266) {
          																			_v8 = _v8 - _t266;
          																			_t475 = _t475 - _t266;
          																			_t443 = _t444 + 1;
          																		} else {
          																			_t475 = _t266;
          																		}
          																	} while (_t443 < 0x40);
          																	_t445 = _t443 - 0x40;
          																	_t269 = 4;
          																	if(_t445 < _t269) {
          																		goto L106;
          																	}
          																	_t341 = (_t445 >> 1) - 1;
          																	_v24 = _t341;
          																	if(_t445 >= 0xe) {
          																		_t342 = _t341 - _t269;
          																		do {
          																			if(_t475 >= _t308) {
          																				goto L96;
          																			}
          																			_t404 = _v12;
          																			if(_t404 >= _a4) {
          																				goto L108;
          																			}
          																			_t475 = _t475 << 8;
          																			_v12 =  &(_v12[1]);
          																			_v8 = _v8 << 0x00000008 |  *_t404 & 0x000000ff;
          																			L96:
          																			_t475 = _t475 >> 1;
          																			_v8 = _v8 - ((_v8 - _t475 >> 0x0000001f) - 0x00000001 & _t475);
          																			_t342 = _t342 - 1;
          																		} while (_t342 != 0);
          																		_v24 = _t269;
          																		L98:
          																		_t344 = 1;
          																		_t449 = _t344;
          																		do {
          																			if(_t475 >= _t308) {
          																				goto L102;
          																			}
          																			if(_v12 >= _a4) {
          																				goto L108;
          																			}
          																			_t475 = _t475 << 8;
          																			_v12 =  &(_v12[1]);
          																			_v8 = _v8 << 0x00000008 |  *_v12 & 0x000000ff;
          																			L102:
          																			_t272 = (_t475 >> 0xb) * ( *(_v16 + _t449 * 2) & 0x0000ffff);
          																			if(_v8 >= _t272) {
          																				_v8 = _v8 - _t272;
          																				_t344 = _t344 + _t344;
          																				_t475 = _t475 - _t272;
          																				_t449 = _t449 + _t344;
          																			} else {
          																				_t449 = _t449 + _t344;
          																				_t475 = _t272;
          																				_t344 = _t344 + _t344;
          																			}
          																			_t241 =  &_v24;
          																			 *_t241 = _v24 - 1;
          																		} while ( *_t241 != 0);
          																		goto L106;
          																	}
          																	_v16 = _v16 + ((_t445 & 0x00000001 | 0x00000002) << _t341) * 2 - 0xd00;
          																	goto L98;
          																}
          																_t410 = _v12;
          																if(_t410 >= _a4) {
          																	goto L108;
          																}
          																_t474 = _t474 << 8;
          																_v12 =  &(_v12[1]);
          																_v8 = _v8 << 0x00000008 |  *_t410 & 0x000000ff;
          																goto L67;
          															}
          															_v24 = _v24 & 0x00000000;
          															_t475 = _t435;
          															_v20 = 8;
          															_t335 =  &(_t334[_v24]);
          															goto L70;
          														}
          														_t412 = _v12;
          														if(_t412 >= _a4) {
          															goto L108;
          														}
          														_t473 = _t473 << 8;
          														_v12 =  &(_v12[1]);
          														_v8 = _v8 << 0x00000008 |  *_t412 & 0x000000ff;
          														goto L62;
          													}
          													_t473 = _t252;
          													goto L58;
          												}
          												_t282 = _v12;
          												if(_t282 >= _a4) {
          													goto L108;
          												}
          												_t472 = _t472 << 8;
          												_v12 =  &(_v12[1]);
          												_v8 = _v8 << 0x00000008 |  *_t282 & 0x000000ff;
          												goto L55;
          											}
          											_t473 = _t332;
          											goto L58;
          										}
          										_t284 = _v12;
          										if(_t284 >= _a4) {
          											goto L108;
          										}
          										_t471 = _t471 << 8;
          										_v12 =  &(_v12[1]);
          										_v8 = _v8 << 0x00000008 |  *_t284 & 0x000000ff;
          										goto L50;
          									}
          									_t472 = _t329;
          									_v20 =  *(_t390 + _v32 * 2 - 0xc00) & 0x0000ffff;
          									if(_t329 >= _t308) {
          										L43:
          										_t252 = (_t472 >> 0xb) * _v20;
          										if(_v8 >= _t252) {
          											goto L57;
          										}
          										if(_t252 >= _t308 || _v12 < _a4) {
          											_t259 = 3;
          											goto L110;
          										} else {
          											goto L108;
          										}
          									}
          									_t291 = _v12;
          									if(_t291 >= _a4) {
          										goto L108;
          									}
          									_t472 = _t329 << 8;
          									_v8 = _v8 << 0x00000008 |  *_t291 & 0x000000ff;
          									_v12 =  &(_t291[1]);
          									goto L43;
          								}
          								_t293 = _v12;
          								if(_t293 >= _a4) {
          									goto L108;
          								}
          								_t470 = _t470 << 8;
          								_v12 =  &(_v12[1]);
          								_v8 = _v8 << 0x00000008 |  *_t293 & 0x000000ff;
          								goto L39;
          							}
          							_v32 = _v32 & 0x00000000;
          							_t473 = _t326;
          							_t334 = _t390 - 0x600;
          							_v28 = 2;
          							goto L59;
          						}
          						_t295 = _v12;
          						if(_t295 >= _a4) {
          							goto L108;
          						}
          						_t469 = _t469 << 8;
          						_v12 =  &(_v12[1]);
          						_v8 = _v8 << 0x00000008 |  *_t295 & 0x000000ff;
          						goto L34;
          					}
          					_t476 = _t323;
          					_v16 = _v16 + 0x280;
          					if(_t246[0x2c] != 0 || _t246[0x28] != 0) {
          						_t360 = _t246[0x18];
          						if(_t360 == 0) {
          							_t360 = _t246[0x14];
          						}
          						_t415 = 1;
          						_t308 = 0x1000000;
          						_v16 = _v16 + ((( *(_t246[0x10] + _t360 - 1) & 0x000000ff) >> 8 - ( *_t246 & 0x000000ff)) + (((_t415 << _t246[1]) - 0x00000001 & _t246[0x28]) << ( *_t246 & 0x000000ff)) + ((( *(_t246[0x10] + _t360 - 1) & 0x000000ff) >> 8 - ( *_t246 & 0x000000ff)) + (((_t415 << _t246[1]) - 0x00000001 & _t246[0x28]) << ( *_t246 & 0x000000ff))) * 2 << 9);
          					}
          					if(_t432 >= 7) {
          						_t420 = _t246[0x18];
          						_t463 = _t246[0x30];
          						if(_t420 >= _t463) {
          							_t367 = 0;
          						} else {
          							_t367 = _t246[0x14];
          						}
          						_t464 =  *(_t246[0x10] - _t463 + _t420 + _t367) & 0x000000ff;
          						_t368 = 0x100;
          						_t300 = 1;
          						do {
          							_t421 = _t368;
          							_t464 = _t464 + _t464;
          							_v32 = _t421;
          							_t369 = _t368 & _t464;
          							_v28 = _t369;
          							_v20 =  *(_v16 + (_t421 + _t300 + _t369) * 2) & 0x0000ffff;
          							if(_t476 >= _t308) {
          								goto L26;
          							}
          							_t376 = _v12;
          							if(_t376 >= _a4) {
          								goto L108;
          							}
          							_t476 = _t476 << 8;
          							_v12 =  &(_v12[1]);
          							_v8 = _v8 << 0x00000008 |  *_t376 & 0x000000ff;
          							L26:
          							_t374 = (_t476 >> 0xb) * _v20;
          							if(_v8 >= _t374) {
          								_t476 = _t476 - _t374;
          								_v8 = _v8 - _t374;
          								_t368 = _v28;
          								_t300 = _t300 + _t300 + 1;
          							} else {
          								_t476 = _t374;
          								_t300 = _t300 + _t300;
          								_t368 = _v28 ^ _v32;
          							}
          						} while (_t300 < 0x100);
          						goto L30;
          					} else {
          						_t378 = 1;
          						while(1) {
          							_t379 = _t378 + _t378;
          							_t427 =  *(_t379 + _v16) & 0x0000ffff;
          							if(_t476 >= _t308) {
          								goto L14;
          							}
          							_t305 = _v12;
          							if(_t305 >= _a4) {
          								goto L108;
          							}
          							_t476 = _t476 << 8;
          							_v12 =  &(_v12[1]);
          							_v8 = _v8 << 0x00000008 |  *_t305 & 0x000000ff;
          							L14:
          							_t304 = (_t476 >> 0xb) * _t427;
          							if(_v8 >= _t304) {
          								_v8 = _v8 - _t304;
          								_t475 = _t476 - _t304;
          								_t378 = _t379 + 1;
          							} else {
          								_t475 = _t304;
          							}
          							if(_t378 >= 0x100) {
          								L30:
          								_v28 = 1;
          								goto L106;
          							} else {
          								continue;
          							}
          						}
          					}
          				}
          				_t380 = _v12;
          				if(_t380 >= _a4) {
          					goto L108;
          				}
          				_t468 = _t468 << 8;
          				_v12 =  &(_v12[1]);
          				_v8 = _v8 << 0x00000008 |  *_t380 & 0x000000ff;
          				goto L3;
          			}




















































































          0x004073e9
          0x004073ed
          0x004073f4
          0x00407401
          0x00407404
          0x00407405
          0x0040740a
          0x0040740d
          0x00407410
          0x00407424
          0x00407426
          0x00407429
          0x0040742b
          0x00407436
          0x0040743b
          0x00407440
          0x00407462
          0x00407467
          0x0040746e
          0x004075bf
          0x004075c2
          0x004075c5
          0x004075c9
          0x004075eb
          0x004075f5
          0x004075fb
          0x00407615
          0x00407618
          0x0040761c
          0x00407623
          0x00407645
          0x0040764f
          0x00407655
          0x004076b8
          0x004076bb
          0x004076bf
          0x004076e1
          0x004076eb
          0x004076f1
          0x004076f7
          0x004076fa
          0x004076fc
          0x00407703
          0x00407725
          0x0040772a
          0x00407730
          0x00407736
          0x00407736
          0x00407738
          0x0040773b
          0x0040773b
          0x00407742
          0x00407748
          0x00407748
          0x0040774d
          0x0040776f
          0x00407774
          0x0040777a
          0x00407791
          0x00407794
          0x00407796
          0x0040779c
          0x004077be
          0x004077c3
          0x004077c9
          0x004077df
          0x004077e2
          0x004077e4
          0x004077ea
          0x004077f1
          0x004077cb
          0x004077d0
          0x004077d2
          0x004077d6
          0x004077d7
          0x004077da
          0x004077da
          0x004077f8
          0x004077fa
          0x004077fb
          0x004077fb
          0x004077ff
          0x00000000
          0x00000000
          0x00407801
          0x00407807
          0x0040797f
          0x0040797f
          0x00407986
          0x0040798a
          0x0040798a
          0x00407818
          0x0040781b
          0x0040781e
          0x00407821
          0x0040782a
          0x00407830
          0x00407836
          0x00407839
          0x0040783b
          0x00407832
          0x00407832
          0x00407832
          0x0040783c
          0x00407847
          0x0040784d
          0x00407973
          0x00407975
          0x00407983
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x00407975
          0x00407856
          0x0040785a
          0x0040785a
          0x0040785b
          0x00407863
          0x00407866
          0x00407867
          0x00407867
          0x0040786b
          0x00000000
          0x00000000
          0x0040786d
          0x00407873
          0x00000000
          0x00000000
          0x00407884
          0x00407887
          0x0040788a
          0x0040788d
          0x00407896
          0x0040789c
          0x004078a2
          0x004078a5
          0x004078a7
          0x0040789e
          0x0040789e
          0x0040789e
          0x004078a8
          0x004078af
          0x004078b2
          0x004078b5
          0x00000000
          0x00000000
          0x004078bf
          0x004078c3
          0x004078c6
          0x004078df
          0x004078e1
          0x004078e3
          0x00000000
          0x00000000
          0x004078e5
          0x004078eb
          0x00000000
          0x00000000
          0x004078fc
          0x004078ff
          0x00407902
          0x00407905
          0x00407908
          0x00407912
          0x00407915
          0x00407915
          0x0040791b
          0x00407921
          0x00407923
          0x00407924
          0x00407926
          0x00407928
          0x00000000
          0x00000000
          0x00407930
          0x00000000
          0x00000000
          0x00407940
          0x00407943
          0x00407946
          0x00407949
          0x00407955
          0x0040795b
          0x00407965
          0x00407968
          0x0040796a
          0x0040796c
          0x0040795d
          0x0040795d
          0x0040795f
          0x00407961
          0x00407961
          0x0040796e
          0x0040796e
          0x0040796e
          0x00000000
          0x00407926
          0x004078da
          0x00000000
          0x004078da
          0x0040779e
          0x004077a4
          0x00000000
          0x00000000
          0x004077b5
          0x004077b8
          0x004077bb
          0x00000000
          0x004077bb
          0x0040777f
          0x00407783
          0x00407785
          0x0040778c
          0x00000000
          0x0040778c
          0x0040774f
          0x00407755
          0x00000000
          0x00000000
          0x00407766
          0x00407769
          0x0040776c
          0x00000000
          0x0040776c
          0x00407732
          0x00000000
          0x00407732
          0x00407705
          0x0040770b
          0x00000000
          0x00000000
          0x0040771c
          0x0040771f
          0x00407722
          0x00000000
          0x00407722
          0x004076f3
          0x00000000
          0x004076f3
          0x004076c1
          0x004076c7
          0x00000000
          0x00000000
          0x004076d8
          0x004076db
          0x004076de
          0x00000000
          0x004076de
          0x0040765c
          0x00407666
          0x00407669
          0x0040768e
          0x00407693
          0x0040769a
          0x00000000
          0x00000000
          0x004076a2
          0x004076b2
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x004076a2
          0x0040766b
          0x00407671
          0x00000000
          0x00000000
          0x0040767d
          0x00407688
          0x0040768b
          0x00000000
          0x0040768b
          0x00407625
          0x0040762b
          0x00000000
          0x00000000
          0x0040763c
          0x0040763f
          0x00407642
          0x00000000
          0x00407642
          0x004075fd
          0x00407601
          0x00407603
          0x00407609
          0x00000000
          0x00407609
          0x004075cb
          0x004075d1
          0x00000000
          0x00000000
          0x004075e2
          0x004075e5
          0x004075e8
          0x00000000
          0x004075e8
          0x00407474
          0x00407483
          0x00407486
          0x0040748e
          0x00407493
          0x00407495
          0x00407495
          0x004074a9
          0x004074bf
          0x004074c7
          0x004074c7
          0x004074cd
          0x00407524
          0x00407527
          0x0040752c
          0x00407533
          0x0040752e
          0x0040752e
          0x0040752e
          0x0040753e
          0x00407542
          0x00407547
          0x00407548
          0x00407548
          0x0040754a
          0x0040754c
          0x0040754f
          0x00407553
          0x00407561
          0x00407564
          0x00000000
          0x00000000
          0x00407566
          0x0040756c
          0x00000000
          0x00000000
          0x0040757d
          0x00407580
          0x00407583
          0x00407586
          0x0040758b
          0x00407592
          0x004075a0
          0x004075a2
          0x004075a5
          0x004075a8
          0x00407594
          0x00407594
          0x00407599
          0x0040759b
          0x0040759b
          0x004075ac
          0x00000000
          0x004074cf
          0x004074d1
          0x004074d2
          0x004074d5
          0x004074d9
          0x004074dd
          0x00000000
          0x00000000
          0x004074df
          0x004074e5
          0x00000000
          0x00000000
          0x004074f6
          0x004074f9
          0x004074fc
          0x004074ff
          0x00407504
          0x0040750a
          0x00407510
          0x00407513
          0x00407515
          0x0040750c
          0x0040750c
          0x0040750c
          0x0040751c
          0x004075b3
          0x004075b3
          0x00000000
          0x00407522
          0x00000000
          0x00407522
          0x0040751c
          0x004074d2
          0x004074cd
          0x00407442
          0x00407448
          0x00000000
          0x00000000
          0x00407459
          0x0040745c
          0x0040745f
          0x00000000

          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 82bcd1828e4aa52ae07cc7e0b97cc4409c5b6e27b8cec29c6ff189f5f82cf45a
          • Instruction ID: 6e66ecdfac77f70108769b89433cb7c1ab9e9ad5785e3cd63a79859edd0bf48f
          • Opcode Fuzzy Hash: 82bcd1828e4aa52ae07cc7e0b97cc4409c5b6e27b8cec29c6ff189f5f82cf45a
          • Instruction Fuzzy Hash: CE127171D04129DBDB08CF68C5945BCBBB2EF85341F2585BAD852BB290D238AE81DF85
          Uniqueness

          Uniqueness Score: -1.00%

          C-Code - Quality: 95%
          			E004050D9(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
          				intOrPtr _v8;
          				intOrPtr _v12;
          				intOrPtr _v16;
          				void* _t39;
          				void* _t41;
          				signed int _t47;
          				unsigned int _t48;
          				signed int _t52;
          				signed char _t58;
          				signed int _t61;
          				intOrPtr _t69;
          				signed char _t74;
          				intOrPtr _t82;
          				unsigned int _t92;
          				signed int _t94;
          				signed int* _t99;
          
          				_v8 = __edx;
          				_t82 = __ecx;
          				_t37 = 0;
          				_v16 = __ecx;
          				_t92 =  *_a8 & 0x00000007;
          				if(_v8 < 5) {
          					return 0;
          				}
          				_v8 = _v8 - 4;
          				_a4 = _a4 + 5;
          				while(1) {
          					_t99 = _t37 + _t82;
          					_t41 = _t82 + _v8;
          					L3:
          					while(_t99 < _t41 && ( *_t99 & 0x000000fe) != 0xe8) {
          						_t99 =  &(_t99[0]);
          					}
          					_t58 = _t99 - _t37 - _t82;
          					_t39 = _t99 - _t82;
          					if(_t99 >= _t41) {
          						_push(2);
          						asm("sbb ecx, ecx");
          						 *_a8 =  !_t58 & _t92 >> _t58;
          						return _t39;
          					}
          					if(_t58 <= 2) {
          						_t94 = _t92 >> _t58;
          						if(_t94 == 0 || _t94 <= 4 && _t94 != 3 && (( &(_t99[0]))[_t94 >> 1] + 0x00000001 & 0x000000fe) != 0) {
          							L13:
          							_t61 = _t99[1] & 0x000000ff;
          							if((_t61 + 0x00000001 & 0x000000fe) != 0) {
          								goto L24;
          							}
          							_t47 = ((_t61 << 0x00000008 | _t99[0] & 0x000000ff) << 0x00000008 | _t99[0] & 0x000000ff) << 0x00000008 | _t99[0] & 0x000000ff;
          							_t69 = _a4 + _t39;
          							_t37 = _t39 + 5;
          							_v12 = _t69;
          							if(_a12 == 0) {
          								_t48 = _t47 - _t69;
          							} else {
          								_t48 = _t47 + _t69;
          							}
          							if(_t94 != 0) {
          								_t74 = (_t94 & 0x00000006) << 2;
          								if(((_t48 >> _t74) + 0x00000001 & 0x000000fe) == 0) {
          									_t52 = _t48 ^ (0x00000100 << _t74) - 0x00000001;
          									if(_a12 == 0) {
          										_t48 = _t52 - _v12;
          									} else {
          										_t48 = _t52 + _v12;
          									}
          								}
          								_t82 = _v16;
          								_t92 = 0;
          							}
          							_t99[0] = _t48;
          							_t99[0] = _t48 >> 8;
          							_t99[0] = _t48 >> 0x10;
          							_t99[1] =  ~(_t48 >> 0x00000018 & 0x00000001);
          							continue;
          						} else {
          							L24:
          							_t92 = (_t94 | 0x00000008) >> 1;
          							_t37 = _t39 + 1;
          							while(1) {
          								_t99 = _t37 + _t82;
          								_t41 = _t82 + _v8;
          								goto L3;
          							}
          						}
          					}
          					_t94 = 0;
          					goto L13;
          				}
          			}



















          0x004050df
          0x004050e3
          0x004050e5
          0x004050ea
          0x004050ef
          0x004050f6
          0x00405220
          0x00405220
          0x004050fc
          0x00405100
          0x00405106
          0x00405109
          0x0040510c
          0x00000000
          0x0040510f
          0x0040511d
          0x0040511d
          0x00405126
          0x00405128
          0x0040512c
          0x0040520a
          0x00405215
          0x0040521c
          0x00000000
          0x0040521c
          0x00405135
          0x0040513b
          0x0040513f
          0x00405165
          0x00405165
          0x0040516f
          0x00000000
          0x00000000
          0x00405190
          0x00405195
          0x00405197
          0x0040519e
          0x004051a1
          0x004051a7
          0x004051a3
          0x004051a3
          0x004051a3
          0x004051ab
          0x004051b5
          0x004051bd
          0x004051c7
          0x004051cd
          0x004051d4
          0x004051cf
          0x004051cf
          0x004051cf
          0x004051cd
          0x004051d7
          0x004051da
          0x004051da
          0x004051de
          0x004051e4
          0x004051f4
          0x004051f7
          0x00000000
          0x004051ff
          0x004051ff
          0x00405202
          0x00405204
          0x00405106
          0x00405109
          0x0040510c
          0x00000000
          0x0040510c
          0x00405106
          0x0040513f
          0x00405137
          0x00000000
          0x00405137

          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1b2474d071b8c487baa771191de10c10b9f1f61a460c87021d64b5ee01c1a485
          • Instruction ID: 9a5abfaf45a1683264c3cce447a12db98a84b69a36ecd7ba6eed036e4f79285a
          • Opcode Fuzzy Hash: 1b2474d071b8c487baa771191de10c10b9f1f61a460c87021d64b5ee01c1a485
          • Instruction Fuzzy Hash: BE411932F04B555BDB288D2C88A43AFB7A2DBC1324B25C37EC4A75B7C1D5785905CB54
          Uniqueness

          Uniqueness Score: -1.00%

          C-Code - Quality: 100%
          			E00403DA8(signed int __ecx, signed char __edx, unsigned int _a4, signed int _a8, void* _a10) {
          				signed char _v8;
          				unsigned int _v12;
          				void* _v14;
          				signed int _v16;
          				signed int _t57;
          				signed int _t59;
          				signed char _t75;
          				signed int _t83;
          
          				_t57 = __ecx;
          				_t75 = __edx;
          				_t83 = _a8;
          				_v8 = __edx;
          				if(_a4 > 0) {
          					while((_t75 & 0x00000007) != 0) {
          						_t57 = _t57 >> 0x00000008 ^  *(_t83 + (_t57 & 0x000000ff ^  *_t75 & 0x000000ff) * 4);
          						_a4 = _a4 - 1;
          						_t75 = _t75 + 1;
          						_v8 = _t75;
          						if(_a4 > 0) {
          							continue;
          						}
          						goto L3;
          					}
          				}
          				L3:
          				if(_a4 >= 8) {
          					_v12 = _a4 >> 3;
          					do {
          						_t59 = _t57 ^  *_t75;
          						_a8 =  *((intOrPtr*)(_t75 + 4));
          						_v16 = _t59;
          						_a4 = _a4 - 8;
          						_t75 = _v8 + 8;
          						_t47 =  &_v12;
          						 *_t47 = _v12 - 1;
          						_t57 =  *(_t83 + 0x1800) ^  *(_t83 + 0x1400) ^  *(_t83 + 0x800) ^  *(_t83 + 0x400) ^  *(_t83 + 0x1000 + (_t59 >> 0x18) * 4) ^  *(_t83 + 0x1c00 + (_t59 & 0x000000ff) * 4) ^  *(_t83 + 0xc00 + (_a8 & 0x000000ff) * 4) ^  *(_t83 + (_a8 >> 0x18) * 4);
          						_v8 = _t75;
          					} while ( *_t47 != 0);
          				}
          				if(_a4 > 0) {
          					do {
          						_t57 = _t57 >> 0x00000008 ^  *(_t83 + (_t57 & 0x000000ff ^  *_t75 & 0x000000ff) * 4);
          						_t75 = _t75 + 1;
          						_t55 =  &_a4;
          						 *_t55 = _a4 - 1;
          					} while ( *_t55 != 0);
          				}
          				return _t57;
          			}











          0x00403db2
          0x00403db5
          0x00403db7
          0x00403dbc
          0x00403dc4
          0x00403dc6
          0x00403dda
          0x00403ddc
          0x00403ddf
          0x00403de4
          0x00403de7
          0x00000000
          0x00000000
          0x00000000
          0x00403de7
          0x00403dc6
          0x00403de9
          0x00403ded
          0x00403df5
          0x00403df8
          0x00403df8
          0x00403dfd
          0x00403e02
          0x00403e09
          0x00403e61
          0x00403e64
          0x00403e64
          0x00403e67
          0x00403e69
          0x00403e69
          0x00403df8
          0x00403e72
          0x00403e7a
          0x00403e89
          0x00403e8b
          0x00403e8c
          0x00403e8c
          0x00403e8c
          0x00403e7a
          0x00403e95

          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e792cfdbfc04ae64f3520fabdc0383bd224db819a4f3945fdcf1cb02b73ab0d0
          • Instruction ID: a61378f5b8b51d7a4c26ad72ec206eafc27dd676f078da78317ab8b590e0e3e0
          • Opcode Fuzzy Hash: e792cfdbfc04ae64f3520fabdc0383bd224db819a4f3945fdcf1cb02b73ab0d0
          • Instruction Fuzzy Hash: CB31A9319001059FCB148F6DC8442DABBB1FF89359F1A807ED944AF351C239A681CBC0
          Uniqueness

          Uniqueness Score: -1.00%

          C-Code - Quality: 96%
          			E00403CF4(signed int __ecx, signed char __edx, unsigned int _a4, unsigned int _a8, void* _a10) {
          				signed char _v8;
          				signed int _t34;
          				unsigned int _t36;
          				signed char _t50;
          				unsigned int _t59;
          				unsigned int _t61;
          
          				_push(__ecx);
          				_t61 = _a4;
          				_t34 = __ecx;
          				_t50 = __edx;
          				_t59 = _a8;
          				_v8 = __edx;
          				if(_t61 > 0) {
          					while((_t50 & 0x00000003) != 0) {
          						_t34 = _t34 >> 0x00000008 ^  *(_t59 + (_t34 & 0x000000ff ^  *_t50 & 0x000000ff) * 4);
          						_t61 = _a4 - 1;
          						_t50 = _t50 + 1;
          						_a4 = _t61;
          						_v8 = _t50;
          						if(_t61 > 0) {
          							continue;
          						}
          						goto L3;
          					}
          				}
          				L3:
          				if(_t61 >= 4) {
          					_a4 = _t61 >> 2;
          					do {
          						_t36 = _t34 ^  *_t50;
          						_t61 = _t61 - 4;
          						_a8 = _t36;
          						_t34 =  *(_t59 + 0x800) ^  *(_t59 + 0x400) ^  *(_t59 + 0xc00 + (_t36 & 0x000000ff) * 4) ^  *(_t59 + (_t36 >> 0x18) * 4);
          						_t50 = _v8 + 4;
          						_t26 =  &_a4;
          						 *_t26 = _a4 - 1;
          						_v8 = _t50;
          					} while ( *_t26 != 0);
          				}
          				if(_t61 > 0) {
          					_a4 = _t61;
          					do {
          						_t34 = _t34 >> 0x00000008 ^  *(_t59 + (_t34 & 0x000000ff ^  *_t50 & 0x000000ff) * 4);
          						_t50 = _t50 + 1;
          						_t32 =  &_a4;
          						 *_t32 = _a4 - 1;
          					} while ( *_t32 != 0);
          				}
          				return _t34;
          			}









          0x00403cf7
          0x00403cfb
          0x00403cfe
          0x00403d05
          0x00403d07
          0x00403d0c
          0x00403d0f
          0x00403d11
          0x00403d25
          0x00403d2a
          0x00403d2b
          0x00403d2e
          0x00403d31
          0x00403d34
          0x00000000
          0x00000000
          0x00000000
          0x00403d34
          0x00403d11
          0x00403d36
          0x00403d39
          0x00403d40
          0x00403d43
          0x00403d43
          0x00403d49
          0x00403d4c
          0x00403d73
          0x00403d78
          0x00403d7b
          0x00403d7b
          0x00403d7e
          0x00403d7e
          0x00403d43
          0x00403d85
          0x00403d87
          0x00403d8a
          0x00403d99
          0x00403d9b
          0x00403d9c
          0x00403d9c
          0x00403d9c
          0x00403d8a
          0x00403da5

          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 552ceefe1e9f3b2ccd3bcf93ed66062ce747227fffe43b7fc68d41b305f1f2b2
          • Instruction ID: c1787e6e70088e1e2e2f6b0cbb357bbac79968a609beb516ba81a07d1d766c3d
          • Opcode Fuzzy Hash: 552ceefe1e9f3b2ccd3bcf93ed66062ce747227fffe43b7fc68d41b305f1f2b2
          • Instruction Fuzzy Hash: 3521F6366041099BCB14CF69C4806AABBA6FFC5365F2A807ED9459F391C638EA41CBC0
          Uniqueness

          Uniqueness Score: -1.00%

          C-Code - Quality: 89%
          			E00405315(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr* _a8, intOrPtr* _a12) {
          				intOrPtr _v8;
          				intOrPtr _v12;
          				intOrPtr _v16;
          				intOrPtr _v20;
          				intOrPtr _v24;
          				intOrPtr* _t18;
          
          				_v8 = __ecx;
          				asm("cpuid");
          				_v12 = _v8;
          				_v16 = 0;
          				_v20 = 0;
          				_v24 = 0;
          				 *__edx = _v12;
          				 *_a4 = _v16;
          				 *_a8 = _v20;
          				_t18 = _a12;
          				 *_t18 = _v24;
          				return _t18;
          			}









          0x0040531f
          0x0040532b
          0x0040532d
          0x00405330
          0x00405333
          0x00405336
          0x0040533f
          0x00405346
          0x0040534e
          0x00405350
          0x00405356
          0x00405359

          Memory Dump Source
          • Source File: 00000000.00000002.423742299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
          • Associated: 00000000.00000002.423738516.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423748206.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423752045.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.423757145.000000000040C000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_400000_usbcg2dkfw1113_2_versionsfx.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c0f89d47508dd6f13bc3e95dd147441eee33b76e695c145c50f6ffaf439ff704
          • Instruction ID: 729e06107659b83452ef7fb9bdf2ece27183d618ee00469755e20c0daaae1821
          • Opcode Fuzzy Hash: c0f89d47508dd6f13bc3e95dd147441eee33b76e695c145c50f6ffaf439ff704
          • Instruction Fuzzy Hash: ECF042B5A04219EF8B09DF99D58089EFBF5FF49310B1180AAE859E7350D770AA00CB65
          Uniqueness

          Uniqueness Score: -1.00%

          Execution Graph

          Execution Coverage

          Dynamic/Packed Code Coverage

          Signature Coverage

          Execution Coverage:5.5%
          Dynamic/Decrypted Code Coverage:100%
          Signature Coverage:0%
          Total number of Nodes:29
          Total number of Limit Nodes:0
          Show Legend
          Hide Nodes/Edges
          execution_graph 18740 29c45e8 18743 29c3d64 18740->18743 18742 29c4612 18744 29c6840 GetConsoleWindow 18743->18744 18746 29c68ab 18744->18746 18746->18742 18712 29cabd0 18713 29cabee 18712->18713 18716 29c8fe0 18713->18716 18715 29cac25 18718 29cc6f0 LoadLibraryA 18716->18718 18719 29cc7e9 18718->18719 18720 5af6fc1 18721 5af6feb 18720->18721 18725 5af7048 18721->18725 18729 5af7058 18721->18729 18722 5af6ff8 18726 5af7058 18725->18726 18733 5af5ee4 18726->18733 18730 5af70a7 18729->18730 18731 5af5ee4 EnumThreadWindows 18730->18731 18732 5af7128 18731->18732 18732->18722 18734 5af7148 EnumThreadWindows 18733->18734 18736 5af7128 18734->18736 18736->18722 18737 5af5220 18738 5af6298 OleInitialize 18737->18738 18739 5af62fc 18738->18739 18747 5af74d0 18748 5af74d8 MessageBoxW 18747->18748 18750 5af7564 18748->18750

          Executed Functions

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1284 29cc6e4-29cc747 1286 29cc749-29cc76e 1284->1286 1287 29cc79b-29cc7e7 LoadLibraryA 1284->1287 1286->1287 1292 29cc770-29cc772 1286->1292 1290 29cc7e9-29cc7ef 1287->1290 1291 29cc7f0-29cc821 1287->1291 1290->1291 1299 29cc831 1291->1299 1300 29cc823-29cc827 1291->1300 1293 29cc774-29cc77e 1292->1293 1294 29cc795-29cc798 1292->1294 1296 29cc780 1293->1296 1297 29cc782-29cc791 1293->1297 1294->1287 1296->1297 1297->1297 1301 29cc793 1297->1301 1303 29cc832 1299->1303 1300->1299 1302 29cc829 1300->1302 1301->1294 1302->1299 1303->1303
          APIs
          Memory Dump Source
          • Source File: 00000007.00000002.420410230.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_7_2_29c0000_FWUpdateTool.jbxd
          Similarity
          • API ID: LibraryLoad
          • String ID:
          • API String ID: 1029625771-0
          • Opcode ID: a7638f44ab9deae8ac65e950c156374dfc4587e1ef5c444b9a314aa7e5d3de79
          • Instruction ID: 759051024a45394bd8a0d4d8246b4d2865de39f94a4150c5b874c0bf3ef6efb6
          • Opcode Fuzzy Hash: a7638f44ab9deae8ac65e950c156374dfc4587e1ef5c444b9a314aa7e5d3de79
          • Instruction Fuzzy Hash: A34147B0D006199FDB20CFA9C88579EBFF5EB48304F24812AE809EB385D7749841CF92
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1264 29c8fe0-29cc747 1266 29cc749-29cc76e 1264->1266 1267 29cc79b-29cc7e7 LoadLibraryA 1264->1267 1266->1267 1272 29cc770-29cc772 1266->1272 1270 29cc7e9-29cc7ef 1267->1270 1271 29cc7f0-29cc821 1267->1271 1270->1271 1279 29cc831 1271->1279 1280 29cc823-29cc827 1271->1280 1273 29cc774-29cc77e 1272->1273 1274 29cc795-29cc798 1272->1274 1276 29cc780 1273->1276 1277 29cc782-29cc791 1273->1277 1274->1267 1276->1277 1277->1277 1281 29cc793 1277->1281 1283 29cc832 1279->1283 1280->1279 1282 29cc829 1280->1282 1281->1274 1282->1279 1283->1283
          APIs
          Memory Dump Source
          • Source File: 00000007.00000002.420410230.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_7_2_29c0000_FWUpdateTool.jbxd
          Similarity
          • API ID: LibraryLoad
          • String ID:
          • API String ID: 1029625771-0
          • Opcode ID: 2f251b53dda15ad37f786f4b6c1127aa4cee9e2e700534dfe268c2a5bdeaed23
          • Instruction ID: c68e8cbe08c3c85a5e008deb04afe73e502f38729697a0009df9deb0d40c85d6
          • Opcode Fuzzy Hash: 2f251b53dda15ad37f786f4b6c1127aa4cee9e2e700534dfe268c2a5bdeaed23
          • Instruction Fuzzy Hash: 324147B0D002199FDB20DFA9C88579EBFF5EB48304F24852AE819EB380D7749841CF92
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1923 5af5ee4-5af718a 1925 5af718c 1923->1925 1926 5af7196-5af71c6 EnumThreadWindows 1923->1926 1929 5af7194 1925->1929 1927 5af71cf-5af71fc 1926->1927 1928 5af71c8-5af71ce 1926->1928 1928->1927 1929->1926
          APIs
          • EnumThreadWindows.USER32(?,00000000,?,?,?,?,00000EA4,?,?,05AF7128,03B74128,?), ref: 05AF71B9
          Memory Dump Source
          • Source File: 00000007.00000002.421211662.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_7_2_5af0000_FWUpdateTool.jbxd
          Similarity
          • API ID: EnumThreadWindows
          • String ID:
          • API String ID: 2941952884-0
          • Opcode ID: ef1c0b4e9b91ae1fec855d360f4b7c4df5a4dcfb9b8f45d0730a9ff8185b74da
          • Instruction ID: 5a4ad8f95c769754164581214ad6acd65f39c706adfe372cee85327dfd09982c
          • Opcode Fuzzy Hash: ef1c0b4e9b91ae1fec855d360f4b7c4df5a4dcfb9b8f45d0730a9ff8185b74da
          • Instruction Fuzzy Hash: 182147B19002198FDB20DFAAC844BEEFBF5FB88310F10842AE515A3350D778A945CFA5
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1950 5af74d0-5af751b 1952 5af751d-5af7520 1950->1952 1953 5af7523-5af7527 1950->1953 1952->1953 1954 5af752f-5af7562 MessageBoxW 1953->1954 1955 5af7529-5af752c 1953->1955 1956 5af756b-5af757f 1954->1956 1957 5af7564-5af756a 1954->1957 1955->1954 1957->1956
          APIs
          • MessageBoxW.USER32(?,00000000,00000000,?,?,?,?,?,?,?,05AF4665,?,?,?), ref: 05AF7555
          Memory Dump Source
          • Source File: 00000007.00000002.421211662.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_7_2_5af0000_FWUpdateTool.jbxd
          Similarity
          • API ID: Message
          • String ID:
          • API String ID: 2030045667-0
          • Opcode ID: d8a46a1841cec54ea7e4a9d0e8f426680b07c38c402d014c5c8bf83f1399a5bd
          • Instruction ID: b7e9e31bec600720f3c8af391eb447b121dca8e07ea130454bec93821eeaa3e0
          • Opcode Fuzzy Hash: d8a46a1841cec54ea7e4a9d0e8f426680b07c38c402d014c5c8bf83f1399a5bd
          • Instruction Fuzzy Hash: 7F21E3B59003499FCB10CF9AD884ADEFBB5FB88314F54892EE919A7700C375A945CFA1
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1932 5af4138-5af751b 1934 5af751d-5af7520 1932->1934 1935 5af7523-5af7527 1932->1935 1934->1935 1936 5af752f-5af7562 MessageBoxW 1935->1936 1937 5af7529-5af752c 1935->1937 1938 5af756b-5af757f 1936->1938 1939 5af7564-5af756a 1936->1939 1937->1936 1939->1938
          APIs
          • MessageBoxW.USER32(?,00000000,00000000,?,?,?,?,?,?,?,05AF4665,?,?,?), ref: 05AF7555
          Memory Dump Source
          • Source File: 00000007.00000002.421211662.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_7_2_5af0000_FWUpdateTool.jbxd
          Similarity
          • API ID: Message
          • String ID:
          • API String ID: 2030045667-0
          • Opcode ID: 1af30050f7b47df0c207424f87948669d4ebe80fe169c8c54b57c66d2869b8a8
          • Instruction ID: 31dce5ee40c9a6972acd5bc31c96f75bd17fd68fca1514a2b3f75aed6cf8a1c0
          • Opcode Fuzzy Hash: 1af30050f7b47df0c207424f87948669d4ebe80fe169c8c54b57c66d2869b8a8
          • Instruction Fuzzy Hash: AC21E2B59043099FCB10DF9AD884ADEBBB5FB88314F50852EE919A7600D375A944CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1941 5af7141-5af718a 1943 5af718c 1941->1943 1944 5af7196-5af71c6 EnumThreadWindows 1941->1944 1947 5af7194 1943->1947 1945 5af71cf-5af71fc 1944->1945 1946 5af71c8-5af71ce 1944->1946 1946->1945 1947->1944
          APIs
          • EnumThreadWindows.USER32(?,00000000,?,?,?,?,00000EA4,?,?,05AF7128,03B74128,?), ref: 05AF71B9
          Memory Dump Source
          • Source File: 00000007.00000002.421211662.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_7_2_5af0000_FWUpdateTool.jbxd
          Similarity
          • API ID: EnumThreadWindows
          • String ID:
          • API String ID: 2941952884-0
          • Opcode ID: d5c4d8797d6a81db5984c32e40dbe915cba92cc55fe05f90f1615d571c5b7cd6
          • Instruction ID: b3545694c7e2e2a1c3f8f710165ccbecd33df5cf084828bb422820ee97dc3dd2
          • Opcode Fuzzy Hash: d5c4d8797d6a81db5984c32e40dbe915cba92cc55fe05f90f1615d571c5b7cd6
          • Instruction Fuzzy Hash: 382138B19002098FDB10DFAAC844BEEFBF5FB88314F14842AE555A7350D778A945CF65
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1959 29c681f-29c6877 1960 29c687f-29c68a9 GetConsoleWindow 1959->1960 1961 29c68ab-29c68b1 1960->1961 1962 29c68b2-29c68c6 1960->1962 1961->1962
          APIs
          Memory Dump Source
          • Source File: 00000007.00000002.420410230.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_7_2_29c0000_FWUpdateTool.jbxd
          Similarity
          • API ID: ConsoleWindow
          • String ID:
          • API String ID: 2863861424-0
          • Opcode ID: 477402cc4793d56ab9eb35e3922790c66b7935f4cb508582fa6d653ed39545b7
          • Instruction ID: d58f51f32c807be937818de011ebaf95f7ddeff7c596bb18d53a04e6d8f551a5
          • Opcode Fuzzy Hash: 477402cc4793d56ab9eb35e3922790c66b7935f4cb508582fa6d653ed39545b7
          • Instruction Fuzzy Hash: A01155B49047498FCB21DFA9D844BDEBFF0EF89318F24849AC459A7281C3356945CFA2
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1964 5af5220-5af62fa OleInitialize 1966 5af62fc-5af6302 1964->1966 1967 5af6303-5af6320 1964->1967 1966->1967
          APIs
          • OleInitialize.OLE32(00000000), ref: 05AF62ED
          Memory Dump Source
          • Source File: 00000007.00000002.421211662.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_7_2_5af0000_FWUpdateTool.jbxd
          Similarity
          • API ID: Initialize
          • String ID:
          • API String ID: 2538663250-0
          • Opcode ID: 8606bd834ee4e4e98f0353f826c927f92e1b1b52c5fa34e724b40c167c379e75
          • Instruction ID: 1b78ff793780ef747e3155fa3ae40cfe7c49596c94e0577d0159893abaffe6c3
          • Opcode Fuzzy Hash: 8606bd834ee4e4e98f0353f826c927f92e1b1b52c5fa34e724b40c167c379e75
          • Instruction Fuzzy Hash: DE1115B49042089FCB20DFAAD544BDEFBF4EB48324F208559E559B7300D378A944CFA1
          Uniqueness

          Uniqueness Score: -1.00%

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1970 29c3d64-29c68a9 GetConsoleWindow 1973 29c68ab-29c68b1 1970->1973 1974 29c68b2-29c68c6 1970->1974 1973->1974
          APIs
          Memory Dump Source
          • Source File: 00000007.00000002.420410230.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_7_2_29c0000_FWUpdateTool.jbxd
          Similarity
          • API ID: ConsoleWindow
          • String ID:
          • API String ID: 2863861424-0
          • Opcode ID: 9650ed8183f8c0d9d2378b517ca8ea587b398a021cb634406d7efb3d3feeddce
          • Instruction ID: 41cd8731505ebf1360f4c684a1e0a795068b92c07926cc8f5cf0fc23b5e4e637
          • Opcode Fuzzy Hash: 9650ed8183f8c0d9d2378b517ca8ea587b398a021cb634406d7efb3d3feeddce
          • Instruction Fuzzy Hash: B91115B4D046088FCB20DF9AD444BEEBBF4EB88314F208459D519A7340D375A944CFA1
          Uniqueness

          Uniqueness Score: -1.00%